Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Various Agencies Finding 2023 – 024: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 – Child Nutrition Cluster (including COVID-19) ALN 10.565, 10.568, and 10.569 – Food Distribution Cluster ALN 10.557 – WIC Special Supplemental Nutrition Program for Women, Infants, and Children ALN 10.558 – Child and Adult Care Food Program ALN 84.010 – Title I Grants to Local Educational Agencies ALN 84.027 and 84.173¬ – Special Education Cluster (IDEA) (including COVID-19) ALN 84.367 – Supporting Effective Instruction State Grants ALN 84.425C – COVID-19 – Education Stabilization Fund - GEER Fund ALN 84.425D – COVID-19 – Education Stabilization Fund - ESSER Fund ALN 84.425R – COVID-19 – Education Stabilization Fund - CRRSA EANS ALN 84.425U – COVID-19 – Education Stabilization Fund - ARP ESSER ALN 84.425V – COVID-19 – Education Stabilization Fund - ARP EANS ALN 93.044, 93.045, and 93.053 – Aging Cluster (including COVID-19) ALN 93.323 – Epidemiology and Laboratory Capacity for Infectious Diseases (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth’s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2022-014) Federal Grant Number(s) and Year(s): 2101PACMC6 (4/01/2021 – 9/30/2024), 2101PAHDC5 (12/27/2020 – 9/30/2023), 2101PAHDC6 (4/01/2021 – 9/30/2024), 2101PAOACM (10/01/2020 – 9/30/2023), 2101PAOAHD (10/01/2020 – 9/30/2023), 2101PAOANS (10/01/2020 – 9/30/2023), 2101PAOASS (10/01/2020 – 9/30/2023), 2101PAPHC6 (4/01/2021 – 9/30/2024), 2101PASSC6 (4/01/2021 – 9/30/2024), 2101PAVAC5 (4/01/2021 – 9/30/2023), 2201PAOACM (10/01/2021 – 9/30/2023), 2201PAOAHD (10/01/2021 – 9/30/2023), 2201PAOANS (10/01/2021 – 9/30/2023), 2201PAOASS (10/01/2021 – 9/30/2023), 2201PASTPH (1/01/2022 – 9/30/2024), 2301PAOACM (10/01/2022 – 9/30/2024), 2301PAOAHD 10/01/2022 – 9/30/2024), 2301PAOANS (10/01/2022 – 9/30/2024), 2301PAOASS (10/01/2022 – 9/30/2024), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA365N8903 (1/01/2022 – 9/30/2023), 231PA365N8903 (10/01/2022 – 9/30/2024), 231PA305L1603 (10/01/2022 – 9/30/2023), 221PA305L1603 (10/01/2021 – 9/30/2022), 221PA825Y8005 (10/01/2021 – 9/30/2022), 231PA825Y8005 (10/01/2022 – 9/30/2023), 221PA825Y8105 (10/01/2021 – 9/30/2022), 231PA825Y8105 (10/01/2022 – 9/30/2023), 201PA715W5003 (10/01/2019 – 9/30/2023), 211PA715W5003 (10/01/2020 – 9/30/2024), 221PA705W1003 (10/01/2021 – 9/30/2022), 221PA705W1006 (10/01/2021 – 9/30/2022), 221PA715W5003 (10/01/2021 – 9/30/2024), 231PA705W1003 (10/01/2022 – 9/30/2023), 231PA705W1006 (10/01/2022 – 9/30/2023), 231PA715W5003 (10/01/2022 – 9/30/2025), 221PA305N1099 (10/01/2021 – 9/30/2022), 231PA305N1099 (10/01/2022 – 9/30/2023), 221PA315N1050 (10/01/2021 – 9/30/2023), 231PA315N1050 (10/01/2022 – 9/30/2024), 221PA305N2020 (10/01/2021 – 9/30/2022), 231PA305N2020 (10/01/2022 – 9/30/2023), S010A190038 (7/01/2019 – 9/30/2022), S010A200038 (7/01/2020 – 9/30/2022), S010A210038 (7/01/2021 – 9/30/2022), S010A220038 (7/01/2022 – 9/30/2024), S367A150051 (7/01/2015 – 9/30/2017), S367A190051 (7/01/2019 – 9/30/2021), S367A200051 (7/01/2020 – 9/30/2022), S367A210051 (7/01/2021 – 9/30/2023), S367A220051 (7/01/2022 – 9 /30/2024), H027A200093 (7/01/2020 – 9/30/2022), H027A210093 (7/01/2021 – 9/30/2023), H027A220093 (7/01/2022 – 9/30/2024), H027X210093 (7/01/2021 – 9/30/2023), H173A200090 (7/01/2020 – 9/30/2022), H173A210090 (7/01/2021 – 9/30/2023), H173A220090 (7/01/2022 – 9/30/2024), H173X210090 (7/01/2021 – 9/30/2023), S425W210039 (4/23/2021 – 9/30/2024), S425U210028 (3/24/2021 – 9/30/2023), S425D210028 (1/05/2021 – 9/30/2023), S425C200013 (5/18/2020 – 4/01/2024), S425R210037 (3/13/2020 – 9/30/2023), S425V210037 (11/16/2021 – 9/30/2023), S425C210013 (3/13/2020 – 9/30/2023), S425D200028 (3/13/2020 – 9/30/2022), NU50CK000527 (8/01/2019 – 7/31/2024) Finding 2023 – 024: (continued) Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget’s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse’s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2023 audit of the Commonwealth’s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth’s fiscal year ended June 30, 2022 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2023. We also evaluated the Commonwealth’s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies’ tracking lists during the fiscal year ended June 30, 2023 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies’ review of subrecipient audit reports: • Pennsylvania Department of Aging (PDOA): Our testing disclosed that PDOA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 10.5 months after the FAC MDL start date for the one audit report with findings. • Department of Agriculture (PDA): Our testing disclosed that PDA did not have procedures in place to track audit reports including having an audit tracking list. The time period for making a management decision on findings was approximately 12 months to over 18 months after the FAC MDL start date for three out of three audit reports with findings. There was also a delay in PDA’s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Our testing disclosed one audit report submitted to the FAC over nine months late that included $19.4 million in subrecipient expenditures passed through PDA. In addition, our testing disclosed that PDA subgranted federal funds totaling approximately $4.8 million to five subrecipients during the fiscal year ended June 30, 2022, for which Single Audits were not submitted to the FAC as of our January 2024 testing date. This was over 16 or 10 months after the respective, September 30, 2022 or March 31, 2023 due dates. • Department of Education (PDE): The time period for making a management decision on findings was approximately 9.3 to over 16.9 months after the FAC MDL start date for 14 out of 22 audit reports with findings. One of the 14 audit reports was improperly classified on PDE’s audit tracking list as not having federal award findings. There were additional audit reports with findings listed on PDE’s audit tracking list where management decisions were not made timely. • Department of Health (DOH): The time period for making a management decision on findings was over 11 months after the FAC MDL start date for two out of two audit reports with findings. One audit report with the late management decision on findings was excluded from DOH’s tracking list. Finding 2023 – 024: (continued) Criteria: 2 CFR Section 200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient’s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in §200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR Section 200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. 2 CFR Section 200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR Section 200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in §200.339 [Remedies for noncompliance]. Finding 2023 – 024: (continued) 2 CFR Section 200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in §200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended – Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program… (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth’s reliance on an acceptable audit and prompt resolution as evidence of the recipient’s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. Finding 2023 – 024: (continued) (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended – Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (2) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (5) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR §200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended – Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office’s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08 in order to ensure compliance with federal audit submission requirements. Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Finding 2023 – 024: (continued) Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR Section 200.339 and Commonwealth Management Directive 325.08. DOH Response: DOH agrees with the finding. PDOA Response: PDOA agrees with the finding. PDA Response: PDA agrees with the finding and will be hiring a complement position to ensure compliance in the future. PDE Response: PDE agrees with the finding. Questioned Costs: The amount of questioned costs cannot be determined.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Federal program: All federal awards provided to subrecipients. FY/Federal Award ID#: FY2023/All federal awards provided to subrecipients. Federal agency: All federal awards provided by subrecipients. Pass thru entity: All federal awards provided by subrecipients. Criteria: Per 24 CFR 574.500 -- Responsibility for grant administration: (a)General. Grantees are responsible for ensuring that grants are administrated in accordance with the requirements of this part and other applicable laws. Grantees are responsible for ensuring that their respective subrecipients carry out activities in compliance with all applicable requirements. (b)Grant agreement. The grant agreement will provide that the grantee agrees, and will ensure that each subrecipient agrees, to: (1) Operate the program in accordance with the provisions of these regulations and other applicable HUD regulations; (2) Conduct an ongoing assessment of the housing assistance and supportive services required by the participants in the program; (3) Assure the adequate provision of supportive services to the participants in the program; and (4) Comply with such other terms and conditions, including recordkeeping and reports (which must include racial and ethnic data on participants) for the program monitoring and elevation purposes, as HUD may establish for purposes of carrying out the program in an effective and efficient manner. And 24 CFR 574.500 - Applicability of Uniform Administrative Requirements as per 2 CFR 200.332(F) Requirements for pass-through entities. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipients Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. Condition: The foundation is not in compliance with recordkeeping for program monitoring and evaluation, as the Foundation does not have comprehensive risk-based/subrecipient monitoring policies and procedures. Questioned Costs: None noted. Cause: Staff were not aware of requirements to monitor program and fiscal compliance of project sponsors and document results and evidence of compliance or non-compliance. Effect: Granting agencies cannot determine whether the Foundation is ensuring that the project sponsor is carrying out activities in compliance with all applicable requirements. Recommendation: The Foundation provide written policies and procedures for the project sponsor monitoring and oversight, create a risk analysis form/process for all funded project sponsors and create a timeline to monitor project sponsors based on the risk analysis completed. View of Responsible Officials: The Foundation has updated its Quality Management Plan to include comprehensive subrecipient monitoring policies. The Foundations Quality Management team is working with all programming to implement a robust monitoring process, including risk assessments, adherence to grantor regulations, service delivery, and program outcomes.
Criteria: Per 2 CFR § 200.332(a)(1), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and include federal award identifying information such as the total amount of federal funds committed to the subrecipient by the pass-through entity, name of the federal awarding agency, and assistance listing number and title. Condition: Communication with the subrecipient includes the grant name and total funds committed to the subrecipient, but it does not disclose the portion that is federal funds, the federal awarding agency, or the assistance listing number and title. Cause: Grant agreements with the subrecipient have not historically included this information and templates were used from prior years to prepare the latest agreements. Effect: The subrecipient was not aware that their award included federal funds, and so did not include it on their Schedule of Expenditures of Federal Awards. Management's Response: The identified deficiency relates to the Safe Routes to School (SRTS) funds (OBAG 2 funds) passed through via agreement with the San Mateo County Office of Education (SMCOE). As noted by the auditor, the agreement describes the funding source with the same language previously used in prior grant agreements. Specifically, on page 26, the existing grant agreement states: “C/CAG and SMCOE have a joint interest in ensuring that schools and community agencies effectively implement programs that enable them to use the Federal Surface Transportation Program and Congestion Mitigation & Air Quality Improvement (STP/CMAQ) Program funds productively on behalf of students and the community.” To improve the communication of the nature of the federal funding and associated requirements, C/CAG will ensure that future federal pass-through grant agreements include the following information and language: (1) The specific portion of funding that is federal funds, the Federal Awarding Agency, full funding amount and applicable Federal Project Number, listing number and title. (2) A portion of the funds included are federal funds, and the recipient is responsible for compliance with all relevant Federal requirements, including, but not limited to § 200.501 Audit requirements and 2 CFR § 200.332 Requirements for pass-through entities.
Subrecipient Monitoring Finding Type: Material Weakness in Internal Controls over Compliance and Noncompliance Federal Program Title and AL Number: Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crisis (93.391). Criteria: 2 CFR Section 200.332 states that pass-through entities must verify that every subrecipient is audited as required when it is expected that the subrecipient's federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 as well as folow up and ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award, including actions taken to address single audit findings. Condition and context: Subrecipients were required to certify whether a single audit was required; and if completed, to report any findings. We were unable to obtain documentation that management followed up on the reported findings for two out of the nine statistically valid samples. Cause: The Organization’s internal controls did not ensure compliance with 2 CFR Section 200.332. Effect: The Organization did not comply with subrecipient monitoring requirements. Questioned Costs: Questioned costs are not able to be determined. Repeat finding: No. Recommendation: We recommend that the Organization implement a process to follow up with subrecipients to ensure compliance with 2 CFR Section 200.332. Views of responsible officials and planned corrective actions: Management concurs with the finding and recommendation. Please see the attached corrective action plan.
Subrecipient Monitoring Finding Type: Material Weakness in Internal Controls over Compliance and Noncompliance Federal Program Title and AL Number: Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crisis (93.391). Criteria: 2 CFR Section 200.332 states that pass-through entities must verify that every subrecipient is audited as required when it is expected that the subrecipient's federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501 as well as folow up and ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to the federal award, including actions taken to address single audit findings. Condition and context: Subrecipients were required to certify whether a single audit was required; and if completed, to report any findings. We were unable to obtain documentation that management followed up on the reported findings for two out of the nine statistically valid samples. Cause: The Organization’s internal controls did not ensure compliance with 2 CFR Section 200.332. Effect: The Organization did not comply with subrecipient monitoring requirements. Questioned Costs: Questioned costs are not able to be determined. Repeat finding: No. Recommendation: We recommend that the Organization implement a process to follow up with subrecipients to ensure compliance with 2 CFR Section 200.332. Views of responsible officials and planned corrective actions: Management concurs with the finding and recommendation. Please see the attached corrective action plan.
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster Grantor: Department of Health and Human Services and National Aeronautics and Space Administration Award Names: Biomedical Research and Research Training and Science Award Year: July 1, 2022 – June 30, 2023 Award Number: 5R01GM140457-03 and 80NSSC21K0753 Assistance Listing Numbers: 93.859 and 43.001 Pass-through entity: Not applicable Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Additionally, 2 CFR 200.332(b) indicates that entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section of the guidance. In this respect, the College procedures include (amongst other items) obtaining a Commitment Form from the subrecipient, performing an initial risk assessment on all subrecipients, and updating that risk assessment based on the Controller Office’s judgement. The College also annually reviews the subrecipient's Uniform Guidance (“UG”) report and performs any necessary follow-up to issue a management decision, where applicable. Condition Through our testing of 4 subrecipients, we noted the following: • For all samples, we were unable to obtain sufficient evidence of the College’s annual subrecipient risk assessment. • For all samples, we were unable to obtain sufficient evidence of the College’s annual review of the audited financial statements and UG report, documentation of their review of the subrecipient’s audit report, and actions taken as a result of the findings in the report. Cause The College indicated subrecipient reviews, including the annual risk assessment and review of the UG report, were performed informally by the Principal Investigators and financial staff and not consistently documented. The College cites insufficient staffing needed for the formal documentation of the subrecipient risk assessment and monitoring procedures as the cause. Effect The lack of an annual review of subrecipient UG reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the UG. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs None identified. Recommendation We recommend the College reassess the design of its controls around subrecipient risk assessment and monitoring during the ongoing monitoring process. The College should formalize the documentation and review of its controls related to the annual monitoring of subrecipients, inclusive of annual reviews of Uniform Guidance reports along with other required ongoing monitoring based on the risk rating of the subrecipient. Management’s Views and Corrective Action Plan Management’s Views and Corrective Action Plan are included at the end of this report after the summary schedule of prior audit findings.
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster Grantor: Department of Health and Human Services and National Aeronautics and Space Administration Award Names: Biomedical Research and Research Training and Science Award Year: July 1, 2022 – June 30, 2023 Award Number: 5R01GM140457-03 and 80NSSC21K0753 Assistance Listing Numbers: 93.859 and 43.001 Pass-through entity: Not applicable Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Additionally, 2 CFR 200.332(b) indicates that entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section of the guidance. In this respect, the College procedures include (amongst other items) obtaining a Commitment Form from the subrecipient, performing an initial risk assessment on all subrecipients, and updating that risk assessment based on the Controller Office’s judgement. The College also annually reviews the subrecipient's Uniform Guidance (“UG”) report and performs any necessary follow-up to issue a management decision, where applicable. Condition Through our testing of 4 subrecipients, we noted the following: • For all samples, we were unable to obtain sufficient evidence of the College’s annual subrecipient risk assessment. • For all samples, we were unable to obtain sufficient evidence of the College’s annual review of the audited financial statements and UG report, documentation of their review of the subrecipient’s audit report, and actions taken as a result of the findings in the report. Cause The College indicated subrecipient reviews, including the annual risk assessment and review of the UG report, were performed informally by the Principal Investigators and financial staff and not consistently documented. The College cites insufficient staffing needed for the formal documentation of the subrecipient risk assessment and monitoring procedures as the cause. Effect The lack of an annual review of subrecipient UG reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the UG. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs None identified. Recommendation We recommend the College reassess the design of its controls around subrecipient risk assessment and monitoring during the ongoing monitoring process. The College should formalize the documentation and review of its controls related to the annual monitoring of subrecipients, inclusive of annual reviews of Uniform Guidance reports along with other required ongoing monitoring based on the risk rating of the subrecipient. Management’s Views and Corrective Action Plan Management’s Views and Corrective Action Plan are included at the end of this report after the summary schedule of prior audit findings.
