Subrecipient Monitoring Federal Department – U.S. Department of Health and Human Services Federal Award Identification Number and Year: NH75OT000024 and 2021 COVID-19 - Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises, Federal Assistance Listing #93.391 County Department – Department of Public Health Finding 2023 – 005 CRITERIA 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, Subpart D—Post Federal Award Requirements Standards for Financial and Program Management, Section 200.332. Requirements for pass-through entities, requires that “All pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F—Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in Section 200.208 Specific conditions. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by Section 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in Section 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F— Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501 Audit requirements. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in Section 200.338 Remedies for noncompliance of this part and in program regulations.” CONDITION During the current audit period, the Cook County Department of Public Health (DPH) did not adequately comply with its subrecipient monitoring requirements in accordance with federal regulations. CAUSE Based on discussions with management, the cause of this finding was due to DPH/CCH identifying a consultant agency to conduct the subrecipient monitoring; this was accomplished October 2023. Current Status: These documents were created, shared with the auditor pending management approval; 1) Subrecipient Monitoring Policy 2). Subrecipient Commitment Form 3). Subrecipient Determination Tool 4). Subrecipient Risk Assessment and Monitoring Guide. EFFECT Failure to adequately monitor the activities and performance of a subrecipient could result in Federal awards being used for unauthorized purposes and DPH’s inability to adequately perform risk assessments on its subrecipient(s). QUESTIONED COSTS None. CONTEXT During the prior audit period, we noted 6 instances (of 27 subrecipients), whereby adequate documentation was not maintained to support both the financial and programmatic monitoring of these subrecipients. Also, we noted no evidence of the performance of subrecipients’ risk assessment and whether the subrecipients were required to have a Single audit conducted. This resulted in the 2022 audit finding and subsequent corrective action planned prepared by DPH to address the finding, which was anticipated to be completed by December 31, 2023. During the current audit period, we received DPH’s current year status of the prior audit finding, noting that risk assessment and monitoring will be ongoing during the 2023 Single audit. To assess the current year’s status, we reviewed 5 of 35 subrecipients, noting that risk assessments were conducted in April 2024. We also noted that 4 of the 5 subrecipients reviewed were subject to a Single Audit per the risk assessment documentation. However, we noted no evidence financial monitoring conducted, including whether a Single Audit report was obtained and reviewed by DPH. IDENTIFICATION OF REPEATED FINDINGS Repeated (Prior Finding No. 2022-009) RECOMMENDATION We recommend DPH implement its prior corrective action plan for any future subrecipients awarded under the federal program. Also, procedures should be in place to adequately document financial monitoring conducted, as well as the review of the Single Audit report, as required by federal regulations. VIEWS OF RESPONSIBLE OFFICIALS AND PLANNED CORRECTIVE ACTIONS The County agrees with the finding and recommendation. The County’s corrective action plan is on page 56.
