2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-009 Program: Aging Cluster Federal Financial Assistance Listing Number: 93.041, 93.042, 93.043, 93.044, 93.045, 93.052, 93.053 Federal Grantor: U.S. Department of Health and Human Services Passed-Through: California Department of Aging Award No. and Year: AP-2122-22 and 2022, AP-2324-22 and 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance and Instance of Noncompliance Criteria: Per 2 CFR 200.332, a pass-through entity must monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must include the information at 2 CFR 200.332(1) through (4). Condition: During our testing of the Orange County Community Resources (OCCR) department’s provisions for subrecipient monitoring requirements, we noted that for one (1) of four (4) subrecipients tested, onsite monitoring and follow-up on documented deficiencies was not performed timely. Cause: Established policies and procedures related to subrecipient monitoring do not specify the timeframe within which monitoring must be completed. Effect: There is an increased risk that the department’s monitoring procedure may not address the subrecipient’s risk of noncompliance. Question Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A non-statistical sample of four (4) out of (10) subrecipients were selected for testing. The condition above was identified during our procedures over subrecipient monitoring. Repeat Finding: No. Recommendation: We recommend the department review its established policies and procedures to ensure subrecipient monitoring is performed timely. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-004 Program: Foster Care Title IV-E Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2401CAFOST and 2024, 2301CAFOST and 2023 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). The California Department of Social Services further clarifies in its County Fiscal Letter No. 23/24- 80 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any followup to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management) Condition: The Social Services Agency (SSA) did not maintain documentation that the subrecipient risk assessment or the monitoring activity tracker was reviewed. Cause: The SSA department did not document its review of the subrecipient risk assessment or the monitoring activity tracker. Effect: The County’s control policies were not consistently followed and documented. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of twelve (12) out of fifty-eight (58) subrecipients were sampled, which included seven (7) Foster Family Agency, four (4) Short Term Residential Therapeutic Programs, and one (1) Transitional Housing Placement-Plus Foster Care types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2023-001. Recommendation: We recommend that the County ensure the review over subrecipient monitoring activity is appropriately documented. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-004 Program: Foster Care Title IV-E Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2401CAFOST and 2024, 2301CAFOST and 2023 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). The California Department of Social Services further clarifies in its County Fiscal Letter No. 23/24- 80 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any followup to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management) Condition: The Social Services Agency (SSA) did not maintain documentation that the subrecipient risk assessment or the monitoring activity tracker was reviewed. Cause: The SSA department did not document its review of the subrecipient risk assessment or the monitoring activity tracker. Effect: The County’s control policies were not consistently followed and documented. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of twelve (12) out of fifty-eight (58) subrecipients were sampled, which included seven (7) Foster Family Agency, four (4) Short Term Residential Therapeutic Programs, and one (1) Transitional Housing Placement-Plus Foster Care types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2023-001. Recommendation: We recommend that the County ensure the review over subrecipient monitoring activity is appropriately documented. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-004 Program: Foster Care Title IV-E Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2401CAFOST and 2024, 2301CAFOST and 2023 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). The California Department of Social Services further clarifies in its County Fiscal Letter No. 23/24- 80 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any followup to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management) Condition: The Social Services Agency (SSA) did not maintain documentation that the subrecipient risk assessment or the monitoring activity tracker was reviewed. Cause: The SSA department did not document its review of the subrecipient risk assessment or the monitoring activity tracker. Effect: The County’s control policies were not consistently followed and documented. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of twelve (12) out of fifty-eight (58) subrecipients were sampled, which included seven (7) Foster Family Agency, four (4) Short Term Residential Therapeutic Programs, and one (1) Transitional Housing Placement-Plus Foster Care types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2023-001. Recommendation: We recommend that the County ensure the review over subrecipient monitoring activity is appropriately documented. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-004 Program: Foster Care Title IV-E Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2401CAFOST and 2024, 2301CAFOST and 2023 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). The California Department of Social Services further clarifies in its County Fiscal Letter No. 23/24- 80 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any followup to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management) Condition: The Social Services Agency (SSA) did not maintain documentation that the subrecipient risk assessment or the monitoring activity tracker was reviewed. Cause: The SSA department did not document its review of the subrecipient risk assessment or the monitoring activity tracker. Effect: The County’s control policies were not consistently followed and documented. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of twelve (12) out of fifty-eight (58) subrecipients were sampled, which included seven (7) Foster Family Agency, four (4) Short Term Residential Therapeutic Programs, and one (1) Transitional Housing Placement-Plus Foster Care types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2023-001. Recommendation: We recommend that the County ensure the review over subrecipient monitoring activity is appropriately documented. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-004 Program: Foster Care Title IV-E Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2401CAFOST and 2024, 2301CAFOST and 2023 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: 2 CFR 200.332(b) – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. This evaluation of risk may include consideration of such factors listed in 2 CFR 200.332(b)(1) through (4). 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). The California Department of Social Services further clarifies in its County Fiscal Letter No. 23/24- 80 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are “considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients”. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, “counties are still ultimately responsible for review of these audits and their findings, any followup to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.” 2 CFR Section 180.300a, Responsibilities of Participants Regarding Doing Business with Other Persons (and repeated in the California Department of Social Services - County Fiscal Letter No. 21/22 – 115) counties are required to verify that recipients or contracts have not been suspended or debarred by using the federal SAM (Systems for Award Management) Condition: The Social Services Agency (SSA) did not maintain documentation that the subrecipient risk assessment or the monitoring activity tracker was reviewed. Cause: The SSA department did not document its review of the subrecipient risk assessment or the monitoring activity tracker. Effect: The County’s control policies were not consistently followed and documented. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of twelve (12) out of fifty-eight (58) subrecipients were sampled, which included seven (7) Foster Family Agency, four (4) Short Term Residential Therapeutic Programs, and one (1) Transitional Housing Placement-Plus Foster Care types. The condition noted above was identified during our procedures related to subrecipient monitoring and was pervasive to the program. Repeat Findings from Prior Years: Yes, Finding 2023-001. Recommendation: We recommend that the County ensure the review over subrecipient monitoring activity is appropriately documented. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
