?See Schedule of Findings and Questioned Costs for chart/table? CONDITION The Department of Public Instruction did not report Child Nutrition Cluster subawards to the Federal Funding Accountability and Transparency Act (FFATA) correctly. After testing FFATA reporting for the Child Nutrition Cluster, it was discovered that there were FFATA errors in the following three areas: 1. The Department of Public Instruction did not report the subaward information for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2021 grant year which runs from October 2020-September 2021. After an analysis of grant awards for that grant year, it was discovered that 14 subawards should have been reported to FFATA, totaling $1,593,654. ?See Schedule of Findings and Questioned Costs for chart/table? 2. The Department of Public Instruction did not report the subaward information timely for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2022 grant year awards (October 2021-September 2022) awarded in October 2021. After an analysis of grant awards awarded in October 2021, we tested 5 of 13 awards and found all 5 were not submitted timely to FFATA. Four (4) of the tested awards should have been reported to FFATA by 1/31/2022. The fifth award should have been reported to FFATA by 2/28/2022. They were all reported to FFATA on 7/28/2022. Those grant awards totaled $623,000. ?See Schedule of Findings and Questioned Costs for chart/table? 3. FFATA isn't being submitted for the following Assistance Listing numbers: 10.553, 10.555, 10.556 and 10.559. Because these Assistance Listing numbers are all included in one grant award, therefore, one FAIN number, they would all be reported in one FFATA report. The Department of Public Instruction did not report the subaward information for FAIN 223ND309N1099. After an analysis of these grant awards, 206 sponsors receiving total Federal grant payments over $30,000 should have been reported. Those grant payments totaled $168,897,721. The $169 million is based on payments made from 7/1/2020 - 6/30/2022. ?See Schedule of Findings and Questioned Costs for chart/table? CRITERIA Federal regulation 2 CFR 170, Appendix A requires a Federal Financial Assistance Transparency Act (FFATA) report for each subaward that equals or exceeds $30,000 no later than the end of the month following the month in which the obligation was made. The subaward information is then available to the public on the USA Spending website for transparency. 2 CFR 200.303(a) states that non-Federal entities must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Based on discussion with staff, a lack of understanding of FFATA reporting requirements resulted in the FFATA reporting errors. The Department of Public Instruction is only reporting FFATA for the Fresh Fruit and Vegetable program because the amounts given to sponsors is predetermined and not reimbursement based. For the other programs in the Child Nutrition Cluster, DPI does not report FFATA because they are meal count grants and amounts are not predetermined. There is no waiver or statement in the grant terms and conditions for the meal count grants saying that FFATA doesn?t need to be completed for these programs. The Department also couldn?t find a waiver or any information from their USDA contact saying that FFATA doesn?t need to be completed. Therefore, the FFATA should have been completed for all programs in the Child Nutrition Cluster. Because the awards to sponsors are not predetermined, the auditor is reporting grant payments during the audit period instead of award amounts. EFFECT Not meeting the FFATA requirements increases the likelihood that the public will not have access to transparent and accurate information regarding expenditures of Federal awards. Additionally, Federal regulations address actions that Federal agencies may impose if a state entity does not comply with the U.S. Constitution, Federal statutes, regulations, or the terms and conditions of a Federal award. According to 2 CFR 200.208(c), ?Specific conditions,? these actions may include ? requiring reimbursement instead of advance payments; ? not allowing the agency to proceed to the next phase until it submits evidence of acceptable performance; ? requiring additional, more detailed financial reports or additional project monitoring; ? requiring the agency to obtain technical or management assistance; or ? establishing other prior approvals. If the Federal agency determines the state agency cannot remedy its noncompliance through the above actions, 2 CFR 200.339, ?Remedies for noncompliance,? outlines additional actions the Federal agency may take. Depending on the circumstances, these actions may include ? temporarily withholding payments until the noncompliance has been corrected, ? denying the use of funds, ? partly or fully suspending or terminating the Federal award, ? suspending or debarring the agency, ? withholding further awards for the project or program, or ? pursuing other available legal remedies. CONTEXT There were 539 sponsors receiving Federal grant awards during our audit period totaling $174,653,181. Of those 539 sponsors, 233 (43%) were over the $30,000 threshold and should have been reported to FFATA, for a total of $172,004,887 (98%). Of the 233 sponsors over the $30,000 threshold, only 13 sponsors (6%) were reported to FFATA, totaling $1,513,512 (1%). This results in 220 sponsors receiving Federal grant awards (94%) not reported to FFATA, totaling $170,491,375 (99%). Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Not a repeat finding. RECOMMENDATION We recommend the Department of Public Instruction ensures timely and accurate submission of FFATA reports in accordance with Federal regulations and retain further instructions or waiver from the Federal agency. DEPARTMENT OF PUBLIC INSTRUCTION RESPONSE We agree with the finding. See ?Management?s Response and Corrective Action? section of this report.
See Schedule of Findings and Questioned Costs for chart/table 2022-001: Procurement and Suspension and Debarment Criteria: Per 2 CFR 200.318(i), the non-Federal entity must maintain records sufficient to detail the history of procurement. These records will include, but are not necessarily limited to, the following: the rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the contract price. Per 2 CFR 200.214, non-Federal entities are subject to the nonprocurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR Part 180. The regulations in 2 CFR Part 180 restrict awards, sub-awards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from, or ineligible for, participation in Federal Assistance programs or activities. Per 2 CFR 180.220, non-Federal entities are prohibited from contracting with or making sub-awards under covered transactions to parties that are suspended or debarred or whose principals are suspended or debarred. Covered transactions include contracts for goods and services awarded under a nonprocurement transaction that are expected to equal or exceed $25,000 or meet certain other criteria as specified in 2 CFR Section 180.220. All nonprocurement transactions entered into by a pass-through entity (i.e., sub-awards to subrecipients), irrespective of award amount, are considered covered transactions unless they are exempt as provided in 2 CFR Section 180.215. Condition/context: Five transactions were subject to the requirements of procurement based on the transaction price. Of the three transactions tested during the audit, all three were identified as not having the proper documentation supporting the procurement method. Five vendors were subject to the requirements of suspension and debarment. Of the three vendors tested during the audit, all three were identified as not having the proper documentation supporting the review of the suspension and debarment requirements prior to funds being expended. None of the entities were suspended or debarred. Questioned costs: $0 Cause: While the College has a procurement policy in place that appropriately addresses procurement, suspension and debarment, the policy was not properly followed, resulting in a lack of supporting documentation for the procurement and review of the suspension and debarment of vendors in the fiscal year. When the pandemic originally began, exceptions from competitive procurement requirements of the Uniform Guidance could be accepted if a public emergency would not permit a delay; however, the flexibility from competitive procurement has been reduced as it is unlikely the same circumstances would be occurring. The College was still operating under this previous flexibility and utilized prior vendors through sole source contracts. Effect: Per 2 CFR 200.339, if a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations, or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Identification as a repeat finding: No. Recommendation: We recommend that management ensure it is staying updated with changes in guidance and program requirements. In addition, for more consistent application, we recommend that the procurement policy be modified to more clearly state that documentation will be maintained to identify and maintain proper supporting documentation for the method of procurement utilized and for the review of the suspension and debarment requirement. Furthermore, we recommend that the procurement policy be modified to more clearly state vendors with a transaction, in the aggregate, greater than the micro-purchase threshold are required to be procured under approved procurement methods. Views of responsible officials and planned corrective actions: Management concurs with the finding. See Exhibit I.
