Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Various Agencies Finding 2022 ? 014: ALN 10.553, 10.555, 10.556, 10.559, and 10.582 ? Child Nutrition Cluster (including COVID-19) ALN 10.557 ? WIC Special Supplemental Nutrition Program for Women, Infants, and Children (including COVID-19) ALN 10.558 ? Child and Adult Care Food Program (including COVID-19) ALN 15.252 ? Abandoned Mine Land Reclamation ALN 21.023 ? COVID-19 ? Emergency Rental Assistance Program ALN 84.010 ? Title I Grants to Local Educational Agencies ALN 84.027 and 84.173 ? ? Special Education Cluster (IDEA) (including COVID-19) ALN 84.425C ? COVID 19 ? Education Stabilization Fund - GEER Fund ALN 84.425D ? COVID 19 ? Education Stabilization Fund - ESSER Fund ALN 84.425R ? COVID 19 ? Education Stabilization Fund - CRRSA EANS ALN 84.425U ? COVID 19 ? Education Stabilization Fund - ARP ESSER ALN 84.425W ? COVID 19 ? Education Stabilization Fund - ARP ESSER HCY ALN 93.558 ? Temporary Assistance for Needy Families (including COVID-19) ALN 93.563 ? Child Support Enforcement ALN 93.575 and 93.596 ? Child Care and Development Fund (CCDF) Cluster (including COVID-19) ALN 93.658 ? Foster Care ? Title IV-E (including COVID-19) ALN 93.659 ? Adoption Assistance (including COVID-19) ALN 93.775, 93.777, and 93.778 ? Medicaid Cluster (including COVID-19) A Material Weakness and Material Noncompliance Exist in the Commonwealth?s Subrecipient Audit Resolution Process (A Similar Condition Was Noted in Prior Year Finding 2021-015) Federal Grant Number(s) and Year(s): 1PA300365 (1/01/2022 ? 9/30/2023), 1PA310305 (10/01/2021 ? 9/30/2022), 1PA310305 (10/01/2020 ? 9/30/2021), 1PA300305 (10/01/2021 ? 9/30/2022), 1PA300305 (10/01/2020 ? 9/30/2021), 1PA320305 (12/27/2020 ? 9/30/2021), Y22174 (10/01/2021 ? 9/30/2024), Y13194 (10/01/2020 ? 9/30/2023), Y03194 (10/01/2019 ? 9/30/2023), Y03191 (10/01/2019 ? 9/30/2020), Y22173 (10/01/2021 ? 9/30/2022), Y22172 (10/01/2021 ? 9/30/2022, Y13191 (10/01/2020 ? 9/30/2021), Y13061 (10/01/2020 ? 9/30/2021), S22AF00017 (1/01/2022 ? 12/31/2024), S21AF10050 (6/01/2021 ? 5/31/2024), S21AF10015 (1/01/2021 ? 12/31/2023), S20AF20092 (10/01/2020 ? 9/30/2023), S20AF20006 (1/01/2020 ? 12/31/2022), S19AF20006 (1/01/2019 ? 12/31/2021), S19AF20004 (12/01/2018 ? 11/30/2023), S18AF20004 (11/01/2017 ? 10/31/2023), ERAE0131 (1/19/2021 ? 12/29/2022), ERAE0333 (5/11/2021 ? 12/30/2025), S010A210038 (7/01/2021 ? 9/30/2022), S010A200038 (7/01/2020 ? 9/30/2021), H027A210093 (7/01/2021 ? 9/30/2022), H027A200093 (7/01/2020 ? 9/30/2021), S425D200028 (3/13/2020 ? 9/30/2022), S425D210028 (3/13/2020 ? 9/30/2022), 2201PATANF (10/01/2021 ? 9/30/2022), 2101PATANF (10/01/2020 ? 9/30/2021), 2001PATANF (10/01/2019 ? 9/30/2020), 2201PACSES (10/01/2021 ? 9/30/2022), 2101PACSES (10/01/2020 ? 9/30/2021), G2201PACCDF (10/01/2021 ? 9/30/2022), G2101PACCDF (10/01/2020 ? 9/30/2021), 2201PAFOST (10/01/2021 ? 9/30/2022), 2101PAFOST (10/01/2020 ? 9/30/2021), 2001PAFOST (10/01/2019 ? 9/30/2020), 2201PAADPT (10/01/2021 ? 9/30/2022), 2101PAADPT (10/01/2020 ? 9/30/2021), 2205PA5MAP (10/01/2021 ? 9/30/2022), 2105PA5MAP (10/01/2020 ? 9/30/2021) Finding 2022 ? 014: (continued) Type of Finding: Significant Deficiency, Noncompliance for Medicaid Cluster Material Weakness, Material Noncompliance for Other Programs Compliance Requirement: Subrecipient Monitoring Condition: Under the Commonwealth of Pennsylvania's (Commonwealth) implementation of the Single Audit Act, review and resolution of subrecipient Single Audit reports is split into two stages. The Office of the Budget?s Bureau of Accounting and Financial Management (OB-BAFM) ensures the reports meet technical standards through a centralized desk review process. The various funding agencies in the Commonwealth are responsible for making a management decision on each finding within six months of the Federal Audit Clearinghouse?s (FAC) Management Decision Letter (MDL) start date for audits subject to Uniform Guidance and to ensure appropriate corrective action is taken by the subrecipient (except for Uniform Guidance audits under U.S. Department of Labor programs which are permitted 12 months for management decisions in accordance with 2 CFR Section 2900.21). Each Commonwealth agency is also responsible for reviewing financial information in each audit report to determine whether the audit included all pass-through funding provided by the agency in order to ensure pass-through funds were subject to audit. Most agencies meet this requirement by performing Schedule of Expenditures of Federal Awards (SEFA) reconciliations. The agency is also required to adjust Commonwealth records, if necessary. Our fiscal year ended June 30, 2022 audit of the Commonwealth?s process for review and resolution of subrecipient Single Audits included an evaluation of the Commonwealth?s fiscal year ended June 30, 2021 subrecipient audit universe for audits due for submission to the FAC during the fiscal year ended June 30, 2022. We also evaluated the Commonwealth?s review of 44 subrecipient audit reports with findings in major programs/clusters which were identified on the Commonwealth agencies? tracking lists during the fiscal year ended June 30, 2022 and required management decisions by Commonwealth agencies. Our testing disclosed the following audit exceptions regarding the Commonwealth agencies? review of subrecipient audit reports: ? Department of Education (PDE): The time period for making a management decision on findings was approximately 6.5 to over 13 months after the FAC MDL start date for 14 out of 25 audit reports with findings. Three of the 14 audit reports were