2024-012. Inadequate SLFRF Subrecipient Monitoring (Finding Type: Significant Deficiency, Reportable Noncompliance) Federal Agency: Department of the Treasury Assistance Listing Number and Title: 21.027 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: N/A Questioned Costs: $0 Pass-through Entity: N/A Prior Year Single Audit Report Finding Number: 2023-017 The Governor’s Office of Planning and Budget (GOPB), the prime recipient for the State and Local Fiscal Recovery Funds (SLFRF), and state agencies, including the Department of Natural Resources (DNR), and the Department of Environmental Quality (DEQ) did not adequately fulfill their subrecipient monitoring responsibilities. Communication of Key Federal Grant Information, Risk Evaluation, and Compliance Monitoring DNR and DEQ did not have adequate written policies and procedures, properly communicate key federal grant information, or evaluate subrecipient-risk for noncompliance to guide the monitoring for eight of the 11 selected subrecipients (two at DEQ and six at DNR), as required by 2 CFR 200.332(a) and 2 CFR 200.332(b) and (d). Subrecipient Single Audit Report Reviews For three of the four subrecipients selected (one at DEQ and two at DNR), DNR and DEQ did not adequately review their subrecipients’ Single Audit reports and findings to assess whether the subrecipients spent the funds appropriately. The agencies also did not have adequate controls to ensure their subrecipients’ Single Audit reports were monitored according to federal requirements. Uniform Guidance (2 CFR 200.332(d)(2)) requires a review of subrecipient Single Audit reports when they become available, as well as a follow-up to address any findings related to the applicable program. The errors noted above were a result of the agencies not fully understanding the nature of the funds they received, the extent of compliance requirements, and the nature of the subaward agreement relationships. DNR and DEQ have taken steps to implement controls over these areas but did not have the new procedures in place as of year-end. Failure to establish internal controls, adequately communicate key federal program information to subrecipients, and perform risk evaluation and monitoring procedures may result in the subrecipient’s noncompliance with federal fund requirements and potential misuse of federal funds. Recommendations: We recommend that GOPB, DNR, and DEQ do the following: 1. Gain an understanding of the subrecipient requirements and establish internal controls to ensure compliance with these requirements; 2. Establish written policies and procedures to ensure compliance with subrecipient monitoring requirements; 3. Communicate all required federal award information to sub-recipients, 4. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward; and, 5. Monitor subrecipients according to their assessed risk and as required by 2 CFR 200.332. DNR’s Response: The Department of Natural Resources agrees with this finding. We were originally audited by the State Auditor's Office in the summer of 2023 regarding our compliance with overseeing ARPA funding. In March 2024 we received findings from that audit. In May 2024 we were notified of an SLFRF audit. All of the new audit samples selected in the SLFRF audit were from before we received the results of the initial ARPA audit in March 2024. We have made improvements to our SLFRF subrecipient monitoring since receiving the initial audit recommendations in March 2024. We intend to make additional improvements based on these subsequent audit recommendations and our own internal reviews. DEQ’s Response: DEQ agrees with the finding. DEQ does have procedures for sub-recipient monitoring, including risk assessments and review of Single Audit reports; however, with the ARPA funds in question, improvements can be made to ensure that sub-recipient monitoring is performed timely, documented, and complies with federal requirements. GOPB’s Response: GOPB, DEQ and DNR agree with the finding. GOPB has proactively supported state agencies with their subrecipient monitoring responsibilities. On May 15, 2023, GOPB emailed the current version of its ARPA Reference Guide to all state agencies administering ARPA SLFRF funds. This guide provides a comprehensive overview of the necessary compliance documents, including the State Agency Checklist, guidelines for SLFRF administrative and indirect costs, Single Audit compliance standards, internal controls references, risk assessment protocols, and subrecipient monitoring checklists. Following this, GOPB hosted federal funds compliance training for agency financial management staff on May 31 and June 6, 2023, which covered key aspects of SLFRF oversight, such as the ARPA Reference Guide, Unique Entity ID (UEI) requirements, FINET ARPA coding, and compliance procedures. GOPB also reviewed ARPA SLFR frequently asked question 13.15 to document the requirements of 2 C.F.R. Part 200 that apply to non-revenue replacement projects and those that do not apply to revenue replacement projects. GOPB has also developed and implemented an APRA SLFRF Monitoring Plan to review agency compliance with policies, procedures, and subrecipient monitoring requirements.
Finding 2024-001 – U.S. Department of the Treasury – COVID-19 Justice Advisory Council Gun Violence Prevention and Reduction Program, 21.027 MATERIAL WEAKNESS – SUBRECIPIENT MONITORING Compliance Requirement: Subrecipient Monitoring Criteria: As defined in 2 CFR section 200.332, a pass-through entity (“PTE”) must document the risk assessment of each subrecipient and document monitoring activities performed. Condition: Documentation to evidence compliance with federal regulations related to performing risk assessment of subrecipient and performing certain monitoring activities could not be substantiated. Cause: Lack of formal written documentation to evidence subrecipient risk assessment and monitoring activities were performed. Effect: CCSJJC has not implemented appropriate internal controls to ensure the appropriate subrecipient monitoring activities for each subrecipient are performed. Questioned Costs: None Context: CCSJJC is obtaining and reviewing subrecipient expenditures to determine that expenditures are allowable under compliance requirements. However, we were unable to substantiate that formal written procedures related to evaluating the fraud risk and risk of noncompliance, and procedures related to monitoring of subrecipients, including review of financial statements and review of audit findings, were performed. Recommendation: We recommend that CCSJJC implement an internal control to ensure risk assessment and monitoring procedures are performed and formal written documentation is maintained that evidences its compliance with required subrecipient monitoring activities in accordance with 2 CFR 200. Management’s Response: Due to this being the first Single Audit CCSJJC had encountered and the fact that we were not required to provide certain documentation regarding federal guidelines as a whole, CCSJJC will accept the find. CCSJJC will consider the finding and its content and submit a Corrective Action Plan to cure this finding. We will also take this finding as future guidance in the negotiation process with subrecipients, both from a federal and state perspective to ensure full compliance is achieved.
Finding 2024-001 – U.S. Department of the Treasury – COVID-19 Justice Advisory Council Gun Violence Prevention and Reduction Program, 21.027 MATERIAL WEAKNESS – SUBRECIPIENT MONITORING Compliance Requirement: Subrecipient Monitoring Criteria: As defined in 2 CFR section 200.332, a pass-through entity (“PTE”) must document the risk assessment of each subrecipient and document monitoring activities performed. Condition: Documentation to evidence compliance with federal regulations related to performing risk assessment of subrecipient and performing certain monitoring activities could not be substantiated. Cause: Lack of formal written documentation to evidence subrecipient risk assessment and monitoring activities were performed. Effect: CCSJJC has not implemented appropriate internal controls to ensure the appropriate subrecipient monitoring activities for each subrecipient are performed. Questioned Costs: None Context: CCSJJC is obtaining and reviewing subrecipient expenditures to determine that expenditures are allowable under compliance requirements. However, we were unable to substantiate that formal written procedures related to evaluating the fraud risk and risk of noncompliance, and procedures related to monitoring of subrecipients, including review of financial statements and review of audit findings, were performed. Recommendation: We recommend that CCSJJC implement an internal control to ensure risk assessment and monitoring procedures are performed and formal written documentation is maintained that evidences its compliance with required subrecipient monitoring activities in accordance with 2 CFR 200. Management’s Response: Due to this being the first Single Audit CCSJJC had encountered and the fact that we were not required to provide certain documentation regarding federal guidelines as a whole, CCSJJC will accept the find. CCSJJC will consider the finding and its content and submit a Corrective Action Plan to cure this finding. We will also take this finding as future guidance in the negotiation process with subrecipients, both from a federal and state perspective to ensure full compliance is achieved.