Reference Number: 2023-009 Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds Federal Assistance Listing Number: 21.027 Federal Agency: U.S. Department of Treasury Pass-Through Entity: N/A Federal Award Number and Year: Fiscal Year 2022-23 Name of Department: County Executive Office Internal Services Department Department of Consumer Business Affairs Department of Aging Category of Finding: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance; Instance of Noncompliance Criteria In accordance with Title 2 U.S. Code of Federal Regulations (CFR) § 200.332, all pass-through entities (PTE) must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal award identification: (i.) Subrecipient name (which must match the name associated with its unique entity identifier); (ii.) Subrecipient's unique entity identifier; (iii.) Federal Award Identification Number (FAIN); (iv.) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; (v.) Subaward Period of Performance Start and End Date; (vi.) Subaward Budget Period Start and End Date; (vii.) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii.) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; (ix.) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (x.) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi.) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii.) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii.) Identification of whether the award is R&D; and (xiv.) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Condition During our audit of the Coronavirus State and Local Fiscal Recovery Funds (CSLFRF) program, we selected twenty-three (23) subrecipients with active contracts with the County during FY 2022-23. • One (1) contract administered by the Internal Services Department (ISD) did not include one or more of the required elements defined in 2 CFR § 200.332 (a)(1) in the subrecipients’ agreements. • One (1) contract administered by the Department of Consumer Affairs (DCBA) did not include one or more of the required elements defined in 2 CFR § 200.332(a)(1) in the subrecipients’ agreements. • For four (4) contracts administered by the Aging Department (AD), the AD did not perform subrecipient monitoring related to the CSLFRF program during FY 2022-23. Cause Due to the urgency to implement the CSLFRF program, the Notice of Federal Subaward Information was not completed and provided to the subrecipient for two (2) contracts. The AD was not aware of the requirement to conduct subrecipient monitoring related to the CSLFR program and did not perform subrecipient monitoring of four (4) contracts. Effect Failure to provide all the required subaward information may result in subrecipients incorrectly reporting on federal pass-through awards in their Single Audit reports. Failure to document monitoring results in noncompliance with the subrecipient monitoring requirements 2 CFR § 200.332. Questioned Costs Questioned costs were not determinable. Context Of the twenty-three (23) subrecipients selected for testing, which totaled $71,323,434, from a population of 124 subrecipients with expenditures totaling $90,592,053: • The departments did not communicate all of the required subaward data elements for two (2) subrecipients with expenditures totaling $7,305,087. • The AD did not perform subrecipient monitoring for four (4) subrecipients with expenditures totaling $8,542,012. The sample was not a statistically valid sample. Recommendation We recommend the County perform the following: 1. Remind departments that the Notice of Federal Subaward Information is a required attachment for all subrecipient agreements. In addition, subaward contract templates should be reviewed and revised to include placeholders for required information 2 CFR § 200.332(a)(1). 2. For existing subrecipients that were not provided the required elements, provide a letter or amended agreement to include all the required elements of 2 CFR § 200.332(a)(1). 3. Maintain sufficient records of monitoring subrecipients in accordance with subrecipient monitoring requirements.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
Finding Reference Number: 2023-011 NH Department of Health and Human Services Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (Assistance Listing #93.323) Federal Award Numbers: NUK50CK000522 Federal Award Year: 2019 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-018 Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $5,070,789 of federal funding to subrecipient. As part of our testing related subrecipient monitoring, we noted the following: A. As part of our during the award monitoring testwork, we were unable to obtain documentation to support that that the Department had performed the suggested monitoring procedures for 3 of the 4 subrecipients selected for testwork based upon the subrecipients most recent risk assessment performed. For the remaining 1 subrecipient, the risk assessment form did not indicate the required frequency of the suggested type of monitoring. As a result, we were not able to verify that the Department had performed the appropriate monitoring procedures as outlined by the risk assessment performed for each subrecipient. B. The Department’s during the award monitoring for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. Per review of the risk assessment for each of the 4 subrecipients, the risk assessment did not provide for specific monitoring procedures that would address compliance with the subrecipients grant agreement beyond the period review of expenditure data. Taking into consideration that for each of the 4 subrecipients selected the testwork, if an Uniform Guidance report was issued for the subrecipient, this program was not audited as a major program, it does not appear that either the procedures suggested within the risk assessment or the procedures performed by the Department would be able to identify noncompliance incurred at the subrecipient level. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified the following: • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report. We noted however there were no findings identified within the uniform guidance report that would have required corrective action. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials: Management partially concurs with the finding above. Rejoinder As it relates to Bullet B above, for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. As it relates to Bullet C above, we were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued for 1 of 3 items selected for testwork. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. In addition, for 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report.
Finding Reference Number: 2023-011 NH Department of Health and Human Services Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (Assistance Listing #93.323) Federal Award Numbers: NUK50CK000522 Federal Award Year: 2019 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-018 Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $5,070,789 of federal funding to subrecipient. As part of our testing related subrecipient monitoring, we noted the following: A. As part of our during the award monitoring testwork, we were unable to obtain documentation to support that that the Department had performed the suggested monitoring procedures for 3 of the 4 subrecipients selected for testwork based upon the subrecipients most recent risk assessment performed. For the remaining 1 subrecipient, the risk assessment form did not indicate the required frequency of the suggested type of monitoring. As a result, we were not able to verify that the Department had performed the appropriate monitoring procedures as outlined by the risk assessment performed for each subrecipient. B. The Department’s during the award monitoring for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. Per review of the risk assessment for each of the 4 subrecipients, the risk assessment did not provide for specific monitoring procedures that would address compliance with the subrecipients grant agreement beyond the period review of expenditure data. Taking into consideration that for each of the 4 subrecipients selected the testwork, if an Uniform Guidance report was issued for the subrecipient, this program was not audited as a major program, it does not appear that either the procedures suggested within the risk assessment or the procedures performed by the Department would be able to identify noncompliance incurred at the subrecipient level. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified the following: • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report. We noted however there were no findings identified within the uniform guidance report that would have required corrective action. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials: Management partially concurs with the finding above. Rejoinder As it relates to Bullet B above, for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. As it relates to Bullet C above, we were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued for 1 of 3 items selected for testwork. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. In addition, for 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report.
Finding Reference Number: 2023-017 NH Department of Health and Human Services Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) and COVID-19 Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) Federal Award Numbers: 1B08Ti084659-01, 1B08TI085821-01 Federal Award Year: 2022, 2023 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $7,720,172 of federal funding to subrecipients. As part of our testing related subrecipient monitoring, we identified the following: A. The Department provided the most recent risk assessment performed for each of the 7 subrecipients selected for testwork. Per review of the risk assessments provided, we identified the following: 1. For 5 of the subrecipients, the risk assessment indicated that the subrecipients expenditure detail should be examined monthly to ensure compliance with contract requirements and applicable laws and rules. We were unable to determine if this procedure had been performed as part of the Department’s subrecipient monitoring process. 2. For the remaining 2 subrecipients the recommended monitoring procedures was left blank on the risk assessment and as such we are unable to verify what type of monitoring procedures should have been performed. B. The Department’s during the award monitoring for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified that for 2 of 7 subrecipients selected for testwork, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department review its existing policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials Management partially concurs with the finding above. Rejoinder As it relates to Bullet A above, we were not able to obtain documentation to support that the suggested procedures outlined within the risk assessment was performed. As it relates to Bullet B above, for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement.
Finding Reference Number: 2023-017 NH Department of Health and Human Services Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) and COVID-19 Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) Federal Award Numbers: 1B08Ti084659-01, 1B08TI085821-01 Federal Award Year: 2022, 2023 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $7,720,172 of federal funding to subrecipients. As part of our testing related subrecipient monitoring, we identified the following: A. The Department provided the most recent risk assessment performed for each of the 7 subrecipients selected for testwork. Per review of the risk assessments provided, we identified the following: 1. For 5 of the subrecipients, the risk assessment indicated that the subrecipients expenditure detail should be examined monthly to ensure compliance with contract requirements and applicable laws and rules. We were unable to determine if this procedure had been performed as part of the Department’s subrecipient monitoring process. 2. For the remaining 2 subrecipients the recommended monitoring procedures was left blank on the risk assessment and as such we are unable to verify what type of monitoring procedures should have been performed. B. The Department’s during the award monitoring for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified that for 2 of 7 subrecipients selected for testwork, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department review its existing policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials Management partially concurs with the finding above. Rejoinder As it relates to Bullet A above, we were not able to obtain documentation to support that the suggested procedures outlined within the risk assessment was performed. As it relates to Bullet B above, for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement.
Finding Reference Number: 2023-023 NH Department of Safety Disaster Grants – Public Assistance (Presidentially Declared Disasters) and COVID-19 Public Assistance (Presidentially Declared Disasters) (Assistance Listing #97.036) Federal Award Numbers: FEMA-4622-DR-NH, FEMA-4624-DR-NH, FEMA-4457-DR-NH, FEMA-4370-DR, FEMA-4693-DR, FEMA-4355-DR, FEMA-4329-DR, FEMA-4516-DR-NH Federal Award Year: July 17-19, 2021, July 29-30, 2021, July 11-12, 2019, March 2-8, 2018, December 22-December 25, 2022, October 29-November 1, 2017, July 1-2, 2017, January 20, 2020 U.S. Department of Homeland Security Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Identify the Award and Applicable Requirements – Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). 2. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 3. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition As part of the Disaster Grants - Public Assistance program (DGPA), the New Hampshire Department of Safety - Homeland Security and Emergency Management (the Department) enters into grant agreements with local municipalities to provide reimbursement for expenditures incurred as a result of New Hampshire declared disasters. During the year ended June 30, 2023, $27,041,873 was passed through to 85 subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following: A. The Department communicates award information to subrecipients through the approved agreement. Per review of the agreement, for each of the 27 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332(a). Specifically, the following elements were not communicated: - Subrecipient unique entity identifier (not communicated for 19/27); - Federal Award Identification Number (FAIN) (not communicated for 27/27); - Identification of whether the award is R&D (not communicated for 27/27); and - Indirect cost rate for the federal award (including if the de minimis rate is charged) (not communicated for 27/27) B. The Department evaluated the subrecipient risk of noncompliance through a risk assessment for each of the 13 subrecipients selected for testwork. However, there was no formal risk assessment policy in place that indicated how frequently risk assessments should be performed. As a result, 5 subrecipients did not have risk assessments performed during the current year for purposes of determining the appropriate subrecipient monitoring response. These prior fiscal year(s) risk assessments were performed as of the following dates: September 2019, October and December 2021, May and June 2022. C. For each of the 13 subrecipients selected for testwork, the Department did not perform any during the award monitoring. D. During our testwork over the Department’s review of subrecipient uniform guidance reports, we noted there were no UG report review policies and procedures in place. For the 13 subrecipients selected for testwork, 6 subrecipients were identified in which the Department did not review the most recent uniform guidance report issued. Specifically, we noted: • For 5 of 13 subrecipients, the subrecipient’s uniform guidance was not reviewed due to updated risk assessments not being performed in the current year (refer to item 2 above) • For 1 of 13 subrecipients, the current year risk assessment was performed prior to the receipt of the subrecipient’s uniform guidance report and management did not go back to review the report Cause The cause of the condition found was primarily due to the Department not performing their sub monitoring internal controls in accordance with written formal policies and procedures. Questioned Costs None. Recommendation We recommend that the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(a-h) and 2 CFR section 200.501(h). View of Responsible Officials: Management concurs with the finding above.
Finding Reference Number: 2023-023 NH Department of Safety Disaster Grants – Public Assistance (Presidentially Declared Disasters) and COVID-19 Public Assistance (Presidentially Declared Disasters) (Assistance Listing #97.036) Federal Award Numbers: FEMA-4622-DR-NH, FEMA-4624-DR-NH, FEMA-4457-DR-NH, FEMA-4370-DR, FEMA-4693-DR, FEMA-4355-DR, FEMA-4329-DR, FEMA-4516-DR-NH Federal Award Year: July 17-19, 2021, July 29-30, 2021, July 11-12, 2019, March 2-8, 2018, December 22-December 25, 2022, October 29-November 1, 2017, July 1-2, 2017, January 20, 2020 U.S. Department of Homeland Security Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Identify the Award and Applicable Requirements – Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). 2. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 3. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition As part of the Disaster Grants - Public Assistance program (DGPA), the New Hampshire Department of Safety - Homeland Security and Emergency Management (the Department) enters into grant agreements with local municipalities to provide reimbursement for expenditures incurred as a result of New Hampshire declared disasters. During the year ended June 30, 2023, $27,041,873 was passed through to 85 subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following: A. The Department communicates award information to subrecipients through the approved agreement. Per review of the agreement, for each of the 27 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332(a). Specifically, the following elements were not communicated: - Subrecipient unique entity identifier (not communicated for 19/27); - Federal Award Identification Number (FAIN) (not communicated for 27/27); - Identification of whether the award is R&D (not communicated for 27/27); and - Indirect cost rate for the federal award (including if the de minimis rate is charged) (not communicated for 27/27) B. The Department evaluated the subrecipient risk of noncompliance through a risk assessment for each of the 13 subrecipients selected for testwork. However, there was no formal risk assessment policy in place that indicated how frequently risk assessments should be performed. As a result, 5 subrecipients did not have risk assessments performed during the current year for purposes of determining the appropriate subrecipient monitoring response. These prior fiscal year(s) risk assessments were performed as of the following dates: September 2019, October and December 2021, May and June 2022. C. For each of the 13 subrecipients selected for testwork, the Department did not perform any during the award monitoring. D. During our testwork over the Department’s review of subrecipient uniform guidance reports, we noted there were no UG report review policies and procedures in place. For the 13 subrecipients selected for testwork, 6 subrecipients were identified in which the Department did not review the most recent uniform guidance report issued. Specifically, we noted: • For 5 of 13 subrecipients, the subrecipient’s uniform guidance was not reviewed due to updated risk assessments not being performed in the current year (refer to item 2 above) • For 1 of 13 subrecipients, the current year risk assessment was performed prior to the receipt of the subrecipient’s uniform guidance report and management did not go back to review the report Cause The cause of the condition found was primarily due to the Department not performing their sub monitoring internal controls in accordance with written formal policies and procedures. Questioned Costs None. Recommendation We recommend that the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(a-h) and 2 CFR section 200.501(h). View of Responsible Officials: Management concurs with the finding above.
Program: Highway Planning and Construction Federal Financial Assistance Listing No.: 20.205 Federal Agency: U.S. Department of Transportation Passed-through: California Department of Transportation Award Number and Year: 5923, 2022/2023 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria: 2 CFR 200.331(a) establishes the required elements that the pass-through entity (County) must include in their subrecipient agreements. 2 CFR 200.331(b) establishes the requirement that the pass-through entity must evaluate the risk of noncompliance with Federal statutes, regulations, and terms and conditions of the program for each subaward for the purpose of determining the appropriate subrecipient monitoring activities. 2 CFR 200.331(d) and 2 CFR 200.331(e) establishes the requirement that the pass-through entity must monitor the activities of each subrecipient of program funds to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward and achieves performance goals. 2 CFR 200.331(d) requires that the monitoring activities must include: 1) Reviewing of financial and performance reports as required by the pass-through entity. 2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 Management decision. 2 CRF 200.331(f) establishes the requirement for the pass-through entity to verify whether the subrecipient is subject to a single audit when the subrecipient’s expenditures are expected to exceed the threshold set forth in 2 CRF 200.501. Condition: In 1 out of 1 instance selected, we found that the subrecipient agreement did not contain the federal award identification elements required to be communicated by the County, no risk assessment was performed, and no subrecipient monitoring was performed. In this same instance, a documented review of whether the subrecipient was subject to a single audit was also not performed. single audit in the period the expenditures were incurred. Cause: The County improperly identified the subrecipient as a contractor. The County did not perform an evaluation of the agreement to determine whether the vendor was a contractor or a subrecipient. Effect: The County did not comply with the subrecipient monitoring compliance requirements. Questioned Costs: None reported. Context/Sampling: We selected 100% of the County’s subrecipients of the program. Repeat Finding from Prior Year(s): No. Recommendation: We recommend that the County establish procedures to determine whether agreements represent a contractor or a subrecipient arrangement. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
New York City Department for the Aging (“DFTA”) Finding #: 2023-010 Funding Year(s): 07/01/2022 - 06/30/2023 New York City Department for the Aging: Aging Cluster (FAL #93.044, 93.045 & 93.053) Contract Number: N/A Pass-Through Agency: New York State Office for the Aging Type of Finding: Subrecipient Monitoring Compliance and Internal Control (Significant Deficiency) Criteria: As stipulated in 2 CFR 200.332(f) pass-through entities should verify that every subrecipient that expends $750,000 or more in federal awards during their fiscal year has a single or program-specific audit conducted for that fiscal year in accordance with 2 CFR 200.501. Additionally, per 2 CFR 200.512(a)(1) the audit must be completed and the data collection form along with the reporting package must be submitted to the Federal Audit Clearinghouse within the earlier of 30 calendar days after receipt of the auditor’s report(s), or nine months after the end of the audit period. Condition/Context: Of the forty (40) subrecipients under the Aging Cluster that were selected for testing, four (4) of the single audit report dates were beyond the nine-month required submission date required by 2 CFR 200.512(a)(1). For these four (4) selections, DFTA was unable to provide supporting documentation of notification by the subrecipient of the late submission and acknowledgment of the notification by DFTA. Cause/Effect: While DFTA has established subrecipient monitoring procedures, we noted that monitoring of subrecipient compliance with federal statues, regulations and terms and conditions of the federal award were not consistently performed and documented. Missing or incomplete monitoring procedures could result in subrecipients not complying with Uniform Guidance reporting and/or other program specific compliance requirements. Questioned Costs: None identified. Identification as a Repeat Finding: This is not a repeat finding. Recommendation: We recommend that DFTA create a comprehensive internal control structure which ensures that all subrecipient compliance requirements stipulated by 2 CFR 200.332 are being met, including following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient detected through audits, on-site reviews, and written confirmation from the subrecipient.