See Schedule of Findings and Questioned Costs for chart/table 2022-001: Procurement and Suspension and Debarment Criteria: Per 2 CFR 200.318(i), the non-Federal entity must maintain records sufficient to detail the history of procurement. These records will include, but are not necessarily limited to, the following: the rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the contract price. Per 2 CFR 200.214, non-Federal entities are subject to the nonprocurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR Part 180. The regulations in 2 CFR Part 180 restrict awards, sub-awards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from, or ineligible for, participation in Federal Assistance programs or activities. Per 2 CFR 180.220, non-Federal entities are prohibited from contracting with or making sub-awards under covered transactions to parties that are suspended or debarred or whose principals are suspended or debarred. Covered transactions include contracts for goods and services awarded under a nonprocurement transaction that are expected to equal or exceed $25,000 or meet certain other criteria as specified in 2 CFR Section 180.220. All nonprocurement transactions entered into by a pass-through entity (i.e., sub-awards to subrecipients), irrespective of award amount, are considered covered transactions unless they are exempt as provided in 2 CFR Section 180.215. Condition/context: Five transactions were subject to the requirements of procurement based on the transaction price. Of the three transactions tested during the audit, all three were identified as not having the proper documentation supporting the procurement method. Five vendors were subject to the requirements of suspension and debarment. Of the three vendors tested during the audit, all three were identified as not having the proper documentation supporting the review of the suspension and debarment requirements prior to funds being expended. None of the entities were suspended or debarred. Questioned costs: $0 Cause: While the College has a procurement policy in place that appropriately addresses procurement, suspension and debarment, the policy was not properly followed, resulting in a lack of supporting documentation for the procurement and review of the suspension and debarment of vendors in the fiscal year. When the pandemic originally began, exceptions from competitive procurement requirements of the Uniform Guidance could be accepted if a public emergency would not permit a delay; however, the flexibility from competitive procurement has been reduced as it is unlikely the same circumstances would be occurring. The College was still operating under this previous flexibility and utilized prior vendors through sole source contracts. Effect: Per 2 CFR 200.339, if a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations, or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Identification as a repeat finding: No. Recommendation: We recommend that management ensure it is staying updated with changes in guidance and program requirements. In addition, for more consistent application, we recommend that the procurement policy be modified to more clearly state that documentation will be maintained to identify and maintain proper supporting documentation for the method of procurement utilized and for the review of the suspension and debarment requirement. Furthermore, we recommend that the procurement policy be modified to more clearly state vendors with a transaction, in the aggregate, greater than the micro-purchase threshold are required to be procured under approved procurement methods. Views of responsible officials and planned corrective actions: Management concurs with the finding. See Exhibit I.
FINDING 2022-009 FEDERAL PROGRAM DISASTER GRANT-PUBLIC ASSISTANCE ( ASSISTANCE LISTING NO. 97.036) DEPARTMENT OF HOMELAND SECURITY CATEGORY INTERNAL CONTROL NONCOMPLIANCE PROCUREMENT-CONTRACT PROVISION CONDITIONS As part of our allowability test we verified if the contract contained the clauses required by FEMA. During our audit, we identified that the revised contracts did not contain the following required clauses: Retention of records for three years; Equal Employment Opportunity; Compliance with the Clean Air Act and Water Act; Compliance with Suspension and Debarment; Compliance with Byrd Anti Lobbying Amendment. CRITERIA 2 CFR, Section 200.327 states that the non-Federal entity's contracts must contain the applicable provisions described in appendix II, which includes the clauses mentioned above. CAUSE The Program Director and the City Clerk's Office failed to take internal control measures to ensure that FEMA-funded contracts included all clauses required by applicable regulations. EFFECT In case of noncompliance with the federal procurement rules, FEMA may apply a remedy, as appropriate, in accordance with its authorities found at 2 C.F.R. § 200.339 Remedies for Noncompliance. RECOMMENDATION The Program Director and the City Clerk’s Office should implement adequate internal control procedures to ensure that the contracts contain all the clauses required by FEMA. QUESTIONED COSTS None PRIOR YEAR Not Applicable VIEWS OF RESPONSIBLE OFFICIALS AND PLANNED CORRECTIVE ACTION Corrective action was taken on contracts 2023 and beyond. The 2023 contracts already awarded were amended to include them and the new contracts that are being formalized in 2024 are including FEMA's mandatory clauses. RESPONSIBLE PERSON Mr. Jose González-Program Director 787-894-9191
Lack of Internal Controls and Noncompliance with Subrecipient Monitoring Requirement –Coronavirus Relief Fund (Repeat Finding - 2021-001) FEDERAL AGENCY: U.S. Department of the Treasury ASSISTANCE LISTING: 21.019 FEDERAL PROGRAM NAME: Coronavirus Relief Fund FEDERAL AWARD NUMBER: SLT0259 FEDERAL AWARD YEAR: 2021 CONTROL CATEGORY: Subrecipient Monitoring QUESTIONED COSTS: $176,562 Condition: During the process of documenting the County’s internal controls regarding federal disbursements, we noted that Oklahoma County has not established the following procedures to ensure compliance with the Subrecipient Monitoring requirements: • Identify the award and applicable requirements to the subrecipients. • Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). Further, when performing tests over compliance of the federal grant, it was noted that the County did not perform any subrecipient monitoring procedures. In addition, subaward agreements were not designed to ensure the subrecipients understand and use the funds in accordance with federal regulations, and terms and conditions of the subaward. Cause of Condition: Policies and procedures have not been designed and implemented to ensure the County complies with federal laws and regulations and grant agreements. Effect of Condition: This condition resulted in noncompliance with federal laws and regulations and grant agreements. Recommendation: OSAI recommends the County comply with federal laws and regulations and grant agreements by creating award agreements that are designed and implemented to ensure Subrecipient Monitoring is performed. Management Response: Chairman of the Board of County Commissioners: Oklahoma County will comply with federal laws and regulations and grant agreements by creating award agreements that are designed and implemented to ensure Subrecipient Monitoring is performed. Criteria: GAO Standards – Section 2 – Establishing an Effective Internal Control System – OV2.23 states in part: Objectives of an Entity – Compliance Objectives Management conducts activities in accordance with applicable laws and regulations. As part of specifying compliance objectives, the entity determines which laws and regulations apply to the entity. Management is expected to set objectives that incorporate these requirements. 2 CFR § 200.303(a) Internal Controls reads as follows: The non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR § 200.332 states: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward… (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section,… (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals areachieved. ... (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations.
Lack of Internal Controls and Noncompliance with Subrecipient Monitoring Requirement – Emergency Rental Assistance Program (Repeat Finding – 2021-002) FEDERAL AGENCY: U.S. Department of the Treasury ASSISTANCE LISTING: 21.023 FEDERAL PROGRAM NAME: Emergency Rental Assistance Program FEDERAL AWARD NUMBER: ERAE0514, ERAE0418 FEDERAL AWARD YEAR: 2022 CONTROL CATEGORY: Subrecipient Monitoring QUESTIONED COSTS: $13,241,928 Condition: During the process of documenting the County’s internal controls regarding federal disbursements, we noted that Oklahoma County has not established the following procedures to ensure compliance with the Subrecipient Monitoring requirements: • Identify the award and applicable requirements to the subrecipients. • Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). Further, when performing tests over compliance of the federal grant, it was noted that the County did not perform any subrecipient monitoring procedures. In addition, subaward agreements were not designed to ensure the subrecipients understand and use the funds in accordance with federal regulations, and terms and conditions of the subaward. Cause of Condition: Policies and procedures have not been designed and implemented to ensure the County complies with federal laws and regulations and grant agreements. Effect of Condition: This condition resulted in noncompliance with federal laws and regulations and grant agreements. Recommendation: OSAI recommends the County comply with federal laws and regulations and grant agreements by creating award agreements that are designed and implemented to ensure Subrecipient Monitoring is performed. Management Response: Chairman of the Board of County Commissioners: Oklahoma County will comply with federal laws and regulations and grant agreements by creating award agreements that are designed and implemented to ensure Subrecipient Monitoring is performed. Criteria: GAO Standards – Section 2 – Establishing an Effective Internal Control System – OV2.23 states in part: Objectives of an Entity – Compliance Objectives Management conducts activities in accordance with applicable laws and regulations. As part of specifying compliance objectives, the entity determines which laws and regulations apply to the entity. Management is expected to set objectives that incorporate these requirements. 2 CFR § 200.303(a) Internal Controls reads as follows: The non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR § 200.332 states: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward… (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, . . . (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. … (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations.
Condition: The Municipality failed to identify, within their records, a list of transactions, nor could provide supporting documentation for the disbursement of $373,670 of program funds. Several inconsistencies between the disbursement and supporting documentation were observed for disbursements totaling $8,579. A total of $373,670 of program funds were transferred to other accounts of the Municipality. The Municipality did not provide us with supporting documentation for transactions totaling $373,670, therefore, we could not ascertain that these transactions complied with program regulations. Context: The Municipality received $758,218 of program funds during the fiscal year ended on June 30, 2022. A total of $1,526,593 was included in the schedule of expenditures of federal awards (SEFA) as program expenses. The Municipality did not provide sufficient and appropriate documentation for $373,670 of program expenses. This represents 24% of the expenses reported in the SEFA. The following situations were observed for disbursements totaling $8,579: Context, continued: Situation Number of transactions with situation Disbursement was made before the receipt of the related invoice 1 Duplicity of payments for the same invoice 2 Disbursement was made without the receipt of the related invoice nor the signoff of all required personnel. 1 Program regulation states that local governments are required to use payments from the Fund to cover: 1) Necessary expenditures incurred due to the public health emergency with respect to the Coronavirus Disease 2019 (Covid-19), 2) Costs that were not accounted in the governments’ most recently approved budget as of March 27, 2020, and 3) Costs that were incurred during the period that begins on March 1, 2020; and ends on December 31, 2021. Program Closure Report reminds the Municipality that as per 2 C.F.R. 200 and applicable federal regulations to the CRF Program, documentation that serves as evidence of any eligible expenditure reported under the CRF Program should be preserved and maintained for at least five years. We could not ascertain that these disbursements complied with program regulations. The Coronavirus Relief Fund is authorized by the Cares Act, Pub. L. No. 116-136, Division A, Title V (2020) (codified as 42 USC 81 et seq.) as amended by the Consolidated Appropriations Act, 201, Pub. L. No. 116-260 Division N, Title X, Section 1001. Criteria: Uniform Guidance states in 2 CFR 200.403 that otherwise authorized by statue, costs must be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles, be consistent with policies and procedures that apply uniformly to both federally financed and other activities of the non-Federal entity and be adequately documented. As per 2 CFR 200.302 the other non-Federal entity’s financial management system must provide for the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the federal statues, regulations, and the terms and conditions of the Federal Award. Cause: The Municipality failed to provide documentation that served as evidence of eligible expenses for the CRF program for expenses totaling $373,670. The Municipality applied inconsistent internal control and program procedures to disbursement transactions totaling $8,579. Effect: Remedies for noncompliance are described in 2 CFR 200.339. Grantor may impose additional conditions as described in 2 CRF 200.208 or take one or more of the actions listed on 2 CRF 200.339 as appropriate in the circumstances. Auditor’s recommendation: The Municipality must strengthen internal controls and procedures to assure that disbursement of program funds is properly documented and allowed under program regulations. The Municipality must ensure that all documentation that serves as evidence for eligible expenses be preserved and maintained for at least five years. Views of Responsible officials and corrective actions: Evidence of AAFAF Funds closeout report was provided, there is no issue. Auditor Comments: The Coronavirus Relief Fund (CRF) Transfer Agreement – Assistance Program to Municipalities establishes the following on its grant agreement: 2.3 Recordkeeping: Transferee will maintain its books and records in a manner that will provide Transferor with sufficient detail to review Transferee’s receipts and expenditures relating to the Transfer. Transferee will make such records available for review by Transferor or its agent or designee upon reasonable notice during the Transfer Period and for five (5) years after the termination or expiration of this Agreement. 5.2 Compliance Audit Requirements E.: As applicable, Transferees required to have an audit must ensure the audits are performed in accordance with Generally Accepted Auditing Standards (GAAS) and Government Auditing Standards. The Assistance Program to Municipalities Program Closure Report that management refers to states the following: “Receipt of this notification means that your municipality does not need to provide further notifications or Use of Funds reports since the Program has been closed for your municipality. Your municipality is advised that all documentation that serves as evidence of any eligible expenditure reported under the CRF Program should be preserved and maintained for at least five (5) years, as indicated by federal regulation 2 C.F.R. 200 and applicable federal regulations to the CRF Program. Additionally, please be advised that your municipality will continue to be subject to revisions or audits by local, state or federal agencies pertaining to the use of funds in accordance with federal regulations applicable to the CRF program or the federal regulations regarding Federal Awards, 2 C.F.R. 200. Therefore, your municipality should expect and be prepared for a formal audit by the Government of Puerto Rico or by any pertinent federal agency”. Appendix XI to Part 200 – Compliance Supplement identifies Allowable Costs/Cost Principle as a compliance requirement. Except where otherwise authorized by statue, cost must meet the following general criteria in order to be allowable under federal awards: (1) Be necessary and reasonable for the performance of the federal award and be allocable thereto under the principles in 2 CFR Part 200, Subpart E., and (2) be adequately documented, among other things. The Assistance Program to Municipalities Program Closure Report does not constitute a list of transactions nor adequate supporting documentation of the transactions totaling $373,670. It also does not explain the inconsistencies in supporting documentation observed for disbursements totaling $8,579. Audit Status: Unresolved
Condition: The Municipality failed to identify, within their records, a list of transactions, nor could provide supporting documentation for the disbursement of $1,468,197 of program funds. Documentation for the disbursement of $17,565 of program funds was not identified by the Municipality nor provided for our review. A total of $1,468,197 of program funds were transferred to other accounts of the Municipality. The Municipality did not provide us with supporting documentation for transactions totaling $1,468,197, therefore, we could not ascertain that these transactions complied with program regulations. Context: The Municipality received $6,013,479 of program funds during the fiscal year ended on June 30, 2022. A total of $ 4,810,454 was included in the schedule of expenditures of federal awards (SEFA) as program expenses. The Municipality did not provide sufficient and appropriate documentation for $1,485,762 of program expenses. This represents 31% of the expenses reported in the SEFA. The Municipality indicated that Revenue Replacement was their only project expenditure category in their annual March 2022 SLFRF Compliance Report. Revenue loss in and of itself is not an eligible use. Instead, recipients calculate lost revenue based on the formula provided in the Interim Final Rule and Final Rule to determine the limit for funds that can be used for the provision of government services. Entities are expected to use the direct payments to meet pandemic response needs and rebuild a strong, more equitable economy as the country recovers. Interim and final regulations state that recipients may not use funds to pay interest or principal on outstanding debt, as these expenses would not address the needs of pandemic response or its negative economic impacts. Such expenses would also not be considered provision of government services, as these financing expenses do not directly provide services or aid to citizens. The Coronavirus State and Local Fiscal Recovery Funds program is authorized by sections 602 and 603 of the Social Security Act as added by section 9901 of the American Rescue Plan Act of 2021, Pub. L. No. 117-2 (Mar. 11, 2021). Recipients may use payments from the Fund to among other things, replace lost public sector revenue to provide government services. Criteria: Uniform Guidance states in 2 CFR 200.403 that otherwise authorized by statue, costs must be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles, be consistent with policies and procedures that apply uniformly to both federally financed and other activities of the non-Federal entity and be adequately documented. As per 2 CFR 200.302 the other non-Federal entity’s financial management system must provide for the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the federal statues, regulations, and the terms: and conditions of the Federal Award. Further, Coronavirus Local Fiscal Recovery Fund Award terms and conditions state the following regarding the maintenance of and Access to Records 1. Recipient shall maintain records and financial documents sufficient to evidence compliance with section 603© of the Act, Treasury’s regulations implementing that section, and guidance issued by Treasury regarding the foregoing. 2. The Treasury Office of Inspector General and the Government Accountability Office, or their authorized representatives, shall have the right of access to records (electronic and otherwise) of Recipient in order to conduct audits or other investigations. 3. Records shall be maintained by the Recipient for a period of five (5) years after all funds have been expended or returned to the Treasury, whichever is later. Cause: The Municipality failed to provide documentation that served as evidence of eligible expenses for the program for expenses totaling $1,485,762. The Municipality applied inconsistent internal control and program procedures to disbursement transactions totaling $17,565. Effect: Coronavirus Local Fiscal Recovery Fund Award terms and conditions state the following regarding Remedial Actions: In the event of recipient’s noncompliance with section 603 of the Act, other applicable laws, Treasury’s implementing regulations, guidance , or any reporting or other program requirements, Treasury may impose additional conditions on the receipt of a subsequent tranche of future award funds, If any, or take other available remedies as set forth in 2 CFR 200.339 In the case of a violation of section 603 (c ) of the Act regarding the use of funds, previous payments shall be subject to recoupment as provided in section 603 ( C )of the Act. Auditor’s recommendation: The Municipality must strengthen internal controls and procedures to assure that disbursement of program funds is properly documented and allowed under program regulations. The Municipality must ensure that all documentation that serves as evidence for eligible expenses be preserved and maintained for at least five years. Views of Responsible officials and corrective actions: The accounting staff will continue searching for supporting documentation related to the disbursements amounting $17,565. The Coronavirus State & Local Fiscal Recovery Funds (CSLFR) Department of Treasury Final Rule of January 2022., offers a standard allowance for revenue loss of $10 million, allowing recipients to select between a standard amount of revenue loss or complete a full revenue loss calculation. Recipients that select the standard allowance may use that amount, in many cases their full award, for government services. The Municipality’s management selected the standard allowance, since the amount awarded of CSLFR funds were less than $10 million ad determined that the use of these funds was for governmental services, which are services traditionally provided by recipient governments. The Municipality determined that the payroll expenditures of several departments of the Municipality’s General Fund will be charged to the CSLFR fund as government services. The transfer of $1,468,197 of CSLFR to other Municipality’s bank accounts was to cover the payrolls related to governmental services accounted in the Municipality’s General Fund during the fiscal year 2021-2022. Due to an involuntary omission, these transfers were not recorded as expenditures in the CSLFR fund in the accounting system of the Municipality. To correct this accounting error the Municipality’s management gave instructions to the accounting staff to start reclassifying in the accounting system as soon as possible, these transfers to payroll expenditures accounts in the CSLFR fund. Municipality’s management believes that this finding should be related to an issue of reporting because the Municipality complied with the requirements of activities allowed or unallowed and allowable costs, since the Municipality disbursed CSLFR funds related to governmental services in accordance with the Department of Treasury Final Rule of January 2022. No actions are required related to this finding. Auditor Comments: The U.S Department of The Treasury Coronavirus Local Fiscal Recovery Fund Award Terms and Conditions establishes the following: Recipient shall maintain records and financial documents sufficient to evidence compliance with section 603 ( c ) of the Act, Treasury’s regulations implementing that section, and guidance issued by Treasury regarding the foregoing. Records shall be maintained by Recipient for a period of five (5) years after all funds have been expended or returned to Treasury, whichever is later. 2 CFR 200.302 states the other non-Federal entity’s financial management system must provide for the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the federal statues, regulations, and the terms and conditions of the Federal Award. Appendix XI to Part 200 – Compliance Supplement identifies Allowable Costs/Cost Principle as a compliance requirement. Except where otherwise authorized by statue, cost must meet the following general criteria in order to be allowable under federal awards: (1) Be necessary and reasonable for the performance of the federal award and be allocable thereto under the principles in 2 CFR Part 200, Subpart E., and (2) be adequately documented, among other things. Although Government Services is an allowable expense category for the CSLFR program, and the Municipality’s management represent to us that the transfers to other accounts within the Municipality correspond to payroll expenditures, the Municipality did not provide us with a list of transactions, nor provided supporting documentation relating to these payroll transactions for the amount of $1,468,197. Program regulations states that records shall be maintained by the Recipient for a period of 5 years after all funds have been expended and federal regulation states that in order to be allowable, costs need to be properly documented. Audit Status: Unresolved
Condition: The Municipality could not provide supporting documentation for the disbursement of $173,454 of program funds. These disbursements were accounted for as increase in the due from other funds account. We could not ascertain that the disbursements of $173,454 complied with program regulations. Context: The Municipality received $123,938 of program funds during the fiscal year ended on June 30, 2022. A total of $173,454 of program funds were disbursed without sufficient and appropriate documentation. These funds were disbursed as electronic transfers to other municipal accounts and were accounted for as increases in the due from other funds account. The Municipality repaid during the current year the amount of $447,816 related to last year’s disbursements to the due from other funds account. As of June 30, 2022 the balance of the due from other funds account is $555,110. Program regulation states that costs must be directly tied to the performance of eligible work; adequately documented; reduced by all applicable credits, such as insurance proceeds and salvage values; authorized and not prohibited under Federal or State government laws or regulation; consistent with the applicant’s internal policies, regulations, and procedures that apply uniformly to both Federal awards and other activities of the applicant; and necessary and reasonable to accomplish the work properly and efficiently. We could not ascertain that these disbursements complied with program regulations. The Public Assistance Program is authorized under the Robert T. Stafford Disaster Relief and Emergency assistance Act, as Amended (Stafford Act). Assistance is provided so that communities can quickly respond to and recover from major disasters or emergencies declared by the President. The Municipality has approved grants for the Hurricane Irma and Maria disasters declared on September 2017 (disasters 3384EMPR, 4336 DRPR and 4339 DRPR). The program approves funding for debris removal, emergency protective measures, and the restoration of disaster-damaged, publicly owned facilities. It also encourages protection of damaged facilities from future incidents by providing assistance for hazard mitigation measures. Criteria: Uniform Guidance states in 2 CFR 200.403 that otherwise authorized by statue, costs must be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles, be consistent with policies and procedures that apply uniformly to both federally financed and other activities of the non-Federal entity and be adequately documented. As per 2 CFR 200.302 the other non-Federal entity’s financial management system must provide for the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the federal statues, regulations, and the terms and conditions of the Federal Award. As per 44 CFR section 206.201 and 206.203, the public assistance program provides grant funding for emergency protective measures and debris removal (Emergency Work) and for permanent restoration of damaged facilities, including cost-effective hazard mitigation to protect facilities from future damage (Permanent Work). Cause: The Municipality applied inconsistent program procedures to the three disbursement transactions totaling $173,454. Effect: Remedies for noncompliance are described in 2 CFR 200.339. Grantor may impose additional conditions as described in 2 CRF 200.208 or take one or more of the actions listed on 2 CRF 200.339 as appropriate in the circumstances. Program regulations provide for recovery of assistance and penalty provisions on 44 CFR Part 206. Auditor’s recommendation: The Municipality must strengthen internal controls and procedures to assure that disbursement of program funds are properly documented, can be directly tied to the performance of eligible work, and is allowed under program regulations. Views of Responsible officials and corrective actions: The Municipality Administration is committed to identify the control of deficiency that allowed for the deficiency to happen. Additionally, the administration is committed to implementing the correct control structure to prevent the situation from happening in the future. The Municipality Management will continue the search of supporting documentation of the highlighted transactions. New proposed control structure to be evaluated by Municipality for adequacy. Audit Status: In process of completion.
Finding 2022-007 — Lack of Internal Controls and Noncompliance with Subrecipient Monitoring – Emergency Rental Assistance Program (Repeat Finding 2021-013) FEDERAL AGENCY: U.S. Department of the Treasury ASSISTANCE LISTING: 21.023 FEDERAL PROGRAM NAME: Emergency Rental Assistance Program FEDERAL AWARD NUMBER: ERA0174, ERAE0225 FEDERAL AWARD YEAR: 2022 CONTROL CATEGORY: Subrecipient Monitoring QUESTIONED COSTS: $6,397,374 Condition: During the process of documenting the County’s internal controls regarding federal disbursements for the Emergency Rental Assistance Program (ERA), we noted that Cleveland County has not established the following procedures to ensure compliance with the Subrecipient Monitoring requirements: • Evaluate subrecipient’s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward. • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. Further, while documenting controls over the subrecipient program and administrative expenditures for the ERA1, we noted the following: • The County was unable to provide supporting documents for the administrative costs of the consultant for this grant totaling $64,800. • The County was unable to provide supporting documentation of the subrecipient’s administrative expenditures totaling $453,067. Cause of Condition: Policies and procedures have not been designed and implemented to ensure the County complies with federal laws and regulations and grant agreements; and adequate subrecipient monitoring policies and procedures had not been established by the County prior to entering into agreements with subrecipients. Effect of Condition: This condition resulted in noncompliance with grant requirements. Also, the subrecipient may not be in compliance with the award terms and there is an increased risk of mismanagement and fraud by the subgrantees. Recommendation: OSAI recommends the County design and implement internal controls to ensure that it administers current and future ERA grants in accordance with applicable federal laws and grant requirements, including ensuring that grant subrecipients are properly informed of federal requirements related to allowable costs and that subrecipient monitoring procedures are designed and implemented. Subrecipients should be reimbursed for administrative costs based on supporting documentation for actual costs incurred rather than making advance payments for a set percentage of program funds advanced. Management Response: Chairman of the Board of County Commissioners: Cleveland County takes the auditor's findings seriously and has already implemented several improvements in documentation, monitoring, and reporting practices. Cleveland County is working toward improvements for fiscal year 2025 and has reconciled billing to align with the contract scope of work. However, we recognize the need for documented internal controls and are committed to addressing all recommendations to ensure compliance and transparency in future programs. The County appreciates the constructive feedback and will continue to refine its processes to better serve its citizens. Criteria: GAO Standards – Section 2 – Establishing an Effective Internal Control System – OV2.23 states in part: Objectives of an Entity – Compliance Objectives Management conducts activities in accordance with applicable laws and regulations. As part of specifying compliance objectives, the entity determines which laws and regulations apply to the entity. Management is expected to set objectives that incorporate these requirements. 2 CFR § 200.332 states in part: (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In addition, identify procedures necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. Reviewing financial and programmatic (performance and special reports) required by the Pass-Through Entity (PTE). The Consolidated Appropriations Act§ Section 501 (c)(5) Use of Funds - Administrative Costs states in part: (A) IN GENERAL. —Not more than 10 percent of the amount paid to an eligible grantee under this section may be used for administrative costs attributable to providing financial assistance and housing stability services under paragraphs (2) and (3), respectively, including for data collection and reporting requirements related to such funds. (B) NO OTHER ADMINISTRATIVE COSTS. —Amounts paid under this section shall not be used for any administrative costs other than to the extent allowed under subparagraph (A). In addition, the U.S. Department of Treasury Emergency Rental Assistance (ERA) FAQ #29 What are the applicable limitations on administrative expenses, states in part: Under ERAl, not more than 10 percent of the amount paid to a grantee may be used for administrative costs attributable to providing financial assistance and housing stability services to eligible households. Under ERA2, not more than 15 percent of the amount paid to a grantee may be used for administrative costs attributable to providing financial assistance, housing stability services, and other affordable rental housing and eviction prevention activities. 2 CFR § 200.332 states: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward… (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section,… (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. . . . (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations.
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-040 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to subrecipients of the Low-Income Home Energy Assistance Program. Assistance Listing Number and Title: 93.568, Low-Income Home Energy Assistance Program 93.568, COVID-19 Low-Income Home Energy Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2201WALIEA; 2101WALIEA; 2201WALIEI; 2101WALWC5; 2101WEA5C6; 2102WALWC6 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Department of Commerce (Department) administers the Low-Income Home Energy Assistance Program, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2022, the Department spent more than $102 million in federal program funds, approximately $98 million of which it paid to subrecipients. Federal regulations require the Department to monitor its subrecipients? activities. This includes verifying that subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes on to subrecipients, the Department must follow up and ensure its subrecipients take timely and appropriate corrective action on all deficiencies identified through audits, onsite reviews and other means. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of acceptance of the audit report by Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reasons for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to the program?s subrecipients. The Department had a process in place to monitor that program subrecipients received single audits. However, for the first half of the audit period, it did not have a process in place to issue, communicate and follow up on management decisions to its subrecipients when program findings were issued. During the audit period, the Department had 26 subrecipients that were required to submit a single audit. One subrecipient received a finding for which the Department was required to issue a management decision. We found the Department did not issue a management decision for this subrecipient. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Management did not establish sufficient internal controls or monitoring procedures to ensure the Department issued the required management decisions. The Department also lacks written policies over issuing management decisions to its federal program subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitor them for effectiveness, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Department: ? Establish effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the program ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Department?s Response The Department of Commerce concurs with the finding. The Department hired an Internal Control Officer in November 2021 assigned to complete the required verification of Federal Audit Clearinghouse (FAC) submissions. This process was completed for all recipients who expended $750,000 or more in federal funds passed through the Department. One subrecipients submission selected for testing was verified, however, a formal management decision was not issued. The audit report submitted to the FAC included various errors which included no identification of the pass through entity (the Department of Commerce) as part of the finding and the Schedule of Expenditure of Federal Awards (SEFA) reported the wrong state agency?s acronym. The Department of Corrections was listed, not Commerce as required. The accurate reporting of the pass through entity in the audit report is imperative for Commerce to identify who they are required to issue a management decision for. A comprehensive spreadsheet of the Department?s management decision was maintained, however, the subrecipient selected for testing was omitted. The Department currently has a robust and comprehensive process to identify required reporters, verify their submission to the FAC, document late or non-reporters, and document communication requests for information related to submissions. The Department has also created a method to formally communicate the management decision to our subrecipients who have received Commerce funded audit findings. Our prior process included verbally discussing the finding, corrective action plans and Commerce requests with the subrecipient. Internal controls for the monitoring of federal reporting and issuing of management decisions have been in place since March 2022. Commerce management will continue to monitor the process and implement efficiencies to ensure continued compliance with all respects of the code of federal regulations. We appreciate the State Auditor?s Office thorough review of this process and recommendations. We anticipate all future audits will find the Department has employed strong internal controls supporting compliance with all requirements. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-040 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to subrecipients of the Low-Income Home Energy Assistance Program. Assistance Listing Number and Title: 93.568, Low-Income Home Energy Assistance Program 93.568, COVID-19 Low-Income Home Energy Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2201WALIEA; 2101WALIEA; 2201WALIEI; 2101WALWC5; 2101WEA5C6; 2102WALWC6 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Department of Commerce (Department) administers the Low-Income Home Energy Assistance Program, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2022, the Department spent more than $102 million in federal program funds, approximately $98 million of which it paid to subrecipients. Federal regulations require the Department to monitor its subrecipients? activities. This includes verifying that subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes on to subrecipients, the Department must follow up and ensure its subrecipients take timely and appropriate corrective action on all deficiencies identified through audits, onsite reviews and other means. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of acceptance of the audit report by Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reasons for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to the program?s subrecipients. The Department had a process in place to monitor that program subrecipients received single audits. However, for the first half of the audit period, it did not have a process in place to issue, communicate and follow up on management decisions to its subrecipients when program findings were issued. During the audit period, the Department had 26 subrecipients that were required to submit a single audit. One subrecipient received a finding for which the Department was required to issue a management decision. We found the Department did not issue a management decision for this subrecipient. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Management did not establish sufficient internal controls or monitoring procedures to ensure the Department issued the required management decisions. The Department also lacks written policies over issuing management decisions to its federal program subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitor them for effectiveness, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Department: ? Establish effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the program ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Department?s Response The Department of Commerce concurs with the finding. The Department hired an Internal Control Officer in November 2021 assigned to complete the required verification of Federal Audit Clearinghouse (FAC) submissions. This process was completed for all recipients who expended $750,000 or more in federal funds passed through the Department. One subrecipients submission selected for testing was verified, however, a formal management decision was not issued. The audit report submitted to the FAC included various errors which included no identification of the pass through entity (the Department of Commerce) as part of the finding and the Schedule of Expenditure of Federal Awards (SEFA) reported the wrong state agency?s acronym. The Department of Corrections was listed, not Commerce as required. The accurate reporting of the pass through entity in the audit report is imperative for Commerce to identify who they are required to issue a management decision for. A comprehensive spreadsheet of the Department?s management decision was maintained, however, the subrecipient selected for testing was omitted. The Department currently has a robust and comprehensive process to identify required reporters, verify their submission to the FAC, document late or non-reporters, and document communication requests for information related to submissions. The Department has also created a method to formally communicate the management decision to our subrecipients who have received Commerce funded audit findings. Our prior process included verbally discussing the finding, corrective action plans and Commerce requests with the subrecipient. Internal controls for the monitoring of federal reporting and issuing of management decisions have been in place since March 2022. Commerce management will continue to monitor the process and implement efficiencies to ensure continued compliance with all respects of the code of federal regulations. We appreciate the State Auditor?s Office thorough review of this process and recommendations. We anticipate all future audits will find the Department has employed strong internal controls supporting compliance with all requirements. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
?See Schedule of Findings and Questioned Costs for chart/table? CONDITION The Department of Public Instruction did not report Child Nutrition Cluster subawards to the Federal Funding Accountability and Transparency Act (FFATA) correctly. After testing FFATA reporting for the Child Nutrition Cluster, it was discovered that there were FFATA errors in the following three areas: 1. The Department of Public Instruction did not report the subaward information for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2021 grant year which runs from October 2020-September 2021. After an analysis of grant awards for that grant year, it was discovered that 14 subawards should have been reported to FFATA, totaling $1,593,654. ?See Schedule of Findings and Questioned Costs for chart/table? 2. The Department of Public Instruction did not report the subaward information timely for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2022 grant year awards (October 2021-September 2022) awarded in October 2021. After an analysis of grant awards awarded in October 2021, we tested 5 of 13 awards and found all 5 were not submitted timely to FFATA. Four (4) of the tested awards should have been reported to FFATA by 1/31/2022. The fifth award should have been reported to FFATA by 2/28/2022. They were all reported to FFATA on 7/28/2022. Those grant awards totaled $623,000. ?See Schedule of Findings and Questioned Costs for chart/table? 3. FFATA isn't being submitted for the following Assistance Listing numbers: 10.553, 10.555, 10.556 and 10.559. Because these Assistance Listing numbers are all included in one grant award, therefore, one FAIN number, they would all be reported in one FFATA report. The Department of Public Instruction did not report the subaward information for FAIN 223ND309N1099. After an analysis of these grant awards, 206 sponsors receiving total Federal grant payments over $30,000 should have been reported. Those grant payments totaled $168,897,721. The $169 million is based on payments made from 7/1/2020 - 6/30/2022. ?See Schedule of Findings and Questioned Costs for chart/table? CRITERIA Federal regulation 2 CFR 170, Appendix A requires a Federal Financial Assistance Transparency Act (FFATA) report for each subaward that equals or exceeds $30,000 no later than the end of the month following the month in which the obligation was made. The subaward information is then available to the public on the USA Spending website for transparency. 2 CFR 200.303(a) states that non-Federal entities must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Based on discussion with staff, a lack of understanding of FFATA reporting requirements resulted in the FFATA reporting errors. The Department of Public Instruction is only reporting FFATA for the Fresh Fruit and Vegetable program because the amounts given to sponsors is predetermined and not reimbursement based. For the other programs in the Child Nutrition Cluster, DPI does not report FFATA because they are meal count grants and amounts are not predetermined. There is no waiver or statement in the grant terms and conditions for the meal count grants saying that FFATA doesn?t need to be completed for these programs. The Department also couldn?t find a waiver or any information from their USDA contact saying that FFATA doesn?t need to be completed. Therefore, the FFATA should have been completed for all programs in the Child Nutrition Cluster. Because the awards to sponsors are not predetermined, the auditor is reporting grant payments during the audit period instead of award amounts. EFFECT Not meeting the FFATA requirements increases the likelihood that the public will not have access to transparent and accurate information regarding expenditures of Federal awards. Additionally, Federal regulations address actions that Federal agencies may impose if a state entity does not comply with the U.S. Constitution, Federal statutes, regulations, or the terms and conditions of a Federal award. According to 2 CFR 200.208(c), ?Specific conditions,? these actions may include ? requiring reimbursement instead of advance payments; ? not allowing the agency to proceed to the next phase until it submits evidence of acceptable performance; ? requiring additional, more detailed financial reports or additional project monitoring; ? requiring the agency to obtain technical or management assistance; or ? establishing other prior approvals. If the Federal agency determines the state agency cannot remedy its noncompliance through the above actions, 2 CFR 200.339, ?Remedies for noncompliance,? outlines additional actions the Federal agency may take. Depending on the circumstances, these actions may include ? temporarily withholding payments until the noncompliance has been corrected, ? denying the use of funds, ? partly or fully suspending or terminating the Federal award, ? suspending or debarring the agency, ? withholding further awards for the project or program, or ? pursuing other available legal remedies. CONTEXT There were 539 sponsors receiving Federal grant awards during our audit period totaling $174,653,181. Of those 539 sponsors, 233 (43%) were over the $30,000 threshold and should have been reported to FFATA, for a total of $172,004,887 (98%). Of the 233 sponsors over the $30,000 threshold, only 13 sponsors (6%) were reported to FFATA, totaling $1,513,512 (1%). This results in 220 sponsors receiving Federal grant awards (94%) not reported to FFATA, totaling $170,491,375 (99%). Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Not a repeat finding. RECOMMENDATION We recommend the Department of Public Instruction ensures timely and accurate submission of FFATA reports in accordance with Federal regulations and retain further instructions or waiver from the Federal agency. DEPARTMENT OF PUBLIC INSTRUCTION RESPONSE We agree with the finding. See ?Management?s Response and Corrective Action? section of this report.
?See Schedule of Findings and Questioned Costs for chart/table? CONDITION The Department of Public Instruction did not report Child Nutrition Cluster subawards to the Federal Funding Accountability and Transparency Act (FFATA) correctly. After testing FFATA reporting for the Child Nutrition Cluster, it was discovered that there were FFATA errors in the following three areas: 1. The Department of Public Instruction did not report the subaward information for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2021 grant year which runs from October 2020-September 2021. After an analysis of grant awards for that grant year, it was discovered that 14 subawards should have been reported to FFATA, totaling $1,593,654. ?See Schedule of Findings and Questioned Costs for chart/table? 2. The Department of Public Instruction did not report the subaward information timely for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2022 grant year awards (October 2021-September 2022) awarded in October 2021. After an analysis of grant awards awarded in October 2021, we tested 5 of 13 awards and found all 5 were not submitted timely to FFATA. Four (4) of the tested awards should have been reported to FFATA by 1/31/2022. The fifth award should have been reported to FFATA by 2/28/2022. They were all reported to FFATA on 7/28/2022. Those grant awards totaled $623,000. ?See Schedule of Findings and Questioned Costs for chart/table? 3. FFATA isn't being submitted for the following Assistance Listing numbers: 10.553, 10.555, 10.556 and 10.559. Because these Assistance Listing numbers are all included in one grant award, therefore, one FAIN number, they would all be reported in one FFATA report. The Department of Public Instruction did not report the subaward information for FAIN 223ND309N1099. After an analysis of these grant awards, 206 sponsors receiving total Federal grant payments over $30,000 should have been reported. Those grant payments totaled $168,897,721. The $169 million is based on payments made from 7/1/2020 - 6/30/2022. ?See Schedule of Findings and Questioned Costs for chart/table? CRITERIA Federal regulation 2 CFR 170, Appendix A requires a Federal Financial Assistance Transparency Act (FFATA) report for each subaward that equals or exceeds $30,000 no later than the end of the month following the month in which the obligation was made. The subaward information is then available to the public on the USA Spending website for transparency. 2 CFR 200.303(a) states that non-Federal entities must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Based on discussion with staff, a lack of understanding of FFATA reporting requirements resulted in the FFATA reporting errors. The Department of Public Instruction is only reporting FFATA for the Fresh Fruit and Vegetable program because the amounts given to sponsors is predetermined and not reimbursement based. For the other programs in the Child Nutrition Cluster, DPI does not report FFATA because they are meal count grants and amounts are not predetermined. There is no waiver or statement in the grant terms and conditions for the meal count grants saying that FFATA doesn?t need to be completed for these programs. The Department also couldn?t find a waiver or any information from their USDA contact saying that FFATA doesn?t need to be completed. Therefore, the FFATA should have been completed for all programs in the Child Nutrition Cluster. Because the awards to sponsors are not predetermined, the auditor is reporting grant payments during the audit period instead of award amounts. EFFECT Not meeting the FFATA requirements increases the likelihood that the public will not have access to transparent and accurate information regarding expenditures of Federal awards. Additionally, Federal regulations address actions that Federal agencies may impose if a state entity does not comply with the U.S. Constitution, Federal statutes, regulations, or the terms and conditions of a Federal award. According to 2 CFR 200.208(c), ?Specific conditions,? these actions may include ? requiring reimbursement instead of advance payments; ? not allowing the agency to proceed to the next phase until it submits evidence of acceptable performance; ? requiring additional, more detailed financial reports or additional project monitoring; ? requiring the agency to obtain technical or management assistance; or ? establishing other prior approvals. If the Federal agency determines the state agency cannot remedy its noncompliance through the above actions, 2 CFR 200.339, ?Remedies for noncompliance,? outlines additional actions the Federal agency may take. Depending on the circumstances, these actions may include ? temporarily withholding payments until the noncompliance has been corrected, ? denying the use of funds, ? partly or fully suspending or terminating the Federal award, ? suspending or debarring the agency, ? withholding further awards for the project or program, or ? pursuing other available legal remedies. CONTEXT There were 539 sponsors receiving Federal grant awards during our audit period totaling $174,653,181. Of those 539 sponsors, 233 (43%) were over the $30,000 threshold and should have been reported to FFATA, for a total of $172,004,887 (98%). Of the 233 sponsors over the $30,000 threshold, only 13 sponsors (6%) were reported to FFATA, totaling $1,513,512 (1%). This results in 220 sponsors receiving Federal grant awards (94%) not reported to FFATA, totaling $170,491,375 (99%). Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Not a repeat finding. RECOMMENDATION We recommend the Department of Public Instruction ensures timely and accurate submission of FFATA reports in accordance with Federal regulations and retain further instructions or waiver from the Federal agency. DEPARTMENT OF PUBLIC INSTRUCTION RESPONSE We agree with the finding. See ?Management?s Response and Corrective Action? section of this report.
?See Schedule of Findings and Questioned Costs for chart/table? CONDITION The Department of Public Instruction did not report Child Nutrition Cluster subawards to the Federal Funding Accountability and Transparency Act (FFATA) correctly. After testing FFATA reporting for the Child Nutrition Cluster, it was discovered that there were FFATA errors in the following three areas: 1. The Department of Public Instruction did not report the subaward information for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2021 grant year which runs from October 2020-September 2021. After an analysis of grant awards for that grant year, it was discovered that 14 subawards should have been reported to FFATA, totaling $1,593,654. ?See Schedule of Findings and Questioned Costs for chart/table? 2. The Department of Public Instruction did not report the subaward information timely for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2022 grant year awards (October 2021-September 2022) awarded in October 2021. After an analysis of grant awards awarded in October 2021, we tested 5 of 13 awards and found all 5 were not submitted timely to FFATA. Four (4) of the tested awards should have been reported to FFATA by 1/31/2022. The fifth award should have been reported to FFATA by 2/28/2022. They were all reported to FFATA on 7/28/2022. Those grant awards totaled $623,000. ?See Schedule of Findings and Questioned Costs for chart/table? 3. FFATA isn't being submitted for the following Assistance Listing numbers: 10.553, 10.555, 10.556 and 10.559. Because these Assistance Listing numbers are all included in one grant award, therefore, one FAIN number, they would all be reported in one FFATA report. The Department of Public Instruction did not report the subaward information for FAIN 223ND309N1099. After an analysis of these grant awards, 206 sponsors receiving total Federal grant payments over $30,000 should have been reported. Those grant payments totaled $168,897,721. The $169 million is based on payments made from 7/1/2020 - 6/30/2022. ?See Schedule of Findings and Questioned Costs for chart/table? CRITERIA Federal regulation 2 CFR 170, Appendix A requires a Federal Financial Assistance Transparency Act (FFATA) report for each subaward that equals or exceeds $30,000 no later than the end of the month following the month in which the obligation was made. The subaward information is then available to the public on the USA Spending website for transparency. 2 CFR 200.303(a) states that non-Federal entities must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Based on discussion with staff, a lack of understanding of FFATA reporting requirements resulted in the FFATA reporting errors. The Department of Public Instruction is only reporting FFATA for the Fresh Fruit and Vegetable program because the amounts given to sponsors is predetermined and not reimbursement based. For the other programs in the Child Nutrition Cluster, DPI does not report FFATA because they are meal count grants and amounts are not predetermined. There is no waiver or statement in the grant terms and conditions for the meal count grants saying that FFATA doesn?t need to be completed for these programs. The Department also couldn?t find a waiver or any information from their USDA contact saying that FFATA doesn?t need to be completed. Therefore, the FFATA should have been completed for all programs in the Child Nutrition Cluster. Because the awards to sponsors are not predetermined, the auditor is reporting grant payments during the audit period instead of award amounts. EFFECT Not meeting the FFATA requirements increases the likelihood that the public will not have access to transparent and accurate information regarding expenditures of Federal awards. Additionally, Federal regulations address actions that Federal agencies may impose if a state entity does not comply with the U.S. Constitution, Federal statutes, regulations, or the terms and conditions of a Federal award. According to 2 CFR 200.208(c), ?Specific conditions,? these actions may include ? requiring reimbursement instead of advance payments; ? not allowing the agency to proceed to the next phase until it submits evidence of acceptable performance; ? requiring additional, more detailed financial reports or additional project monitoring; ? requiring the agency to obtain technical or management assistance; or ? establishing other prior approvals. If the Federal agency determines the state agency cannot remedy its noncompliance through the above actions, 2 CFR 200.339, ?Remedies for noncompliance,? outlines additional actions the Federal agency may take. Depending on the circumstances, these actions may include ? temporarily withholding payments until the noncompliance has been corrected, ? denying the use of funds, ? partly or fully suspending or terminating the Federal award, ? suspending or debarring the agency, ? withholding further awards for the project or program, or ? pursuing other available legal remedies. CONTEXT There were 539 sponsors receiving Federal grant awards during our audit period totaling $174,653,181. Of those 539 sponsors, 233 (43%) were over the $30,000 threshold and should have been reported to FFATA, for a total of $172,004,887 (98%). Of the 233 sponsors over the $30,000 threshold, only 13 sponsors (6%) were reported to FFATA, totaling $1,513,512 (1%). This results in 220 sponsors receiving Federal grant awards (94%) not reported to FFATA, totaling $170,491,375 (99%). Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Not a repeat finding. RECOMMENDATION We recommend the Department of Public Instruction ensures timely and accurate submission of FFATA reports in accordance with Federal regulations and retain further instructions or waiver from the Federal agency. DEPARTMENT OF PUBLIC INSTRUCTION RESPONSE We agree with the finding. See ?Management?s Response and Corrective Action? section of this report.
?See Schedule of Findings and Questioned Costs for chart/table? CONDITION The Department of Public Instruction did not report Child Nutrition Cluster subawards to the Federal Funding Accountability and Transparency Act (FFATA) correctly. After testing FFATA reporting for the Child Nutrition Cluster, it was discovered that there were FFATA errors in the following three areas: 1. The Department of Public Instruction did not report the subaward information for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2021 grant year which runs from October 2020-September 2021. After an analysis of grant awards for that grant year, it was discovered that 14 subawards should have been reported to FFATA, totaling $1,593,654. ?See Schedule of Findings and Questioned Costs for chart/table? 2. The Department of Public Instruction did not report the subaward information timely for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2022 grant year awards (October 2021-September 2022) awarded in October 2021. After an analysis of grant awards awarded in October 2021, we tested 5 of 13 awards and found all 5 were not submitted timely to FFATA. Four (4) of the tested awards should have been reported to FFATA by 1/31/2022. The fifth award should have been reported to FFATA by 2/28/2022. They were all reported to FFATA on 7/28/2022. Those grant awards totaled $623,000. ?See Schedule of Findings and Questioned Costs for chart/table? 3. FFATA isn't being submitted for the following Assistance Listing numbers: 10.553, 10.555, 10.556 and 10.559. Because these Assistance Listing numbers are all included in one grant award, therefore, one FAIN number, they would all be reported in one FFATA report. The Department of Public Instruction did not report the subaward information for FAIN 223ND309N1099. After an analysis of these grant awards, 206 sponsors receiving total Federal grant payments over $30,000 should have been reported. Those grant payments totaled $168,897,721. The $169 million is based on payments made from 7/1/2020 - 6/30/2022. ?See Schedule of Findings and Questioned Costs for chart/table? CRITERIA Federal regulation 2 CFR 170, Appendix A requires a Federal Financial Assistance Transparency Act (FFATA) report for each subaward that equals or exceeds $30,000 no later than the end of the month following the month in which the obligation was made. The subaward information is then available to the public on the USA Spending website for transparency. 2 CFR 200.303(a) states that non-Federal entities must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Based on discussion with staff, a lack of understanding of FFATA reporting requirements resulted in the FFATA reporting errors. The Department of Public Instruction is only reporting FFATA for the Fresh Fruit and Vegetable program because the amounts given to sponsors is predetermined and not reimbursement based. For the other programs in the Child Nutrition Cluster, DPI does not report FFATA because they are meal count grants and amounts are not predetermined. There is no waiver or statement in the grant terms and conditions for the meal count grants saying that FFATA doesn?t need to be completed for these programs. The Department also couldn?t find a waiver or any information from their USDA contact saying that FFATA doesn?t need to be completed. Therefore, the FFATA should have been completed for all programs in the Child Nutrition Cluster. Because the awards to sponsors are not predetermined, the auditor is reporting grant payments during the audit period instead of award amounts. EFFECT Not meeting the FFATA requirements increases the likelihood that the public will not have access to transparent and accurate information regarding expenditures of Federal awards. Additionally, Federal regulations address actions that Federal agencies may impose if a state entity does not comply with the U.S. Constitution, Federal statutes, regulations, or the terms and conditions of a Federal award. According to 2 CFR 200.208(c), ?Specific conditions,? these actions may include ? requiring reimbursement instead of advance payments; ? not allowing the agency to proceed to the next phase until it submits evidence of acceptable performance; ? requiring additional, more detailed financial reports or additional project monitoring; ? requiring the agency to obtain technical or management assistance; or ? establishing other prior approvals. If the Federal agency determines the state agency cannot remedy its noncompliance through the above actions, 2 CFR 200.339, ?Remedies for noncompliance,? outlines additional actions the Federal agency may take. Depending on the circumstances, these actions may include ? temporarily withholding payments until the noncompliance has been corrected, ? denying the use of funds, ? partly or fully suspending or terminating the Federal award, ? suspending or debarring the agency, ? withholding further awards for the project or program, or ? pursuing other available legal remedies. CONTEXT There were 539 sponsors receiving Federal grant awards during our audit period totaling $174,653,181. Of those 539 sponsors, 233 (43%) were over the $30,000 threshold and should have been reported to FFATA, for a total of $172,004,887 (98%). Of the 233 sponsors over the $30,000 threshold, only 13 sponsors (6%) were reported to FFATA, totaling $1,513,512 (1%). This results in 220 sponsors receiving Federal grant awards (94%) not reported to FFATA, totaling $170,491,375 (99%). Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Not a repeat finding. RECOMMENDATION We recommend the Department of Public Instruction ensures timely and accurate submission of FFATA reports in accordance with Federal regulations and retain further instructions or waiver from the Federal agency. DEPARTMENT OF PUBLIC INSTRUCTION RESPONSE We agree with the finding. See ?Management?s Response and Corrective Action? section of this report.
?See Schedule of Findings and Questioned Costs for chart/table? CONDITION The Department of Public Instruction did not report Child Nutrition Cluster subawards to the Federal Funding Accountability and Transparency Act (FFATA) correctly. After testing FFATA reporting for the Child Nutrition Cluster, it was discovered that there were FFATA errors in the following three areas: 1. The Department of Public Instruction did not report the subaward information for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2021 grant year which runs from October 2020-September 2021. After an analysis of grant awards for that grant year, it was discovered that 14 subawards should have been reported to FFATA, totaling $1,593,654. ?See Schedule of Findings and Questioned Costs for chart/table? 2. The Department of Public Instruction did not report the subaward information timely for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2022 grant year awards (October 2021-September 2022) awarded in October 2021. After an analysis of grant awards awarded in October 2021, we tested 5 of 13 awards and found all 5 were not submitted timely to FFATA. Four (4) of the tested awards should have been reported to FFATA by 1/31/2022. The fifth award should have been reported to FFATA by 2/28/2022. They were all reported to FFATA on 7/28/2022. Those grant awards totaled $623,000. ?See Schedule of Findings and Questioned Costs for chart/table? 3. FFATA isn't being submitted for the following Assistance Listing numbers: 10.553, 10.555, 10.556 and 10.559. Because these Assistance Listing numbers are all included in one grant award, therefore, one FAIN number, they would all be reported in one FFATA report. The Department of Public Instruction did not report the subaward information for FAIN 223ND309N1099. After an analysis of these grant awards, 206 sponsors receiving total Federal grant payments over $30,000 should have been reported. Those grant payments totaled $168,897,721. The $169 million is based on payments made from 7/1/2020 - 6/30/2022. ?See Schedule of Findings and Questioned Costs for chart/table? CRITERIA Federal regulation 2 CFR 170, Appendix A requires a Federal Financial Assistance Transparency Act (FFATA) report for each subaward that equals or exceeds $30,000 no later than the end of the month following the month in which the obligation was made. The subaward information is then available to the public on the USA Spending website for transparency. 2 CFR 200.303(a) states that non-Federal entities must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Based on discussion with staff, a lack of understanding of FFATA reporting requirements resulted in the FFATA reporting errors. The Department of Public Instruction is only reporting FFATA for the Fresh Fruit and Vegetable program because the amounts given to sponsors is predetermined and not reimbursement based. For the other programs in the Child Nutrition Cluster, DPI does not report FFATA because they are meal count grants and amounts are not predetermined. There is no waiver or statement in the grant terms and conditions for the meal count grants saying that FFATA doesn?t need to be completed for these programs. The Department also couldn?t find a waiver or any information from their USDA contact saying that FFATA doesn?t need to be completed. Therefore, the FFATA should have been completed for all programs in the Child Nutrition Cluster. Because the awards to sponsors are not predetermined, the auditor is reporting grant payments during the audit period instead of award amounts. EFFECT Not meeting the FFATA requirements increases the likelihood that the public will not have access to transparent and accurate information regarding expenditures of Federal awards. Additionally, Federal regulations address actions that Federal agencies may impose if a state entity does not comply with the U.S. Constitution, Federal statutes, regulations, or the terms and conditions of a Federal award. According to 2 CFR 200.208(c), ?Specific conditions,? these actions may include ? requiring reimbursement instead of advance payments; ? not allowing the agency to proceed to the next phase until it submits evidence of acceptable performance; ? requiring additional, more detailed financial reports or additional project monitoring; ? requiring the agency to obtain technical or management assistance; or ? establishing other prior approvals. If the Federal agency determines the state agency cannot remedy its noncompliance through the above actions, 2 CFR 200.339, ?Remedies for noncompliance,? outlines additional actions the Federal agency may take. Depending on the circumstances, these actions may include ? temporarily withholding payments until the noncompliance has been corrected, ? denying the use of funds, ? partly or fully suspending or terminating the Federal award, ? suspending or debarring the agency, ? withholding further awards for the project or program, or ? pursuing other available legal remedies. CONTEXT There were 539 sponsors receiving Federal grant awards during our audit period totaling $174,653,181. Of those 539 sponsors, 233 (43%) were over the $30,000 threshold and should have been reported to FFATA, for a total of $172,004,887 (98%). Of the 233 sponsors over the $30,000 threshold, only 13 sponsors (6%) were reported to FFATA, totaling $1,513,512 (1%). This results in 220 sponsors receiving Federal grant awards (94%) not reported to FFATA, totaling $170,491,375 (99%). Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Not a repeat finding. RECOMMENDATION We recommend the Department of Public Instruction ensures timely and accurate submission of FFATA reports in accordance with Federal regulations and retain further instructions or waiver from the Federal agency. DEPARTMENT OF PUBLIC INSTRUCTION RESPONSE We agree with the finding. See ?Management?s Response and Corrective Action? section of this report.
?See Schedule of Findings and Questioned Costs for chart/table? CONDITION The Department of Public Instruction did not report Child Nutrition Cluster subawards to the Federal Funding Accountability and Transparency Act (FFATA) correctly. After testing FFATA reporting for the Child Nutrition Cluster, it was discovered that there were FFATA errors in the following three areas: 1. The Department of Public Instruction did not report the subaward information for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2021 grant year which runs from October 2020-September 2021. After an analysis of grant awards for that grant year, it was discovered that 14 subawards should have been reported to FFATA, totaling $1,593,654. ?See Schedule of Findings and Questioned Costs for chart/table? 2. The Department of Public Instruction did not report the subaward information timely for the Fresh Fruit and Vegetable program (Assistance Listing number 10.582) for the 2022 grant year awards (October 2021-September 2022) awarded in October 2021. After an analysis of grant awards awarded in October 2021, we tested 5 of 13 awards and found all 5 were not submitted timely to FFATA. Four (4) of the tested awards should have been reported to FFATA by 1/31/2022. The fifth award should have been reported to FFATA by 2/28/2022. They were all reported to FFATA on 7/28/2022. Those grant awards totaled $623,000. ?See Schedule of Findings and Questioned Costs for chart/table? 3. FFATA isn't being submitted for the following Assistance Listing numbers: 10.553, 10.555, 10.556 and 10.559. Because these Assistance Listing numbers are all included in one grant award, therefore, one FAIN number, they would all be reported in one FFATA report. The Department of Public Instruction did not report the subaward information for FAIN 223ND309N1099. After an analysis of these grant awards, 206 sponsors receiving total Federal grant payments over $30,000 should have been reported. Those grant payments totaled $168,897,721. The $169 million is based on payments made from 7/1/2020 - 6/30/2022. ?See Schedule of Findings and Questioned Costs for chart/table? CRITERIA Federal regulation 2 CFR 170, Appendix A requires a Federal Financial Assistance Transparency Act (FFATA) report for each subaward that equals or exceeds $30,000 no later than the end of the month following the month in which the obligation was made. The subaward information is then available to the public on the USA Spending website for transparency. 2 CFR 200.303(a) states that non-Federal entities must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. CAUSE Based on discussion with staff, a lack of understanding of FFATA reporting requirements resulted in the FFATA reporting errors. The Department of Public Instruction is only reporting FFATA for the Fresh Fruit and Vegetable program because the amounts given to sponsors is predetermined and not reimbursement based. For the other programs in the Child Nutrition Cluster, DPI does not report FFATA because they are meal count grants and amounts are not predetermined. There is no waiver or statement in the grant terms and conditions for the meal count grants saying that FFATA doesn?t need to be completed for these programs. The Department also couldn?t find a waiver or any information from their USDA contact saying that FFATA doesn?t need to be completed. Therefore, the FFATA should have been completed for all programs in the Child Nutrition Cluster. Because the awards to sponsors are not predetermined, the auditor is reporting grant payments during the audit period instead of award amounts. EFFECT Not meeting the FFATA requirements increases the likelihood that the public will not have access to transparent and accurate information regarding expenditures of Federal awards. Additionally, Federal regulations address actions that Federal agencies may impose if a state entity does not comply with the U.S. Constitution, Federal statutes, regulations, or the terms and conditions of a Federal award. According to 2 CFR 200.208(c), ?Specific conditions,? these actions may include ? requiring reimbursement instead of advance payments; ? not allowing the agency to proceed to the next phase until it submits evidence of acceptable performance; ? requiring additional, more detailed financial reports or additional project monitoring; ? requiring the agency to obtain technical or management assistance; or ? establishing other prior approvals. If the Federal agency determines the state agency cannot remedy its noncompliance through the above actions, 2 CFR 200.339, ?Remedies for noncompliance,? outlines additional actions the Federal agency may take. Depending on the circumstances, these actions may include ? temporarily withholding payments until the noncompliance has been corrected, ? denying the use of funds, ? partly or fully suspending or terminating the Federal award, ? suspending or debarring the agency, ? withholding further awards for the project or program, or ? pursuing other available legal remedies. CONTEXT There were 539 sponsors receiving Federal grant awards during our audit period totaling $174,653,181. Of those 539 sponsors, 233 (43%) were over the $30,000 threshold and should have been reported to FFATA, for a total of $172,004,887 (98%). Of the 233 sponsors over the $30,000 threshold, only 13 sponsors (6%) were reported to FFATA, totaling $1,513,512 (1%). This results in 220 sponsors receiving Federal grant awards (94%) not reported to FFATA, totaling $170,491,375 (99%). Where sampling was performed, the audit used a non-statistical sampling method. IDENTIFICATION AS A REPEAT FINDING Not a repeat finding. RECOMMENDATION We recommend the Department of Public Instruction ensures timely and accurate submission of FFATA reports in accordance with Federal regulations and retain further instructions or waiver from the Federal agency. DEPARTMENT OF PUBLIC INSTRUCTION RESPONSE We agree with the finding. See ?Management?s Response and Corrective Action? section of this report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.