Finding 2024-001 – U.S. Department of the Treasury – COVID-19 Justice Advisory Council Gun Violence Prevention and Reduction Program, 21.027 MATERIAL WEAKNESS – SUBRECIPIENT MONITORING Compliance Requirement: Subrecipient Monitoring Criteria: As defined in 2 CFR section 200.332, a pass-through entity (“PTE”) must document the risk assessment of each subrecipient and document monitoring activities performed. Condition: Documentation to evidence compliance with federal regulations related to performing risk assessment of subrecipient and performing certain monitoring activities could not be substantiated. Cause: Lack of formal written documentation to evidence subrecipient risk assessment and monitoring activities were performed. Effect: CCSJJC has not implemented appropriate internal controls to ensure the appropriate subrecipient monitoring activities for each subrecipient are performed. Questioned Costs: None Context: CCSJJC is obtaining and reviewing subrecipient expenditures to determine that expenditures are allowable under compliance requirements. However, we were unable to substantiate that formal written procedures related to evaluating the fraud risk and risk of noncompliance, and procedures related to monitoring of subrecipients, including review of financial statements and review of audit findings, were performed. Recommendation: We recommend that CCSJJC implement an internal control to ensure risk assessment and monitoring procedures are performed and formal written documentation is maintained that evidences its compliance with required subrecipient monitoring activities in accordance with 2 CFR 200. Management’s Response: Due to this being the first Single Audit CCSJJC had encountered and the fact that we were not required to provide certain documentation regarding federal guidelines as a whole, CCSJJC will accept the find. CCSJJC will consider the finding and its content and submit a Corrective Action Plan to cure this finding. We will also take this finding as future guidance in the negotiation process with subrecipients, both from a federal and state perspective to ensure full compliance is achieved.
NONCOMPLIANCE WITH SUBRECIPIENT MONITORING REQUIREMENTS, CORONAVIRUS STATE AND LOCAL FISCAL RECOVERY FUNDS, AL No. 21.027, GRANT No. AM-23-0211 Criteria: Per the 2024 OMB compliance supplement, subrecipient monitoring is required by pass-through entities for all SLFRF funded projects. Among other activities, Treasury considers the following activities to be part of subrecipient monitoring: • Ensuring that the subrecipient has access to information about public programs relevant to the subrecipient’s duties necessary to ensure that subaward performance goals are achieved. • Ensuring that the subrecipient has access to information about projects operated by other subrecipients, necessary to ensure that subaward performance goals are achieved. • Ensuring deliverables and payment are within the approved scope of the subaward. • Responding to inquiries about the interpretation of subrecipient responsibilities under the subaward • Processing and correcting invoices. • Taking remedial action necessary to prevent the subrecipient from failing to perform its responsibilities under the subaward. Condition: The county did perform subrecipient monitoring activities over the program as required by Treasury guidelines. Cause: The county does not have policies and procedures in place that allow it to comply with subrecipient monitoring requirements outlined in the Uniform Guidance and Treasury guidelines. Effect: Non-compliance with program terms and conditions. Questioned Costs: None Recommendation: The requirements for subrecipient monitoring for the subaward are contained in 31 USC 7502(f)(2) (Single Audit Act Amendments of 1996 (Pub. L. No. 104-156)), 2 CFR sections 200.332, and 200.501(h); federal awarding agency regulations; and the terms and conditions of the award. Management should develop procedures that will ensure compliance with the requirements. Views of responsible officials and planned corrective action: The government agrees with this finding and will adhere to the attached corrective action plan.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. Pass through entities must “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved”. Condition The Agency did not have any formal controls or procedures in place for subrecipient monitoring for the STOP School Violence program or the Healthy Marriage Promotion and Responsible Fatherhood Grants until the end of the fiscal year under audit. As such, controls were not in place for the majority of the fiscal year. Cause Lack of implementation of proper policies and procedures to verify compliance with the subrecipient monitoring requirements identified in 2 CFR 200.332. Repeat Finding Yes. Refer to prior year findings 2023-003 and 2023-004. Effect The Agency did not maintain policies and procedures in accordance with the subrecipient monitoring requirements identified in 2 CFR 200.332 over the full fiscal year under audit. Noncompliance may impact future funding from federal and state resources. Recommendation We recommend the Agency implement policies and procedures to ensure compliance with subrecipient monitoring requirements, as outlined in 2 CFR 200.332. Management Response and Corrective Action Plan See attached corrective action plan.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. Pass through entities must “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved”. Condition The Agency did not have any formal controls or procedures in place for subrecipient monitoring for the STOP School Violence program or the Healthy Marriage Promotion and Responsible Fatherhood Grants until the end of the fiscal year under audit. As such, controls were not in place for the majority of the fiscal year. Cause Lack of implementation of proper policies and procedures to verify compliance with the subrecipient monitoring requirements identified in 2 CFR 200.332. Repeat Finding Yes. Refer to prior year findings 2023-003 and 2023-004. Effect The Agency did not maintain policies and procedures in accordance with the subrecipient monitoring requirements identified in 2 CFR 200.332 over the full fiscal year under audit. Noncompliance may impact future funding from federal and state resources. Recommendation We recommend the Agency implement policies and procedures to ensure compliance with subrecipient monitoring requirements, as outlined in 2 CFR 200.332. Management Response and Corrective Action Plan See attached corrective action plan.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. Pass through entities must “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved”. Condition The Agency did not have any formal controls or procedures in place for subrecipient monitoring for the STOP School Violence program or the Healthy Marriage Promotion and Responsible Fatherhood Grants until the end of the fiscal year under audit. As such, controls were not in place for the majority of the fiscal year. Cause Lack of implementation of proper policies and procedures to verify compliance with the subrecipient monitoring requirements identified in 2 CFR 200.332. Repeat Finding Yes. Refer to prior year findings 2023-003 and 2023-004. Effect The Agency did not maintain policies and procedures in accordance with the subrecipient monitoring requirements identified in 2 CFR 200.332 over the full fiscal year under audit. Noncompliance may impact future funding from federal and state resources. Recommendation We recommend the Agency implement policies and procedures to ensure compliance with subrecipient monitoring requirements, as outlined in 2 CFR 200.332. Management Response and Corrective Action Plan See attached corrective action plan.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. Pass through entities must “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved”. Condition The Agency did not have any formal controls or procedures in place for subrecipient monitoring for the STOP School Violence program or the Healthy Marriage Promotion and Responsible Fatherhood Grants until the end of the fiscal year under audit. As such, controls were not in place for the majority of the fiscal year. Cause Lack of implementation of proper policies and procedures to verify compliance with the subrecipient monitoring requirements identified in 2 CFR 200.332. Repeat Finding Yes. Refer to prior year findings 2023-003 and 2023-004. Effect The Agency did not maintain policies and procedures in accordance with the subrecipient monitoring requirements identified in 2 CFR 200.332 over the full fiscal year under audit. Noncompliance may impact future funding from federal and state resources. Recommendation We recommend the Agency implement policies and procedures to ensure compliance with subrecipient monitoring requirements, as outlined in 2 CFR 200.332. Management Response and Corrective Action Plan See attached corrective action plan.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. When passing funds to subrecipients, the Agency must clearly identify to the subrecipient as a subaward, and include certain key information at the time of the subaward. These items include, but are not limited to, subrecipient name, subrecipient’s unique entity identifier, Federal Award Identification Number, Federal Award Date, Subaward Period of Performance Start and End Date, name of Federal awarding agency, and Assistance Listings number and title. Condition While performing our audit of the Agency’s subrecipient monitoring, we noted the Agency did not include all required elements in documentation to the subrecipient at the time of the subaward. Cause The Agency has not implemented sufficient internal control policies to adhere to the requirements of Uniform Guidance. Repeat Finding Yes. Refer to prior year finding 2023-001. Effect Noncompliance may impact future funding from federal and state awarding agencies. Recommendation We recommend the Agency update their agreements with each subrecipient to properly reflect each of the required elements included in Part 2 CFR Part 200, Subpart D, section 200.332.