Subrecipient Monitoring Federal Department – U.S. Department of Health and Human Services Federal Award Identification Number and Year: NU58DP006993 and 2022/2023 COVID-19 - Community Health Workers for Public Health Response and Resilient, Federal Assistance Listing #93.495 County Department – Department of Public Health Finding 2023 – 006 CRITERIA 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, Subpart D—Post Federal Award Requirements Standards for Financial and Program Management, Section 200.332. Requirements for pass-through entities, requires that “All pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F—Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in Section 200.208 Specific conditions. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by Section 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in Section 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F— Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501 Audit requirements. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in Section 200.338 Remedies for noncompliance of this part and in program regulations.” CONDITION During the current audit period, the Cook County Department of Public Health (DPH) did not perform adequate monitoring of its subrecipients as required by Federal regulations. CAUSE Based on discussions with management, the cause of this finding was due to DPH/CCH identifying a consultant agency to conduct the subrecipient monitoring; this was accomplished October 2023. Current Status: These documents were created, shared with the auditor pending management approval; 1) Subrecipient Monitoring Policy 2). Subrecipient Commitment Form 3). Subrecipient Determination Tool 4). Subrecipient Risk Assessment and Monitoring Guide. EFFECT Failure to adequately monitor the activities and performance of a subrecipient could result in Federal awards being used for unauthorized purposes and DPH’s inability to adequately perform risk assessments on its subrecipient(s). QUESTIONED COSTS None. CONTEXT During the current audit period, we noted 12 subrecipients were awarded funds. During our review of three (3) subrecipients, we noted the following: For all three subrecipients, we noted that adequate documentation was not maintained to support the financial monitoring of these subrecipients. Also, no documentation was provided to verify whether the subrecipients were required to have a Single Audit conducted, including DPH’s review of the report, and if applicable, issuance of a management decision on audit findings noted as required by 2 CFR 200.332d(3). For one subrecipient, we noted documentation was not maintained to support DPH’s evaluation of the subrecipient’s risk of noncompliance and the frequency of monitoring to be conducted by DPH based on the assessed risk. IDENTIFICATION OF REPEATED FINDINGS None. RECOMMENDATION We recommend DPH implement procedures to ensure that adequate documentation is maintained to support financial monitoring conducted, evaluation of each subrecipient’s risk of noncompliance and review of the Single Audit report, as required by federal regulations. VIEWS OF RESPONSIBLE OFFICIALS AND PLANNED CORRECTIVE ACTIONS The County agrees with the finding and recommendation. The County’s corrective action plan is on page 56.
Subrecipient Monitoring Federal Department – U.S. Department of Health and Human Services Federal Award Identification Number and Year: NH75OT000024 and 2021 COVID-19 - Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises, Federal Assistance Listing #93.391 County Department – Department of Public Health Finding 2023 – 005 CRITERIA 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, Subpart D—Post Federal Award Requirements Standards for Financial and Program Management, Section 200.332. Requirements for pass-through entities, requires that “All pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F—Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in Section 200.208 Specific conditions. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by Section 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in Section 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F— Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501 Audit requirements. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in Section 200.338 Remedies for noncompliance of this part and in program regulations.” CONDITION During the current audit period, the Cook County Department of Public Health (DPH) did not adequately comply with its subrecipient monitoring requirements in accordance with federal regulations. CAUSE Based on discussions with management, the cause of this finding was due to DPH/CCH identifying a consultant agency to conduct the subrecipient monitoring; this was accomplished October 2023. Current Status: These documents were created, shared with the auditor pending management approval; 1) Subrecipient Monitoring Policy 2). Subrecipient Commitment Form 3). Subrecipient Determination Tool 4). Subrecipient Risk Assessment and Monitoring Guide. EFFECT Failure to adequately monitor the activities and performance of a subrecipient could result in Federal awards being used for unauthorized purposes and DPH’s inability to adequately perform risk assessments on its subrecipient(s). QUESTIONED COSTS None. CONTEXT During the prior audit period, we noted 6 instances (of 27 subrecipients), whereby adequate documentation was not maintained to support both the financial and programmatic monitoring of these subrecipients. Also, we noted no evidence of the performance of subrecipients’ risk assessment and whether the subrecipients were required to have a Single audit conducted. This resulted in the 2022 audit finding and subsequent corrective action planned prepared by DPH to address the finding, which was anticipated to be completed by December 31, 2023. During the current audit period, we received DPH’s current year status of the prior audit finding, noting that risk assessment and monitoring will be ongoing during the 2023 Single audit. To assess the current year’s status, we reviewed 5 of 35 subrecipients, noting that risk assessments were conducted in April 2024. We also noted that 4 of the 5 subrecipients reviewed were subject to a Single Audit per the risk assessment documentation. However, we noted no evidence financial monitoring conducted, including whether a Single Audit report was obtained and reviewed by DPH. IDENTIFICATION OF REPEATED FINDINGS Repeated (Prior Finding No. 2022-009) RECOMMENDATION We recommend DPH implement its prior corrective action plan for any future subrecipients awarded under the federal program. Also, procedures should be in place to adequately document financial monitoring conducted, as well as the review of the Single Audit report, as required by federal regulations. VIEWS OF RESPONSIBLE OFFICIALS AND PLANNED CORRECTIVE ACTIONS The County agrees with the finding and recommendation. The County’s corrective action plan is on page 56.