improperly classified on PDE?s audit tracking list as not having federal award findings. ? Department of Environmental Protection (DEP): The time period for making a management decision on findings was approximately 16.2 months after the FAC MDL start date for one out of three audit reports with findings. In addition, our review disclosed that DEP subgranted federal funds totaling $10,338,570 to one subrecipient during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended due to the COVID-19 pandemic in accordance with the Office of Management and Budget?s (OMB) Memorandum M-21-20, Appendix 3. ? Department of Health (DOH): Our review disclosed that DOH subgranted federal funds totaling $8,103,407 to one subrecipient during the fiscal year ended September 30, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 12.5 months after the December 31, 2021 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. ? Department of Human Services (DHS): The time period for making a management decision on findings ranged from approximately 6.6 months to over 19.6 months after the FAC MDL start date for 12 out of 14 subrecipient audit reports with findings. There was also a delay in DHS?s procedures to ensure the subrecipient SEFAs were accurate so that major programs were properly determined and subjected to audit. Finding 2022 ? 014: (continued) As a follow-up to the prior year finding, we noted that the Commonwealth subgranted federal funds totaling $327,988,063 to the City of Philadelphia during the fiscal year ended June 30, 2021, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 3.5 months after the September 30, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. Our testing disclosed that DHS?s subgrants to the City of Philadelphia were material for five of the 16 major programs/clusters with material subgranted funds. Our follow-up on the prior year finding also disclosed that the Commonwealth subgranted federal funds totaling $28,725,212 to Bucks County during the fiscal year ended December 31, 2020, for which a Single Audit was not submitted to the FAC as of our January 2023 testing date. This was over 9.5 months after the March 31, 2022 due date, which had been extended in accordance with OMB?s Memorandum M-21-20, Appendix 3. DHS was the lead agency for the City of Philadelphia and Bucks County audits. Criteria: 2 CFR ?200.332, Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 [Management decision]. (f) Verify that every subrecipient is audited as required by Subpart F [Audit Requirements] of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 [Audit requirements]. (g) Consider whether the results of the subrecipient?s audit, on-site review, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity?s own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in ?200.339 [Remedies for noncompliance] of this part and in program regulations. In order to carry out these responsibilities properly, good internal control dictates that state pass-through agencies ensure subrecipient Single Audit SEFAs are representative of state payment records each year, and that the related federal programs have been properly subjected to Single Audit procedures. 2 CFR ?200.512, Report submission, states in part: (a) General. (1) The audit must be completed and the data collection form described in paragraph (b) of this section and reporting package described in paragraph (c) of this section must be submitted within the earlier of 30 calendar days after receipt of the auditor?s report(s), or nine months after the end of the audit period. If the due date falls on a Saturday, Sunday, or Federal holiday, the reporting package is due the next business day. Finding 2022 ? 014: (continued) 2 CFR ?200.521, Management decision, states in part: (a) General. The management decision must clearly state whether or not the finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. 2 CFR ?200.505, Sanctions, states: In cases of continued inability or unwillingness to have an audit conducted in accordance with this part, Federal agencies and pass-through entities must take appropriate action as provided in ?200.339 [Remedies for noncompliance]. 2 CFR ?200.339, Remedies for noncompliance, states in part: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ?200.208 [Specific conditions]. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances. (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR Part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. To ensure Commonwealth enforcement of federal regulations for subrecipient noncompliance with audit requirements, Commonwealth Management Directive 325.08, Amended ? Remedies for Recipient Noncompliance with Audit Requirements, Section 5 related to policy, states in part: (a) Agencies must develop and implement remedial action that reflects the unique requirements of each program? (b) The remedial action should be implemented within six months from the date the first remedial action is initiated. At the end of the six-month period, the recipient should take the appropriate corrective action or the final stage of remedial action should be imposed on the recipient. Examples of remedial action include, but are not limited to: Finding 2022 ? 