Criteria Part 2 CFR Part 200, Subpart D, section 200.332 illustrates requirements related to the Agency passing funds through to subrecipients. Pass through entities must “Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved”. Condition The Agency did not have any formal controls or procedures in place for subrecipient monitoring for the STOP School Violence program or the Healthy Marriage Promotion and Responsible Fatherhood Grants until the end of the fiscal year under audit. As such, controls were not in place for the majority of the fiscal year. Cause Lack of implementation of proper policies and procedures to verify compliance with the subrecipient monitoring requirements identified in 2 CFR 200.332. Repeat Finding Yes. Refer to prior year findings 2023-003 and 2023-004. Effect The Agency did not maintain policies and procedures in accordance with the subrecipient monitoring requirements identified in 2 CFR 200.332 over the full fiscal year under audit. Noncompliance may impact future funding from federal and state resources. Recommendation We recommend the Agency implement policies and procedures to ensure compliance with subrecipient monitoring requirements, as outlined in 2 CFR 200.332. Management Response and Corrective Action Plan See attached corrective action plan.
2024-037 Oregon Business Development Department Assign responsibility to ensure review of subrecipient audit reports Federal Awarding Agency: U.S. Department of the Treasury Assistance Listing Number and Name: 21.027 Coronavirus State and Local Fiscal Recovery Fund (COVID-19) Federal Award Numbers and Years: SLFRP4454, 2020 (COVID-19) Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e)(2), (e)(3), (g), (h), (i); 2 CFR 200.521(a), (c), (d) Federal regulations require recipients of federal awards ensure their subrecipients expending $750,000 or more during fiscal years prior to October 1, 2024, are audited according to requirements in 2 CFR 200 Subpart F, and then to perform certain actions dependent upon audit results. To satisfy this requirement, the Department of Administrative Services assigns Oregon state departments to be audit agencies. An audit agency is to: • Ensure the subrecipient received an audit or consider sanctions per 2 CFR 200.339. • Ensure the subrecipient takes corrective action on all findings negatively affecting subawards. • Issue a management decision within six months of the Federal Audit Clearinghouse’s acceptance of the subrecipient’s audit report if there were findings pertaining to the agency’s subawards. • Contact other state agencies that have also passed through funds to the subrecipients (contributing agencies), alerting them to findings related to their programs. In fiscal year 2024, DAS assigned OBDD to review 24 of the state’s 369 subrecipients’ audits, receiving a total of $42.3 million in pass-through funding from 11 state agencies. OBDD did not review any of these entities due to staff turnover. We reviewed two of these subrecipients and found neither had audit findings. This does not preclude the remaining 22 subrecipients from having audit findings requiring communication We recommend department management complete its review of subrecipient audits as soon as possible to ensure its monitoring procedures are sufficient, and to inform contributing agencies of any deficiencies that may affect their programs.
2024-030 Oregon Department of Education Perform regular fiscal monitoring as part of subrecipient monitoring Federal Awarding Agency: U.S. Department of Education Assistance Listing Number and Name: 84.027 Special Education Grants to States (Special Education Cluster) Federal Award Numbers and Years: H027A230095, 2024; H027A230095-23A, 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency, Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e) As part of our audit of the Special Education Grants to States program (program) at the Oregon Department of Education (department), we reviewed the department’s procedures for monitoring subrecipients to ensure program compliance. The department has several layers to the subrecipient monitoring requirements and has procedures to perform programmatic reviews, fiscal reviews, and other reviews based upon a risk assessment. For the fiscal monitoring, the department has a procedure in place to ensure that every subrecipient is reviewed at least once every three years, with approximately one-third of the subrecipients reviewed each year. In our testing, we reviewed a sample of seven of the 67 subrecipients that were scheduled for review in fiscal year 2024. In our initial sample, we found that one of the seven was not monitored during the year. We expanded our testing by selecting another ten subrecipients and the department could not provide support that the review was completed for nine of the ten. Per discussion with department staff, the specific subrecipient in our original sample had not had a fiscal review since January 2021. The fiscal monitoring was not performed as the subrecipient had not drawn funds from a specific grant period prior to the review process, although they had drawn from previous grant awards during the year. Failure to adequately monitor subrecipient compliance and supporting documentation increases the risk of inappropriate spending and noncompliance with federal requirements. We recommend department management ensure subrecipient fiscal monitoring is performed on the schedule set by department policy. We also recommend the department develop a procedure to track the completion of fiscal monitoring.
2024-040 Oregon Department of Emergency Management Assign responsibility to ensure review of subrecipient audit reports Federal Awarding Agency: U.S. Department of Homeland Security Assistance Listing Number and Name: 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) Federal Award Numbers and Years: Multiple Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e)(2), (e)(3), (g), (h), (i); 2 CFR 200.521(a), (c), (d) Federal regulations require recipients of federal awards ensure its subrecipients expending $750,000 or more during fiscal years prior to October 1, 2024, are audited according to requirements in 2 CFR 200 Subpart F, and then to perform certain actions dependent upon audit results. To satisfy this requirement, the Department of Administrative Services assigns Oregon state departments to be audit agencies. An audit agency is to: • Ensure the subrecipient received an audit or consider sanctions per 2 CFR 200.339. • Ensure the subrecipient takes corrective action on all findings negatively affecting subawards. • Issue a management decision within six months of the Federal Audit Clearinghouse’s acceptance of the subrecipient’s audit report if there were findings pertaining to the agency’s subawards. • Contact other state agencies that have also passed through funds to the subrecipients (contributing agencies), alerting them to findings related to their programs. In fiscal year 2024, DAS assigned the Oregon Department of Emergency Management (department) to review 27 of the state’s 369 subrecipients’ audits, receiving a total of $176.2 million in pass-through funding from 20 state agencies. The department did not review any of these entities because they determined their other commitments were higher priorities. We reviewed two of these subrecipients and found one expended a total of $36 million and had one audit finding that may affect various federal programs. This subrecipient received pass-through funding from five other contributing agencies who were not informed of the finding. This does not preclude the remaining 25 subrecipients from having audit findings requiring communication to the contributing agencies. We recommend department management complete its review of subrecipient audits as soon as possible to ensure its monitoring procedures are sufficient, and to inform contributing agencies of any deficiencies that may affect their programs.
2024-037 Oregon Business Development Department Assign responsibility to ensure review of subrecipient audit reports Federal Awarding Agency: U.S. Department of the Treasury Assistance Listing Number and Name: 21.027 Coronavirus State and Local Fiscal Recovery Fund (COVID-19) Federal Award Numbers and Years: SLFRP4454, 2020 (COVID-19) Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e)(2), (e)(3), (g), (h), (i); 2 CFR 200.521(a), (c), (d) Federal regulations require recipients of federal awards ensure their subrecipients expending $750,000 or more during fiscal years prior to October 1, 2024, are audited according to requirements in 2 CFR 200 Subpart F, and then to perform certain actions dependent upon audit results. To satisfy this requirement, the Department of Administrative Services assigns Oregon state departments to be audit agencies. An audit agency is to: • Ensure the subrecipient received an audit or consider sanctions per 2 CFR 200.339. • Ensure the subrecipient takes corrective action on all findings negatively affecting subawards. • Issue a management decision within six months of the Federal Audit Clearinghouse’s acceptance of the subrecipient’s audit report if there were findings pertaining to the agency’s subawards. • Contact other state agencies that have also passed through funds to the subrecipients (contributing agencies), alerting them to findings related to their programs. In fiscal year 2024, DAS assigned OBDD to review 24 of the state’s 369 subrecipients’ audits, receiving a total of $42.3 million in pass-through funding from 11 state agencies. OBDD did not review any of these entities due to staff turnover. We reviewed two of these subrecipients and found neither had audit findings. This does not preclude the remaining 22 subrecipients from having audit findings requiring communication We recommend department management complete its review of subrecipient audits as soon as possible to ensure its monitoring procedures are sufficient, and to inform contributing agencies of any deficiencies that may affect their programs.
2024-030 Oregon Department of Education Perform regular fiscal monitoring as part of subrecipient monitoring Federal Awarding Agency: U.S. Department of Education Assistance Listing Number and Name: 84.027 Special Education Grants to States (Special Education Cluster) Federal Award Numbers and Years: H027A230095, 2024; H027A230095-23A, 2024 Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency, Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e) As part of our audit of the Special Education Grants to States program (program) at the Oregon Department of Education (department), we reviewed the department’s procedures for monitoring subrecipients to ensure program compliance. The department has several layers to the subrecipient monitoring requirements and has procedures to perform programmatic reviews, fiscal reviews, and other reviews based upon a risk assessment. For the fiscal monitoring, the department has a procedure in place to ensure that every subrecipient is reviewed at least once every three years, with approximately one-third of the subrecipients reviewed each year. In our testing, we reviewed a sample of seven of the 67 subrecipients that were scheduled for review in fiscal year 2024. In our initial sample, we found that one of the seven was not monitored during the year. We expanded our testing by selecting another ten subrecipients and the department could not provide support that the review was completed for nine of the ten. Per discussion with department staff, the specific subrecipient in our original sample had not had a fiscal review since January 2021. The fiscal monitoring was not performed as the subrecipient had not drawn funds from a specific grant period prior to the review process, although they had drawn from previous grant awards during the year. Failure to adequately monitor subrecipient compliance and supporting documentation increases the risk of inappropriate spending and noncompliance with federal requirements. We recommend department management ensure subrecipient fiscal monitoring is performed on the schedule set by department policy. We also recommend the department develop a procedure to track the completion of fiscal monitoring.
2024-040 Oregon Department of Emergency Management Assign responsibility to ensure review of subrecipient audit reports Federal Awarding Agency: U.S. Department of Homeland Security Assistance Listing Number and Name: 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) Federal Award Numbers and Years: Multiple Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e)(2), (e)(3), (g), (h), (i); 2 CFR 200.521(a), (c), (d) Federal regulations require recipients of federal awards ensure its subrecipients expending $750,000 or more during fiscal years prior to October 1, 2024, are audited according to requirements in 2 CFR 200 Subpart F, and then to perform certain actions dependent upon audit results. To satisfy this requirement, the Department of Administrative Services assigns Oregon state departments to be audit agencies. An audit agency is to: • Ensure the subrecipient received an audit or consider sanctions per 2 CFR 200.339. • Ensure the subrecipient takes corrective action on all findings negatively affecting subawards. • Issue a management decision within six months of the Federal Audit Clearinghouse’s acceptance of the subrecipient’s audit report if there were findings pertaining to the agency’s subawards. • Contact other state agencies that have also passed through funds to the subrecipients (contributing agencies), alerting them to findings related to their programs. In fiscal year 2024, DAS assigned the Oregon Department of Emergency Management (department) to review 27 of the state’s 369 subrecipients’ audits, receiving a total of $176.2 million in pass-through funding from 20 state agencies. The department did not review any of these entities because they determined their other commitments were higher priorities. We reviewed two of these subrecipients and found one expended a total of $36 million and had one audit finding that may affect various federal programs. This subrecipient received pass-through funding from five other contributing agencies who were not informed of the finding. This does not preclude the remaining 25 subrecipients from having audit findings requiring communication to the contributing agencies. We recommend department management complete its review of subrecipient audits as soon as possible to ensure its monitoring procedures are sufficient, and to inform contributing agencies of any deficiencies that may affect their programs.
CORONAVIRUS STATE AND LOCAL FISCAL RECOVERY FUNDS – 21.027 Federal Awarding Agency: U.S. Department of Treasury (TREAS) Federal Award Fiscal Years: 2021 to 2025 Federal Award Number: SLFRP0136 Administered by: Rhode Island Department of Administration (DOA), Pandemic Recovery Office (PRO) Compliance Requirement: Subrecipient Monitoring; Allowable Costs/Cost Principles SUBRECIPIENT PAYMENTS AND MONITORING Subrecipient monitoring procedures were insufficient to identify and remedy a finding reported by the subrecipient auditor that affected the State Fiscal Recovery Fund. Monitoring procedures were not in place to ensure adequate documentation was obtained regarding the use of payment advances. Background: The Pandemic Recovery Office, as the administering agency of the State Fiscal Recovery Fund, executes memoranda of understanding with the various departments and agencies to conduct projects under the allowable uses of the program. The departments and agencies then often execute subawards within the scope of the specific project. Criteria: 2 CFR §200.332(d) “Requirements for pass-through entities” requires that all pass-through entities must “monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved.” That monitoring must include (1) reviewing financial and performance reports, (2) following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means, (3) issuing a management decision for audit findings pertaining to the Federal award. Uniform Guidance cost principles dictate that, in order to be allowable under Federal awards, costs must be adequately documented (2 CFR §200.403(g)). Condition: As part of our testing, we performed an independent review of Single Audit Reports submitted to the Federal Audit Clearinghouse (FAC) for each sampled subrecipient. We noted a reported finding linked to the State Fiscal Recovery Fund for the subrecipient audit year ended September 30, 2024; the report was filed with the Clearinghouse on June 24, 2024. The report was not reviewed by the pass-through department, and subsequently, no management decision was issued. In regard to the review of subrecipient reports in the Clearinghouse overall, of the 26 sampled subrecipient entities, 18 had filed Single Audit Reports with the FAC. Of those 18 reports, only 3 were reviewed, documented, and management decisions issued as necessary (15 not reviewed; 83% error rate). Additionally, many of these subrecipients receive funding on a periodic basis. Of 31 subrecipient payments reviewed, 3 were payment advances to subrecipients for which no additional documentation or reconciliation was available to support subrecipient expenditures related to those prepayments. We noted several other subrecipient reimbursement payments that were lacking adequate support for the expenditures being reimbursed. Other documentation maintained by the agency to support monitoring procedures was unable to be provided. Cause: Subrecipient monitoring procedures are not in place to ensure audit reports are reviewed and management decisions are issued, as required by Uniform Guidance. Other monitoring procedures were inadequate to ensure that subrecipients appropriately utilized the funds provided to support program objectives. Effect: Noncompliance with program guidelines and/or federal regulations at the subrecipient level could go undetected and unresolved. Questioned Costs: Undetermined Valid Statistical Sample: Not Applicable RECOMMENDATIONS 2024-044a Enhance internal control procedures to ensure timely review of audit reports and issuance of management decisions in accordance with Uniform Guidance. 2024-044b Strengthen subrecipient compliance by requiring submission of Single Audit Reports to the pass-through department/agency as part of the subaward terms and conditions, prompting the review upon receipt of the reports. 2024-044c Enhance controls to ensure adequate documentation of monitoring procedures performed and support for subrecipient expenditures is obtained. Document any meetings and/or conversations with the subrecipients and discussion had therein.
SPECIAL EDUCATION CLUSTER (IDEA) – 84.027, 84.173 Federal Awarding Agency: U.S. Department of Agriculture (USDA) Federal Award Fiscal Year: 2024 Federal Award Numbers: HO27A220054-22A, H173A220057 Administered by: Rhode Island Department of Elementary and Secondary Education (RIDE) Compliance Requirement: Subrecipient Monitoring SUBRECIPIENT MONITORING The Department of Education (RIDE) has not implemented adequate subrecipient monitoring activities to ensure compliance with federal regulations. Background: The State relies on grantee agencies to perform subrecipient monitoring, when required, and ensure compliance with federal regulations. There is no statewide monitoring of subrecipient activities to ensure compliance with federal regulations. RIDE performs its subrecipient monitoring through the review of audit reports, desk reviews and performing site visits deemed high risk. High-risk subrecipients are determined through the review of audit reports, completion of a desk review checklist, and the completion of an annual survey completed by the subrecipients then scored by RIDE. Criteria: Federal regulations 2 CFR §200.329, require Pass Through Entities (PTE), such as the State, to monitor grant subrecipients to ensure that federal funds are spent appropriately. Federal Regulation 2 CFR §200.332 Subpart B requires that the PTE provide subrecipients with clear grant information, including grant terms, required financial reporting, and audit requirements. Per 2 CFR § 200.328, PTEs must collect financial data from subrecipients no less than annually. Condition: We identified some deficiencies in internal controls relating to subrecipient monitoring during our audit. Deficiencies included a lack of required monitoring documentation (e.g., annual surveys, Single Audit Reports) submitted by subrecipients and failure by RIDE to appropriately consider these deficiencies within their consideration of subrecipient risk. Of the 65 subrecipients receiving $55.3 million, we selected 25 subrecipients for testing and found 4 subrecipients with control deficiencies that prevented RIDE from complying with the subrecipient monitoring requirement as follows: • RIDE was unable to provide documentation supporting grant award information communicated to one subrecipient. Additionally, the required risk assessment for the Special Education Cluster was not performed for this subrecipient. • RIDE was unable to provide the completed Desk Review checklist for 3 subrecipients. These 3 subrecipients also did not complete RIDE’s required annual survey. We found that the lack of annual survey completion did not result in RIDE assessing higher risk for one subrecipient and thus no site visit was performed. The other 2 subrecipients were assessed at high risk, however, no site visit was performed for these subrecipients. • A subrecipient did not submit its fiscal year 2022 and 2023 Single Audit Reports and RIDE did not modify its risk assessment accordingly. RIDE was also unable to provide documentation supporting its follow-up (i.e., meeting discussing the submission of the Single Audit Report) with the subrecipients. Additionally, RIDE’s risk assessment was not adequate to identify this subrecipient as high risk. Internal controls over subrecipient monitoring would be improved by 1) updating subrecipients’ risk assessments when they fail to comply with documentation requirements, and 2) implementing monitoring procedures to identify instances where RIDE’s monitoring is not consistent with the risk assessed. Implementing site visits when subrecipients do not comply with documentation requirements would ensure that monitoring procedures align with the risk associated with the subrecipient. Cause: Lack of adequate dedicated agency resources and insufficient controls to ensure compliance with federal requirements. Effect: Noncompliance with federal compliance requirements by subrecipients could occur without being identified by the State in a timely manner. Questioned Costs: None Valid Statistical Sampling: Not Applicable RECOMMENDATION 2024-047 Improve internal controls over subrecipient monitoring by 1) updating subrecipients’ risk assessments when they fail to comply with documentation requirements, and 2) implementing monitoring procedures to identify instances where RIDE’s monitoring is not consistent with the risk assessed.
SPECIAL EDUCATION CLUSTER (IDEA) – 84.027, 84.173 Federal Awarding Agency: U.S. Department of Agriculture (USDA) Federal Award Fiscal Year: 2024 Federal Award Numbers: HO27A220054-22A, H173A220057 Administered by: Rhode Island Department of Elementary and Secondary Education (RIDE) Compliance Requirement: Subrecipient Monitoring SUBRECIPIENT MONITORING The Department of Education (RIDE) has not implemented adequate subrecipient monitoring activities to ensure compliance with federal regulations. Background: The State relies on grantee agencies to perform subrecipient monitoring, when required, and ensure compliance with federal regulations. There is no statewide monitoring of subrecipient activities to ensure compliance with federal regulations. RIDE performs its subrecipient monitoring through the review of audit reports, desk reviews and performing site visits deemed high risk. High-risk subrecipients are determined through the review of audit reports, completion of a desk review checklist, and the completion of an annual survey completed by the subrecipients then scored by RIDE. Criteria: Federal regulations 2 CFR §200.329, require Pass Through Entities (PTE), such as the State, to monitor grant subrecipients to ensure that federal funds are spent appropriately. Federal Regulation 2 CFR §200.332 Subpart B requires that the PTE provide subrecipients with clear grant information, including grant terms, required financial reporting, and audit requirements. Per 2 CFR § 200.328, PTEs must collect financial data from subrecipients no less than annually. Condition: We identified some deficiencies in internal controls relating to subrecipient monitoring during our audit. Deficiencies included a lack of required monitoring documentation (e.g., annual surveys, Single Audit Reports) submitted by subrecipients and failure by RIDE to appropriately consider these deficiencies within their consideration of subrecipient risk. Of the 65 subrecipients receiving $55.3 million, we selected 25 subrecipients for testing and found 4 subrecipients with control deficiencies that prevented RIDE from complying with the subrecipient monitoring requirement as follows: • RIDE was unable to provide documentation supporting grant award information communicated to one subrecipient. Additionally, the required risk assessment for the Special Education Cluster was not performed for this subrecipient. • RIDE was unable to provide the completed Desk Review checklist for 3 subrecipients. These 3 subrecipients also did not complete RIDE’s required annual survey. We found that the lack of annual survey completion did not result in RIDE assessing higher risk for one subrecipient and thus no site visit was performed. The other 2 subrecipients were assessed at high risk, however, no site visit was performed for these subrecipients. • A subrecipient did not submit its fiscal year 2022 and 2023 Single Audit Reports and RIDE did not modify its risk assessment accordingly. RIDE was also unable to provide documentation supporting its follow-up (i.e., meeting discussing the submission of the Single Audit Report) with the subrecipients. Additionally, RIDE’s risk assessment was not adequate to identify this subrecipient as high risk. Internal controls over subrecipient monitoring would be improved by 1) updating subrecipients’ risk assessments when they fail to comply with documentation requirements, and 2) implementing monitoring procedures to identify instances where RIDE’s monitoring is not consistent with the risk assessed. Implementing site visits when subrecipients do not comply with documentation requirements would ensure that monitoring procedures align with the risk associated with the subrecipient. Cause: Lack of adequate dedicated agency resources and insufficient controls to ensure compliance with federal requirements. Effect: Noncompliance with federal compliance requirements by subrecipients could occur without being identified by the State in a timely manner. Questioned Costs: None Valid Statistical Sampling: Not Applicable RECOMMENDATION 2024-047 Improve internal controls over subrecipient monitoring by 1) updating subrecipients’ risk assessments when they fail to comply with documentation requirements, and 2) implementing monitoring procedures to identify instances where RIDE’s monitoring is not consistent with the risk assessed.
SPECIAL EDUCATION CLUSTER (IDEA) – 84.027, 84.173 Federal Awarding Agency: U.S. Department of Agriculture (USDA) Federal Award Fiscal Year: 2024 Federal Award Numbers: HO27A220054-22A, H173A220057 Administered by: Rhode Island Department of Elementary and Secondary Education (RIDE) Compliance Requirement: Subrecipient Monitoring SUBRECIPIENT MONITORING The Department of Education (RIDE) has not implemented adequate subrecipient monitoring activities to ensure compliance with federal regulations. Background: The State relies on grantee agencies to perform subrecipient monitoring, when required, and ensure compliance with federal regulations. There is no statewide monitoring of subrecipient activities to ensure compliance with federal regulations. RIDE performs its subrecipient monitoring through the review of audit reports, desk reviews and performing site visits deemed high risk. High-risk subrecipients are determined through the review of audit reports, completion of a desk review checklist, and the completion of an annual survey completed by the subrecipients then scored by RIDE. Criteria: Federal regulations 2 CFR §200.329, require Pass Through Entities (PTE), such as the State, to monitor grant subrecipients to ensure that federal funds are spent appropriately. Federal Regulation 2 CFR §200.332 Subpart B requires that the PTE provide subrecipients with clear grant information, including grant terms, required financial reporting, and audit requirements. Per 2 CFR § 200.328, PTEs must collect financial data from subrecipients no less than annually. Condition: We identified some deficiencies in internal controls relating to subrecipient monitoring during our audit. Deficiencies included a lack of required monitoring documentation (e.g., annual surveys, Single Audit Reports) submitted by subrecipients and failure by RIDE to appropriately consider these deficiencies within their consideration of subrecipient risk. Of the 65 subrecipients receiving $55.3 million, we selected 25 subrecipients for testing and found 4 subrecipients with control deficiencies that prevented RIDE from complying with the subrecipient monitoring requirement as follows: • RIDE was unable to provide documentation supporting grant award information communicated to one subrecipient. Additionally, the required risk assessment for the Special Education Cluster was not performed for this subrecipient. • RIDE was unable to provide the completed Desk Review checklist for 3 subrecipients. These 3 subrecipients also did not complete RIDE’s required annual survey. We found that the lack of annual survey completion did not result in RIDE assessing higher risk for one subrecipient and thus no site visit was performed. The other 2 subrecipients were assessed at high risk, however, no site visit was performed for these subrecipients. • A subrecipient did not submit its fiscal year 2022 and 2023 Single Audit Reports and RIDE did not modify its risk assessment accordingly. RIDE was also unable to provide documentation supporting its follow-up (i.e., meeting discussing the submission of the Single Audit Report) with the subrecipients. Additionally, RIDE’s risk assessment was not adequate to identify this subrecipient as high risk. Internal controls over subrecipient monitoring would be improved by 1) updating subrecipients’ risk assessments when they fail to comply with documentation requirements, and 2) implementing monitoring procedures to identify instances where RIDE’s monitoring is not consistent with the risk assessed. Implementing site visits when subrecipients do not comply with documentation requirements would ensure that monitoring procedures align with the risk associated with the subrecipient. Cause: Lack of adequate dedicated agency resources and insufficient controls to ensure compliance with federal requirements. Effect: Noncompliance with federal compliance requirements by subrecipients could occur without being identified by the State in a timely manner. Questioned Costs: None Valid Statistical Sampling: Not Applicable RECOMMENDATION 2024-047 Improve internal controls over subrecipient monitoring by 1) updating subrecipients’ risk assessments when they fail to comply with documentation requirements, and 2) implementing monitoring procedures to identify instances where RIDE’s monitoring is not consistent with the risk assessed.
SPECIAL EDUCATION CLUSTER (IDEA) – 84.027, 84.173 Federal Awarding Agency: U.S. Department of Agriculture (USDA) Federal Award Fiscal Year: 2024 Federal Award Numbers: HO27A220054-22A, H173A220057 Administered by: Rhode Island Department of Elementary and Secondary Education (RIDE) Compliance Requirement: Subrecipient Monitoring SUBRECIPIENT MONITORING The Department of Education (RIDE) has not implemented adequate subrecipient monitoring activities to ensure compliance with federal regulations. Background: The State relies on grantee agencies to perform subrecipient monitoring, when required, and ensure compliance with federal regulations. There is no statewide monitoring of subrecipient activities to ensure compliance with federal regulations. RIDE performs its subrecipient monitoring through the review of audit reports, desk reviews and performing site visits deemed high risk. High-risk subrecipients are determined through the review of audit reports, completion of a desk review checklist, and the completion of an annual survey completed by the subrecipients then scored by RIDE. Criteria: Federal regulations 2 CFR §200.329, require Pass Through Entities (PTE), such as the State, to monitor grant subrecipients to ensure that federal funds are spent appropriately. Federal Regulation 2 CFR §200.332 Subpart B requires that the PTE provide subrecipients with clear grant information, including grant terms, required financial reporting, and audit requirements. Per 2 CFR § 200.328, PTEs must collect financial data from subrecipients no less than annually. Condition: We identified some deficiencies in internal controls relating to subrecipient monitoring during our audit. Deficiencies included a lack of required monitoring documentation (e.g., annual surveys, Single Audit Reports) submitted by subrecipients and failure by RIDE to appropriately consider these deficiencies within their consideration of subrecipient risk. Of the 65 subrecipients receiving $55.3 million, we selected 25 subrecipients for testing and found 4 subrecipients with control deficiencies that prevented RIDE from complying with the subrecipient monitoring requirement as follows: • RIDE was unable to provide documentation supporting grant award information communicated to one subrecipient. Additionally, the required risk assessment for the Special Education Cluster was not performed for this subrecipient. • RIDE was unable to provide the completed Desk Review checklist for 3 subrecipients. These 3 subrecipients also did not complete RIDE’s required annual survey. We found that the lack of annual survey completion did not result in RIDE assessing higher risk for one subrecipient and thus no site visit was performed. The other 2 subrecipients were assessed at high risk, however, no site visit was performed for these subrecipients. • A subrecipient did not submit its fiscal year 2022 and 2023 Single Audit Reports and RIDE did not modify its risk assessment accordingly. RIDE was also unable to provide documentation supporting its follow-up (i.e., meeting discussing the submission of the Single Audit Report) with the subrecipients. Additionally, RIDE’s risk assessment was not adequate to identify this subrecipient as high risk. Internal controls over subrecipient monitoring would be improved by 1) updating subrecipients’ risk assessments when they fail to comply with documentation requirements, and 2) implementing monitoring procedures to identify instances where RIDE’s monitoring is not consistent with the risk assessed. Implementing site visits when subrecipients do not comply with documentation requirements would ensure that monitoring procedures align with the risk associated with the subrecipient. Cause: Lack of adequate dedicated agency resources and insufficient controls to ensure compliance with federal requirements. Effect: Noncompliance with federal compliance requirements by subrecipients could occur without being identified by the State in a timely manner. Questioned Costs: None Valid Statistical Sampling: Not Applicable RECOMMENDATION 2024-047 Improve internal controls over subrecipient monitoring by 1) updating subrecipients’ risk assessments when they fail to comply with documentation requirements, and 2) implementing monitoring procedures to identify instances where RIDE’s monitoring is not consistent with the risk assessed.
DISASTER GRANTS – PUBLIC ASSISTANCE (PRESIDENTIALLY DECLARED DISASTERS) – 97.036 Federal Awarding Agency: U.S. Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA) Federal Award Fiscal Year: 2020 - 2023; 2022 - 2024 Federal Award Number: 4505DRRIP00000001; 4653DRRIP00000001 Administered by: Rhode Island Emergency Management Agency (RIEMA) Compliance Requirement: Subrecipient Monitoring SUBRECIPIENT MONITORING Controls were not in place to ensure adequate monitoring of subrecipients throughout the fiscal year. Background: RIEMA, as the direct recipient agency of Public Assistance grants provided by FEMA, disburses pass-through awards to various subrecipients for their respective cost reimbursements. These cost reimbursement awards are required to be reported on the State’s Schedule of Expenditures of Federal Awards and accordingly are subject to the subrecipient monitoring requirements of the Uniform Guidance. Criteria: 2 CFR §200.332(d) “Requirements for pass-through entities” requires that all pass-through entities must “monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved.” That monitoring must include (1) reviewing financial and performance reports, (2) following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means, (3) issuing a management decision for audit findings pertaining to the Federal award. Condition: RIEMA did not perform required subrecipient monitoring procedures during the majority of fiscal 2024. In April 2024, RIEMA implemented a tracking worksheet to review subrecipient audit reports submitted to the Federal Audit Clearinghouse as part of the review process of subrecipient project submissions. The tracking worksheet identifies the date the review of the FAC was performed and whether any findings related to the program were reported. RIEMA implemented these procedures as corrective actions to address prior year findings relating to subrecipient monitoring. Cause: Monitoring procedures were not in place for a substantial portion of the audit period. Effect: RIEMA did not monitor subrecipients for a material portion of the fiscal year. Questioned Costs: None Valid Statistical Sample: Not Applicable RECOMMENDATIONS 2024-068a Complete implementation of subrecipient monitoring procedures by improving the detail maintained in the tracking worksheet to provide more transparency as to what was reviewed (e.g., audit year reviewed, FAC submission date, documentation of control deficiencies related to the financial statements). 2024-068b RIEMA will also need to document its review of subrecipient audit reports including follow-up on findings reported in Single Audit Reports and issuing management decisions when required.