Subrecipient Monitoring Federal Department – U.S. Department of Health and Human Services Federal Award Identification Number and Year: NU58DP006993 and 2022/2023 COVID-19 - Community Health Workers for Public Health Response and Resilient, Federal Assistance Listing #93.495 County Department – Department of Public Health Finding 2023 – 006 CRITERIA 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, Subpart D—Post Federal Award Requirements Standards for Financial and Program Management, Section 200.332. Requirements for pass-through entities, requires that “All pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F—Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in Section 200.208 Specific conditions. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by Section 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in Section 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F— Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501 Audit requirements. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in Section 200.338 Remedies for noncompliance of this part and in program regulations.” CONDITION During the current audit period, the Cook County Department of Public Health (DPH) did not perform adequate monitoring of its subrecipients as required by Federal regulations. CAUSE Based on discussions with management, the cause of this finding was due to DPH/CCH identifying a consultant agency to conduct the subrecipient monitoring; this was accomplished October 2023. Current Status: These documents were created, shared with the auditor pending management approval; 1) Subrecipient Monitoring Policy 2). Subrecipient Commitment Form 3). Subrecipient Determination Tool 4). Subrecipient Risk Assessment and Monitoring Guide. EFFECT Failure to adequately monitor the activities and performance of a subrecipient could result in Federal awards being used for unauthorized purposes and DPH’s inability to adequately perform risk assessments on its subrecipient(s). QUESTIONED COSTS None. CONTEXT During the current audit period, we noted 12 subrecipients were awarded funds. During our review of three (3) subrecipients, we noted the following: For all three subrecipients, we noted that adequate documentation was not maintained to support the financial monitoring of these subrecipients. Also, no documentation was provided to verify whether the subrecipients were required to have a Single Audit conducted, including DPH’s review of the report, and if applicable, issuance of a management decision on audit findings noted as required by 2 CFR 200.332d(3). For one subrecipient, we noted documentation was not maintained to support DPH’s evaluation of the subrecipient’s risk of noncompliance and the frequency of monitoring to be conducted by DPH based on the assessed risk. IDENTIFICATION OF REPEATED FINDINGS None. RECOMMENDATION We recommend DPH implement procedures to ensure that adequate documentation is maintained to support financial monitoring conducted, evaluation of each subrecipient’s risk of noncompliance and review of the Single Audit report, as required by federal regulations. VIEWS OF RESPONSIBLE OFFICIALS AND PLANNED CORRECTIVE ACTIONS The County agrees with the finding and recommendation. The County’s corrective action plan is on page 56.
Assistance Listing Number, Federal Agency, and Program Name - 10.557, U.S. Department of Agriculture - WIC Special Supplemental Nutrition Program for Women, Infants, and Children Federal Award Identification Number and Year - E20233245-00 and E20234077-00 Pass-through Entity - Michigan Department of Health and Human Services Finding Type - Material weakness and material noncompliance with laws and regulations Repeat Finding - Yes; 2022-011 Criteria - Per 2 CFR 200.501(g), federal award compliance requirements normally do not pass through to contractors. However, the grant recipient is responsible for ensuring compliance for procurement transactions, which are structured such that the contractor is responsible for program compliance or the contractor’s records must be reviewed to determine program compliance. Condition - Controls in place were not adequate to ensure the County maintained responsibility for compliance with eligibility standards when eligibility determinations are made by the contractor. Questioned Costs - None Identification of How Questioned Costs Were Computed - Not applicable, as there are no questioned costs Context - During eligibility testing, we noted 31 out of 60 eligibility samples where employees of the contractor performed both the intake and the certification and review function, with no further review by a county representative. Cause and Effect - The County is subject to the MI-WIC Policy issued by the Michigan Department of Health and Human Services, which stresses the importance of maintaining appropriate separation of duties when performing the intake and certification of eligible program participants. While the County has designed its controls in conjunction with the MI-WIC Policy guidance, these controls are not adequate to ensure compliance with the Uniform Guidance, which requires the County have controls in place to ensure that a representative of the County performs a review of eligibility intake and certification performed by contractor employees. Recommendation - We recommend the County implement a process by which a county representative performs a review of contractor eligibility determinations. Views of Responsible Officials and Corrective Action Plan - Management has fully implemented a process, as of January 2024, by which a county representative performs a review of contractor eligibility determinations.