014: (continued) (1) Meeting or calling the recipient to explain the importance and benefits of the audit and audit resolution processes, emphasizing the value of the audit as an administrative tool and the Commonwealth?s reliance on an acceptable audit and prompt resolution as evidence of the recipient?s ability to properly administer the program. (2) Encouraging the entity to establish an audit committee or designate an individual as the single point of contact to: (a) Communicate regarding the audit. (b) Arrange for and oversee the audit. (c) Direct and monitor audit resolution. (3) Providing technical assistance to the recipient in devising and implementing an appropriate plan to remedy the noncompliance. (4) Withholding a portion of assistance payments until the noncompliance is resolved. (5) Withholding or disallowing overhead costs until the noncompliance is resolved. (6) Suspending the assistance agreement until the noncompliance is resolved. (7) Terminating the assistance agreement with the recipient and, if necessary, seeking alternative entities to administer the program. Management Directive 325.09, Amended ? Processing Subrecipient Single Audits of Federal Pass-Through Funds, Section 7 related to procedures, states in part: c. Agencies. (1) Evaluate single audit report submissions received from BAFM to determine program purpose acceptability by verifying, at a minimum, that all agency-funded programs are properly included on the applicable financial schedules; that findings affecting the agency contain sufficient information to facilitate a management decision; and that the subrecipient has submitted an adequate corrective action plan. (6) Issue management decisions relative to audit findings and crosscutting findings assigned to the agency for resolution, as required by 2 CFR ?200.521. If responsible for the resolution of crosscutting findings, notify the affected agency or agencies upon resolution of such findings. (7) Impose or coordinate the imposition of remedial action in accordance with 2 CFR Part 200.339 and Management Directive 325.08 Amended, Remedies for Recipient Noncompliance with Audit Requirements, when subrecipients fail to comply with the provisions of Subpart F. Management Directive 325.12, Amended ? Standards for Enterprise Risk Management in Commonwealth Agencies, adopted the internal control framework outlined in the United States Government Accountability Office?s, Standards for Internal Control in the Federal Government (Green Book). The Green Book states in part: Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results. Management should remediate identified internal control deficiencies on a timely basis. Cause: One reason provided by Commonwealth management for untimely audit resolution in the various agencies, including making management decisions, approving corrective action, and performing procedures to ensure the accuracy of subrecipient SEFAs, was either a change in staff or a lack of staff to follow up and process subrecipient audit reports more timely. The late management decision at DEP appeared to be the result of a subrecipient being treated as a contractor as described in current year Single Audit Finding #2022-005, despite having a subrecipient Single Audit requirement clause in its contract with DEP. Regarding late and outstanding audit report submissions, the Commonwealth agencies did not appear to be timely implementing remedial action steps in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.8 in order to ensure compliance with federal audit submission requirements. Finding 2022 ? 014: (continued) Effect: Since required management decisions were not made within six months to ensure appropriate corrective action was taken on audits received from subrecipients, the Commonwealth did not comply with federal regulations, and subrecipients were not made aware of acceptance or rejection of corrective action plans in a timely manner. Further, noncompliance may recur in future periods if control deficiencies are not corrected on a timely basis, and there is an increased risk of unallowable charges being made to federal programs if corrective action and recovery of questioned costs is not timely. Regarding the SEFA reviews or alternate procedures which are not being performed timely and the late Single Audit report submissions, there is an increased risk that subrecipients could be misspending and/or inappropriately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis as required. Finally, additional federal pass-through funds may be unaudited in the future without timely and effective remedial action from Commonwealth agencies to enforce compliance. Recommendation: We recommend that the above weaknesses that cause untimely subrecipient Single Audit resolution, including untimely management decisions on findings, untimely review of the SEFA or alternate procedures, and late audit report submissions be corrected to ensure compliance with federal requirements and Commonwealth Management Directives, and to better ensure timelier subrecipient compliance with program requirements. Commonwealth agencies should promptly pursue outstanding audits and implement remedial action steps on a timely basis in accordance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08. PDE Response: PDE agrees with the finding. DEP Response: DEP agrees with the finding. DOH Response: DOH agrees with the finding. DHS Response: While DHS agrees with this finding, we believe we are in compliance with 2 CFR ?200.339 and Commonwealth Management Directive 325.08 related to outstanding audits. We continue to work with counties and their independent auditors to obtain any late Single Audit reports, and albeit late, we do receive them which is the ultimate goal. Questioned Costs: The amount of questioned costs cannot be determined. The corrective action plan for this finding, if any, has not been reviewed by the auditors. See Corrective Action Plans located elsewhere in this Report.
Finding 2022-001 Subject: Coronavirus Relief Fund ? Chicago Connected Subrecipient Monitoring Federal Agency: United States Department of the Treasury Federal Program: Chicago Connected ? Coronavirus Relief Fund Assistance Listing Number: 21.019 Pass-Through Entity: City of Chicago Compliance Requirements: Subrecipient Monitoring Audit Findings: Material Noncompliance, Material Weakness Criteria In accordance with 2 CFR section 200.332 related to requirements for pass-through entities, all passthrough entities must address the following relative to information provided to subrecipients: ? Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes detailed federal award identification information as described in 2 CFR section 200.332(a)(1) ? All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award ? Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports ? A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and ? Appropriate terms and conditions concerning closeout of the subaward. Additionally, 2 CFR section 200.332 requires the following monitoring activities: ? Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring ? Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include ? Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501. ? Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records Condition CFF did not communicate the required information to subrecipients noted in the criteria including the communication of what funding represented federal funding and was subject to the related grant requirements. Additionally, while CFF in conjunction with program partners monitored the activities of the sub-grantees, the extent and results of this monitoring was not formally documented. Finally, CFF did not formally monitor audit results for the sub-grantees. Cause CFF has not historically received federal grant funding. As a result, management was not familiar with certain administrative requirements related to program oversight. Effect or potential effect Without information regarding the federal nature of certain pass-through funding, sub-grantees may broadly fail to comply with applicable federal requirements. Furthermore, this could impact CFF?s ability to properly oversee sub-grantees and take necessary corrective action, if applicable. Questioned cost None Context As part of testing this major program, requests were made to review agreements with sub-grantees and inquiries were made of CFF management relative to important requirements in 2 CFR section 200.332 and corresponding actions taken by CFF. These audit procedures identified that these key activities were not conducted. The entire amount of federal expenditures for the year ($915,830) were passed through to subrecipients. This finding is applicable for each subrecipient relationship. Identification as a repeat finding This is not a repeat finding. Recommendation We recommend that in the future CFF take the necessary steps to adhere to the requirements in 2 CFR section 200.332 relative to the monitoring of subrecipients. View of responsible officials The Chicago Connected initiative was supported by various external partners, including government and philanthropic funders. As the fiscal sponsor, the Children First Fund executed service agreements with each participating community-based organization (CBO), that noted the amount they were awarded. As deliverables were met, CFF made payments based on when the funds came in since they were not designated to a particular CBO by funder. As a result, CFF did not notify CBOs which payments came from federal vs philanthropic funding. Understanding that this is required when it comes to distributing federal funds to subrecipients, CFF will ensure that it's internal controls are updated to include this moving forward.
Finding Reference Number: SA2022-006 - Subrecipient Monitoring Assistance Listing Number: 21.027 Assistance Listing Title: COVID-19 ? Coronavirus State and Local Fiscal Recovery Funds Name of Federal Agency: Department of the Treasury Federal Award Identification Number: EES4XJFTXC28 Criteria: 2 CFR sections 200.332(d) through (f) require that a pass-through entity identify the award and applicable requirements to each subrecipient, as well as evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward, and monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. As part of those requirements, Section 200.332(f) requires that the City as a pass through entity ?Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? In addition, section VI, Transfer, of the Interim Final Rule and section D, Transfer, of the Final Rule for the Coronavirus State and Local Fiscal Recovery Funds indicates that the recipient remains responsible for monitoring and overseeing the subrecipient?s use of Fiscal Recovery Funds and other activities related to the award to ensure that the subrecipient complies with the statutory and regulatory requirements and the terms and conditions of the award. Recipients also remain responsible for reporting to Treasury on their subrecipients? use of payments from the Fiscal Recovery Funds for the duration of the award. Condition: The City passed through grant funding of $1,000,000 to a nonprofit during fiscal year 2022 and although the City did perform monitoring procedures during the fiscal year, those procedures did not include seeing that the entity underwent a Single Audit. Since the City alone provided the nonprofit funding in excess of the $750,000 threshold, the City should have expected that a Single Audit was completed. Cause: We understand that City staff was not aware of the requirement to review the entity?s Single Audit. Effect: The City is not in compliance with the subrecipient monitoring requirements of 2 CFR section 200.332(f) or with section VI, Transfer, of the Interim Final Rule and section D, Transfer, of the Final Rule for the Coronavirus State and Local Fiscal Recovery Funds. Recommendation: The City should develop procedures to determine if subrecipients are subject to Single Audit each fiscal year, regardless of the level of funding provided by the City, and review the applicable Single Audit reports for the audit results. View of Responsible Officials and Planned Corrective Actions: Please see Corrective Action Plan separately prepared by the City.
2022-110: Develop and Implement Internal Controls to Obtain Reasonable Assurance over Contractor Compliance with Program Regulations Applicable to: Department of Housing and Community Development Prior Year Finding Number: 2021-088 Type of Finding: Internal Control and Compliance Severity of Deficiency: Material Weakness ALPT or Cluster Name and ALN: Emergency Rental Assistance Program - 21.023 (COVID-19) Federal Award Number and Year: ERA0402; ERAE070; ERA0451; ERAE0400 - 2022 Name of Federal Agency: U.S. Department of the Treasury Type of Compliance Requirement - Criteria: Eligibility - 2 CFR ? 200.303(a); 2 CFR ? 200.501(g) Known Questioned Costs: $0 The Department of Housing and Community Development (Housing and Community Development) cannot provide reasonable assurance that its contractors administered the Emergency Rental Assistance (ERA) federal grant program in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Because of resource limitations, Housing and Community Development partnered with two separate contractors to process applications and determine eligibility on its behalf. The main objective of the ERA federal grant program is to provide rent relief to eligible tenants to prevent eviction and homelessness. Since the ERA federal program's inception, Housing and Community Development has provided $571 million in rental assistance to beneficiaries based on eligibility determinations made by its contractors. The Code of Federal Regulations, 2 CFR ? 200.501(g) states that the auditee is responsible for reviewing the contractor's records to determine program compliance. Additionally, 2 CFR ? 200.303(a) states that non-federal entities must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Reasonable assurance is a high, but not absolute, level of assurance that the entity and its contractors have complied with federal laws and regulations. Housing and Community Development's contractual agreement with their contractors places ultimate responsibility for program compliance with Housing and Community Development. Housing and Community Development incorporated certain measures into its contractual agreements with its contractors related to compliance with 2 CFR ? 200.501(g) and 2 CFR ? 200.303(a). First, Housing and Community Development communicated program requirements to its contractors through a formalized document and received documentation as to how the contractor has designed its internal controls to ensure program compliance. Second, Housing and Community Development added a requirement to the contractual agreement that stipulates the contractor is to provide a daily payment file, listing beneficiaries qualifying to receive payments, that Housing and Community Development is to approve before the contractor processes payment to beneficiaries. While Housing and Community Development's contractual agreements contain important provisions related to program compliance, Housing and Community Development has not developed and implemented a systematic approach for obtaining reasonable assurance over the contractor's internal controls and compliance with federal program regulations. Although Housing and Community Development periodically verifies the contractor's internal controls and compliance when it receives a call from beneficiaries about their application, the agency has not included the periodic verification process in its official policies and procedures. Additionally, the periodic verification process is not sufficient to provide reasonable assurance over the contractor's internal controls or compliance with program operations as they are sporadic in nature. Finally, Housing and Community Development did not maintain appropriate evidence to demonstrate that it reviewed contractor records for program compliance prior to approving the daily payment file. Since management has not collected the evidence needed to provide reasonable assurance of federal program compliance, this has created a scope limitation for the audit and has led the Auditor of Public Accounts to disclaim an opinion for the ERA federal grant program. Housing and Community Development first received ERA federal grant program funding in January 2021 and had until September 2021 to obligate at least 65 percent of its funding or the funding would be subject to recapture from the federal government. Because of the fast- paced nature of this program, much of Housing and Community Development's focus has been on interpreting and implementing the legislation and providing financial assistance to applicants as quickly as possible. Additionally Housing and Community Development's Office of Eviction Prevention and Rental Assistance (Eviction Prevention and Rental Assistance) and Division of Administration (Administration) that are responsible for administering the ERA federal grant program have been unable to develop and implement a systematic process for obtaining reasonable assurance over the contractor's internal controls and compliance because of the lack of time and available resources. Close out for the first grant allotment (ERA1) for the ERA federal award will occur in April 2023. Eviction Prevention and Rental Assistance and Administration should work collaboratively to develop and implement a systematic approach for reviewing contractor records that provides reasonable assurance that it complied with federal statutes, regulations, and the terms and conditions of the federal award. Housing and Community Development should document this process and incorporate it into the agency's official policies and procedures. Further, Housing and Community Development should retain appropriate evidence to demonstrate its review of the contractor's records for program compliance. Finally, Housing and Community Development's executive leadership should oversee the implementation of this process to ensure the agency properly incorporates the policies and procedures into its operations. If Housing and Community Development does not believe it will complete corrective actions before ERA1 close-out, it should work collaboratively with the United States Department of the Treasury to find alternate solutions for ensuring program compliance. Views of Responsible Officials: Views of responsible officials are in the report related to their agency, which can be found at www.apa.virginia.gov. In summary, the views of responsible officials in the agency report do not express a disagreement with the finding.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Criteria: 2 CFR 200.332 provides the various requirements for subrecipient monitoring. 2 CFR 200.332(f) requires pass-through entities to ?verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501.? The University has adopted a subrecipient monitoring policy which addresses the subrecipient monitoring requirements prescribed by 2 CFR 200.332 and includes a provision that the ?Office of Sponsored Projects (OSP) compiles an annual listing of all accounts with expenditures in sub-recipient account codes and requests audit reports from appropriate sub-recipients. The audit reports are reviewed by OSP and any exceptions are noted and reviewed with the sub-recipient. If findings of noncompliance are identified as a result of an audit, sub-recipients are required to provide copies of responses to auditors' reports and a plan for corrective action.? Condition: For one subrecipient the University did not obtain the single audit report and consequently, did not review for any applicable audit findings pertaining to the Federal award provided to the subrecipient. Context: The University had subrecipient agreements with two entities expected to have single audits. We selected one subrecipient for testing and noted that although the University performed the monitoring activities on the subrecipient during the year, the University did not obtain the single audit report for the entity. Cause: Although the University performed certain subrecipient monitoring procedures and has procedures in place to annually obtain and review single audit reports from applicable subrecipients, there was a lack of diligence in complying with the procedures. Effect: Failure to obtain and review the single audit reports of subrecipients, and consequently, not reviewing for any applicable audit findings pertaining to the Federal award provided to the subrecipient, could result in noncompliance with the subrecipient monitoring requirement. Questioned Costs: None Identification of a repeat finding: N/A Recommendations: We recommend the University follow their procedures for subrecipient monitoring to obtain and review single audit reports for subrecipients expected to obtain a single audit and review any applicable audit findings. Views of responsible officials: The HPU Office of Sponsored Projects will work collaboratively with the Principal Investigators together to ensure that the required procedure for subrecipient monitoring is conducted and evidence of such procedure is maintained. The OSP staff will strengthen its policies and procedures so that the required subrecipient single audit report is obtained and reviewed periodically to confirm that the recipient is in compliance with all the applicable federal regulations.
Reference Number: 2022-010 Prior Year Finding: No Federal Agency: U.S. Department of Housing and Urban Development State Agency: Agency of Commerce and Community Development Federal Program: Community Development Block Grant Assistance Listing Number: 14.228 Award Number and Year: B-20-DW-50-0001 (2020) B-20-DC-50-0001 (2020) B-21-DC-50-0001 (2021) Compliance Requirement: Subrecipient Monitoring Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: 2 CFR ?200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501 Audit requirements. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The State of Vermont Agency of Commerce and Community Development was not able to provide support that it ensured its subrecipients were audited as required by 2 CFR Part 200 Subpart F ? Audit Requirements (Subpart F). Context: Exceptions were noted in three of eight subrecipients selected for testing: ? For three of eight subrecipients, the Agency was unable to provide support that it ensured the subrecipients were audited as required by Subpart F. Questioned costs: Undetermined. Cause: The Agency did not establish effective internal controls and procedures over subrecipient monitoring to ensure that it issued and monitored subawards in accordance with 2 CFR section 200.332. Effect: Failure to ensure subrecipients have obtained audits as required by Subpart F increases the risk that subrecipients may inappropriately spend and/or inaccurately track and report federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, or corrected on a timely basis. Questioned costs: Undetermined Recommendation: We recommend the Agency review and enhance internal controls and procedures to ensure that an evaluation of independent audits is performed. Views of responsible officials: Management agrees with the finding.
The Warren County Fiscal Court Failed To Implement Adequate Internal Controls Over Subrecipient Monitoring Federal Program: 21.027 COVID-19 - Coronavirus State And Local Fiscal Recovery Funds Award Number and Year: 1505-0271 2021 Name of Federal Agency and Pass-Thru Agency (if applicable): U.S. Department of the Treasury Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness Amount of Questioned Costs: None Opinion Modification (if applicable): Yes, Qualified COVID Related: Yes The Warren County Fiscal Court failed to implement adequate internal controls over subrecipient monitoring. The fiscal court granted a subaward of Coronavirus State And Local Fiscal Recovery Funds to Live the Dream Development, Inc. in the amount of $1,000,000 for an affordable housing project. As a requirement of the subaward, the subrecipient is required to submit quarterly progress and financial reports to the fiscal court. The fiscal court did not receive any quarterly subrecipient progress or financial reports during the 2021-2022 fiscal year. Awards unspent as of December 31, 2024 are required to be returned to the Warren County Fiscal Court. The award of $1,000,000 was paid on February 14, 2022. Subrecipient reports were not submitted by the subrecipient for quarters ending on March 31, 2022 or June 30, 2022. This was caused by an oversight of the fiscal court. The county treasurer was unaware that reports needed to be submitted to the fiscal court even if none of the funds have been spent by the subrecipient. The treasurer was under the assumption that the project had not been started as of June 30, 2022. By not receiving adequate subrecipient monitoring documentation, the fiscal court is unable to document their supervision of the subaward to the agency to ensure requirements for the federal monies are being followed. Additionally, unallowable activities could go unnoticed due to the lack of oversight. In addition, the opinion was modified. 2 CFR 200.332 lists the requirements for pass-through entities. 2 CFR 220.332(d) requires all pass-through entities to ?Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity.? Additionally, 2 CFR 200.501(a) states ?A non-federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part.? This is not a repeat finding from the previous year.
2022-026 Oregon Housing and Community Services Department Implement program monitoring over client assistance payments to ensure compliance Federal Awarding Agency: U.S. Department of the Treasury Assistance Listing Number and Name: 21.023 Emergency Rental Assistance Program (COVID-19) Federal Award Numbers and Years: ERA 1, 2021; ERA 2, 2021 (COVID-19) Compliance Requirement: Activities Allowed or Unallowed; Eligibility Type of Finding: Material Weakness; Material Noncompliance Prior Year Finding: N/A Questioned Costs: $21,624 (known); $11,067,350 (likely) (COVID-19) Criteria: 2 CFR 200.332(d); 2 CFR 200.501(g) Department management is responsible for monitoring the activities of subrecipients to ensure subawards are used for authorized purposes and are compliant with federal requirements. Additionally, department management is responsible for ensuring compliance when a contractor is responsible for program compliance or the contractor?s records must be reviewed to determine program compliance. The department provided $140 million and $46 million of phase one program funds to community action agencies (subrecipients) and a third-party vendor (contractor) to provide program delivery, respectively; and $132 million phase two program funds to only the contractor. Program delivery included determining client eligibility and making payments for direct client assistance for rent, utilities, internet, and other housing related costs. During implementation of the program, the department provided program manuals to the subrecipients and contractor. Due to the department?s limited staff, they focused on updating policies and procedures to address systemic issues identified; however, if a particularly challenging application required the department?s review, they were available to provide direct assistance. The department did not implement any predefined, systemic program monitoring of the subrecipients or contractor to ensure direct client assistance payments were paid to only eligible clients for only allowable and supported amounts. Therefore, auditors performed additional procedures at the subrecipient and contractor level to determine whether direct client assistance payments were paid to eligible clients for allowable activities. We tested a total of 62 randomly selected direct client assistance payments at 16 subrecipients totaling $183,515, and found the following: ? One subrecipient did not respond to audit requests for documentation, resulting in an inability to test one transaction in the amount of $360. ? One subrecipient did not obtain documentation to support that there was a lease agreement in place, resulting in questioned costs of $5,775. When extrapolated to the total population, these errors result in over $2.3 million in likely questioned costs. We tested 61 randomly selected contractor direct client assistance payments totaling $374,274, and found the following: ? One payment where an incorrect landlord was paid in the amount of $2,700. Attempts to recover the funds have been unsuccessful as of the date of the finding. ? Two payments where the rental amount was doubled, resulting in overpayments totaling $5,910. ? Seven payments where amounts already paid were not accurately reflected in the calculation of assistance provided, resulting in overpayments totaling $4,191. ? Three payments where amounts did not agree to supporting documentation, resulting in overpayments of $2,181. ? Three payments where there was insufficient documentation for amounts paid, resulting in overpayments of $432. ? One payment where costs were paid for the same household on alternate applications, resulting in an overpayment of $73. When extrapolated to the total population, these errors result in over $8.7 million in likely questioned costs. We recommend department management implement predefined, systemic program monitoring to ensure the subrecipients and contractor are administering program funds in accordance with program requirements.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
2022 ? 007 (Previously 2021-003) Subrecipient Monitoring (Significant Deficiency and Noncompliance) Federal Agency: U.S. Department of Treasury Federal Program Name: Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Federal Award Identification Number and Year: Pub. L. No. 117-2-2021 Award Period: 5/10/2021 - 12/31/2026 Type of Finding: ? Significant Deficiency in Internal Control over Compliance, Other Matters Criteria or specific requirement: According to ? 200.303 Internal controls of 2 CFR Part 200, the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. According to ? 200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must: ? Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. ? Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. ? Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501. ? Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. According to the City's subrecipient monitoring policies and procedures, monitoring of subrecipients shall be conducted as often as may be required at the discretion of the Community Development Division or at least once per program year. An annual Risk Assessment will be completed to determine a ranking for the activity. The Risk Assessment ranking score will determine whether a monitoring review will occur. Condition: During our testing, it was noted that the City did not follow federal subrecipient monitoring and management regulation nor its subrecipient monitoring policies and procedures. Questioned costs: None 2022 ? 007 (Previously 2021-003) Subrecipient Monitoring (Significant Deficiency and Noncompliance) (Continued) Context: During our testing, we noted the following exceptions: ? For 2 of 4 subrecipients, the City did not utilize the risk assessment tool specific to ARPA which does have a different risk assessment ranking score determining the monitoring of the subrecipient. The City did, however, perform a monitoring visit for the subrecipients. ? For 1 of 4 subrecipients, the City did not utilize the risk assessment tool specific to ARPA. The City utilized the AGA Risk Assessment Monitoring Tool. We noted the following exceptions. ? According to the Introduction of the AGA Risk Assessment Monitoring Tool, while the risk assessment monitoring tool may be useful in supplementing existing tools, it is not intended to replace any risk assessment tools that may already be in use by monitoring agencies. Further, the City omitted the Programmatic Assessment of the AGA Risk Assessment Monitoring Tool. ? According to the Introduction of the AGA Risk Assessment Monitoring Tool, in using the risk assessment tool, monitoring agencies are encouraged to develop applicable risk factors to evaluate programmatic compliance risk and should use professional judgment in developing a weighted scoring system for each component of the assessment. The City did not develop a weighted scoring system for each component of the assessment. ? No evidence of approval of the AGA Risk Assessment Monitoring Tool. ? In the Monitoring/Audit Assessment section of the AGA Risk Assessment Monitoring Tool, the City marked all N/A based on a response of the subrecipient has not needed to complete a single audit in the past. However, the subrecipient did have a single audit for the fiscal year end date of 12/31/2020 with the Federal Audit Clearinghouse receiving the audit report on 5/27/2021. No review of the single audit by the City. Management?s Progress for Repeat Findings: The City Controller reviewed the listing of subrecipient risk assessments for 2022 and the listing was determined to be complete. The City will update the subrecipient monitoring policies and procedures ad provide training to the departments. Cause: The City failed to follow federal subrecipient monitoring and management regulation nor its subrecipient monitoring policies and procedures. Repeat Finding: 2021-003 Effect: The auditor noted instances of noncompliance. Noncompliance results in subrecipients' noncompliance with federal statutes, regulations, and the terms and conditions of the subaward. Recommendation: We recommend the City design controls to ensure compliance with federal subrecipient monitoring and management regulation and its subrecipient monitoring policies and procedures. Management Response: Management agrees with the finding. The City will develop standard City-wide subrecipient management policies and procedures including risk assessment and monitoring tools. Additionally, any federal program with two or more City departments managing subrecipients will use the same subrecipient tools to ensure consistency. Timeline and Responsible Position: June 2023 ? City Controller/DFAS Deputy Director
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.