Assistance Listing Number, Federal Agency, and Program Name - 10.557, U.S. Department of Agriculture - WIC Special Supplemental Nutrition Program for Women, Infants, and Children Federal Award Identification Number and Year - E20233245-00 and E20234077-00 Pass-through Entity - Michigan Department of Health and Human Services Finding Type - Material weakness and material noncompliance with laws and regulations Repeat Finding - Yes; 2022-011 Criteria - Per 2 CFR 200.501(g), federal award compliance requirements normally do not pass through to contractors. However, the grant recipient is responsible for ensuring compliance for procurement transactions, which are structured such that the contractor is responsible for program compliance or the contractor’s records must be reviewed to determine program compliance. Condition - Controls in place were not adequate to ensure the County maintained responsibility for compliance with eligibility standards when eligibility determinations are made by the contractor. Questioned Costs - None Identification of How Questioned Costs Were Computed - Not applicable, as there are no questioned costs Context - During eligibility testing, we noted 31 out of 60 eligibility samples where employees of the contractor performed both the intake and the certification and review function, with no further review by a county representative. Cause and Effect - The County is subject to the MI-WIC Policy issued by the Michigan Department of Health and Human Services, which stresses the importance of maintaining appropriate separation of duties when performing the intake and certification of eligible program participants. While the County has designed its controls in conjunction with the MI-WIC Policy guidance, these controls are not adequate to ensure compliance with the Uniform Guidance, which requires the County have controls in place to ensure that a representative of the County performs a review of eligibility intake and certification performed by contractor employees. Recommendation - We recommend the County implement a process by which a county representative performs a review of contractor eligibility determinations. Views of Responsible Officials and Corrective Action Plan - Management has fully implemented a process, as of January 2024, by which a county representative performs a review of contractor eligibility determinations.
Information on the Federal Program: Federal Agency: U.S. Department of Treasury Federal Program: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number 21.027 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Controls over Compliance, Modified Opinion Criteria: Title 2 U.S. Code of Federal Regulations (CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Section 200.332, Requirements for pass-through entities, states "All pass-through entities must: (a) ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward; (b) evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring; (c) consider imposing specific subaward conditions upon a subrecipient if appropriate as described in Section 200.208 (Specific conditions); (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved; (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501. 2 CFR 200.303 states in part: "The non-Federal enity must (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award." Condition: The City received a total State and Local Fiscal Recovery Funds (SLFRF) allocation of $3,431,839. In its March, 2022, Project and Expenditures Report, the City elected to use the standard allowance for identifying revenue loss and reported its Revenue Loss Due to Covid-19 Public Health Emergency as $3,431,839. During fiscal year ended September 30, 2023, the City made payments from its SLFRF federal award, totaling $1,600,000, to another local government entity for materials used by the other government for a water line project. The payments were supported by an invoice from the other government, to which were attached copies of invoices submitted to the other government by its vendors. The City reported in its March, 2023, Project and Expenditures Report that the payments were made under the Infrastructure: Drinking water: Transmission & distribution Project Expenditure Category and Subcategory. The City also reported the transactions as a subaward, including identification of the subrecipient, and reported each of the payments to the subrecipient in the Expenditures section, in that Project and Expenditures Report. The City was unable to provide: a copy of the subaward agreement that clearly identified the subaward to the subrecipient as a subaward and that included the information required by Section 200.332(a); supporting documentation that the City evaluated the subrecipient's risk of noncompliance as required by Section 200.332(b); supporting documentation that the City monitored the activities of the subrecipient as required by Section 200.332 (d); and/or supporting documentation that the City verified that the subrecipient was audited as required by Subpart F. Cause: The City did not have adequate internal controls to ensure compliance with the Subrecipient Monitoring compliance requirement. The City's past federal awards experience did not involve or include subawards. Effect or Potential Effect: Noncompliance by the subrecipient may occur due to the subrecipient not being aware of the federal program's requirements and due to the City not sufficiently monitoring the subrecipient. Recommendation: We recommend that management of the City design and implement a comprehensive system of internal controls over federal award compliance, including development of policies and procedures to ensure compliance with the Subrecipient Monitoring compliance requirement. Views of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Assistance Listing Number, Federal Agency, and Program Name - 10.557, U.S. Department of Agriculture - WIC Special Supplemental Nutrition Program for Women, Infants, and Children Federal Award Identification Number and Year - E20233245-00 and E20234077-00 Pass-through Entity - Michigan Department of Health and Human Services Finding Type - Material weakness and material noncompliance with laws and regulations Repeat Finding - Yes; 2022-011 Criteria - Per 2 CFR 200.501(g), federal award compliance requirements normally do not pass through to contractors. However, the grant recipient is responsible for ensuring compliance for procurement transactions, which are structured such that the contractor is responsible for program compliance or the contractor’s records must be reviewed to determine program compliance. Condition - Controls in place were not adequate to ensure the County maintained responsibility for compliance with eligibility standards when eligibility determinations are made by the contractor. Questioned Costs - None Identification of How Questioned Costs Were Computed - Not applicable, as there are no questioned costs Context - During eligibility testing, we noted 31 out of 60 eligibility samples where employees of the contractor performed both the intake and the certification and review function, with no further review by a county representative. Cause and Effect - The County is subject to the MI-WIC Policy issued by the Michigan Department of Health and Human Services, which stresses the importance of maintaining appropriate separation of duties when performing the intake and certification of eligible program participants. While the County has designed its controls in conjunction with the MI-WIC Policy guidance, these controls are not adequate to ensure compliance with the Uniform Guidance, which requires the County have controls in place to ensure that a representative of the County performs a review of eligibility intake and certification performed by contractor employees. Recommendation - We recommend the County implement a process by which a county representative performs a review of contractor eligibility determinations. Views of Responsible Officials and Corrective Action Plan - Management has fully implemented a process, as of January 2024, by which a county representative performs a review of contractor eligibility determinations.
Assistance Listing Number, Federal Agency, and Program Name - 10.557, U.S. Department of Agriculture - WIC Special Supplemental Nutrition Program for Women, Infants, and Children Federal Award Identification Number and Year - E20233245-00 and E20234077-00 Pass-through Entity - Michigan Department of Health and Human Services Finding Type - Material weakness and material noncompliance with laws and regulations Repeat Finding - Yes; 2022-011 Criteria - Per 2 CFR 200.501(g), federal award compliance requirements normally do not pass through to contractors. However, the grant recipient is responsible for ensuring compliance for procurement transactions, which are structured such that the contractor is responsible for program compliance or the contractor’s records must be reviewed to determine program compliance. Condition - Controls in place were not adequate to ensure the County maintained responsibility for compliance with eligibility standards when eligibility determinations are made by the contractor. Questioned Costs - None Identification of How Questioned Costs Were Computed - Not applicable, as there are no questioned costs Context - During eligibility testing, we noted 31 out of 60 eligibility samples where employees of the contractor performed both the intake and the certification and review function, with no further review by a county representative. Cause and Effect - The County is subject to the MI-WIC Policy issued by the Michigan Department of Health and Human Services, which stresses the importance of maintaining appropriate separation of duties when performing the intake and certification of eligible program participants. While the County has designed its controls in conjunction with the MI-WIC Policy guidance, these controls are not adequate to ensure compliance with the Uniform Guidance, which requires the County have controls in place to ensure that a representative of the County performs a review of eligibility intake and certification performed by contractor employees. Recommendation - We recommend the County implement a process by which a county representative performs a review of contractor eligibility determinations. Views of Responsible Officials and Corrective Action Plan - Management has fully implemented a process, as of January 2024, by which a county representative performs a review of contractor eligibility determinations.
Information on the Federal Program: Federal Agency: U.S. Department of Treasury Federal Program: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number 21.027 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Controls over Compliance, Modified Opinion Criteria: Title 2 U.S. Code of Federal Regulations (CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Section 200.332, Requirements for pass-through entities, states "All pass-through entities must: (a) ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward; (b) evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring; (c) consider imposing specific subaward conditions upon a subrecipient if appropriate as described in Section 200.208 (Specific conditions); (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved; (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501. 2 CFR 200.303 states in part: "The non-Federal enity must (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award." Condition: The City received a total State and Local Fiscal Recovery Funds (SLFRF) allocation of $3,431,839. In its March, 2022, Project and Expenditures Report, the City elected to use the standard allowance for identifying revenue loss and reported its Revenue Loss Due to Covid-19 Public Health Emergency as $3,431,839. During fiscal year ended September 30, 2023, the City made payments from its SLFRF federal award, totaling $1,600,000, to another local government entity for materials used by the other government for a water line project. The payments were supported by an invoice from the other government, to which were attached copies of invoices submitted to the other government by its vendors. The City reported in its March, 2023, Project and Expenditures Report that the payments were made under the Infrastructure: Drinking water: Transmission & distribution Project Expenditure Category and Subcategory. The City also reported the transactions as a subaward, including identification of the subrecipient, and reported each of the payments to the subrecipient in the Expenditures section, in that Project and Expenditures Report. The City was unable to provide: a copy of the subaward agreement that clearly identified the subaward to the subrecipient as a subaward and that included the information required by Section 200.332(a); supporting documentation that the City evaluated the subrecipient's risk of noncompliance as required by Section 200.332(b); supporting documentation that the City monitored the activities of the subrecipient as required by Section 200.332 (d); and/or supporting documentation that the City verified that the subrecipient was audited as required by Subpart F. Cause: The City did not have adequate internal controls to ensure compliance with the Subrecipient Monitoring compliance requirement. The City's past federal awards experience did not involve or include subawards. Effect or Potential Effect: Noncompliance by the subrecipient may occur due to the subrecipient not being aware of the federal program's requirements and due to the City not sufficiently monitoring the subrecipient. Recommendation: We recommend that management of the City design and implement a comprehensive system of internal controls over federal award compliance, including development of policies and procedures to ensure compliance with the Subrecipient Monitoring compliance requirement. Views of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
Condition/Context: The single audit report was not submitted to the Office of Management and Budget in accordance with the reporting requirement. Criteria: COSO/Internal Control Framework defines control activities as “policies and procedures that help ensure management’s directives are carried out.” This would include preparation of the schedule of expenditures of federal awards and the related data collection form in a timely manner. Uniform Guidance 2 CFR 200.501 states that the audit shall be completed, and the data collection form shall be submitted within the earlier of 30 days after the receipt of the auditor’s report, or 9 months after the end of the audit period. The due date was extended six months as a result of the challenges related to the coronavirus pandemic. Cause: The single audit report was not submitted due to delays in the year-end closing process, resulting in the audit being delayed. Effect: Questioned Costs: None Recommendation: We believe the year-end closing and audit preparation processes should be completed sooner after year end. Progress should be monitored by management to ensure that established due dates are being met and required reports are submitted to regulatory agencies within the compliance time frame. As a result of the finding, the organization did not provide required information to its federal oversight agency in a timely manner.
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings