Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Cluster: Research and Development Federal Agency: All awards with subrecipients on the SEFA Award Names: All awards with subrecipients on the SEFA Award Numbers: All awards with subrecipients on the SEFA Assistance Listing Title: All awards with subrecipients on the SEFA Assistance Listing Number: All awards with subrecipients on the SEFA Award Year: 2021 - 2022 Pass-through entity: All pass-through entities noted on the SEFA Criteria 2 CFR 200.332 notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Further, Uniform Guidance 2 CFR section 200.331(f) requires that the entity verify that every subrecipient is audited as required by Subpart F? Audit Requirements when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501 Audit requirements ($750,000). Condition In testing conformity with the compliance requirements for subrecipient monitoring, we selected 7 of the 61 Research and Development subrecipient agreements and the one Opioid STR subrecipient agreement from the detailed listings provided for testing. The total federal funds passed through to subrecipients in FY22 amounted to $3.5 million for the Research & Development Cluster, and $24,500 for the Opioid STR program. For all of our selections, the most recent audit report was not reviewed for purposes of ongoing monitoring as required by the Uniform Guidance. The Health System has a risk assessment form that is completed at contract inception for its subrecipients; however, the risk assessment is not reassessed annually for all subrecipients. The most recent risk assessment form was conducted in 2018 for 2 selections, in 2019 for 2 selections, in 2020 for 2 selections and in 2021 for 2 selections. We further noted that 7 of the 8 risk assessment forms selected for testing did not include explicit documentation detailing the subrecipient audit report review (such as what year was reviewed, what were the results of the review, etc.). Additionally, for one selection, the initial subrecipient risk assessment form was reviewed after the subrecipient award agreement was executed. Cause The Health System?s subrecipient policy does not explicitly state the ongoing monitoring activities that must be conducted or the frequency of required monitoring. For instance, the policy does not outlinemonitoring activities that are required for all subrecipients. Additionally, the risk assessment form does not prescribe the details of the subrecipient audit report review that should be documented. Effect The subrecipients of the Health System may have audit findings pertaining to the Federal award provided from the Health System that may have implications on the compliance of the Health System with Uniform Guidance. Additionally, there may be changes in the risk characteristics of subrecipients that are not identified if risk assessments are not periodically updated. Questioned Costs None noted. Recommendation We recommend that he Health System update its subrecipient monitoring policy to reflect all monitoring compliance requirements of the Uniform Guidance. In particular, the policy should require the receipt of the Uniform Guidance report from all subrecipients that expended $750,000 or more in federal awards during the subrecipient?s fiscal year (or the receipt of the subrecipient?s latest financial statements if not) at contract inception. Any audit findings pertaining to the Federal award should be followed up on by the Health System and a management decision should be issued. This Policy should be distributed and adhered to by all that have a role in the subrecipient monitoring process of the Health System. Management?s Views and Corrective Action Plan Management?s response is included in ?Management?s Views and Corrective Action Plan? included at the end of this report after the summary schedule of status of prior audit findings.
Program: Housing Voucher Cluster Assistance Listing No.: 14.871, 14.879 Federal Agency: U.S. Department of Housing and Urban Development Passed-through: n/a ? direct award Award Number and Year: CA131, 2021/2022 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria: 2 CFR 200.331(a) establishes the required elements that the pass-through entity (County) must include in their subrecipient agreements. 2 CFR 200.331(b) establishes the requirement that the pass-through entity must evaluate the risk of noncompliance with Federal statutes, regulations, and terms and conditions of the program for each subaward for the purpose of determining the appropriate subrecipient monitoring activities. 2 CFR 200.331(d) and 2 CFR 200.331(e) establishes the requirement that the pass-through entity must monitor the activities of each subrecipient of program funds to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward and achieves performance goals. 2 CFR 200.331(d) requires that the monitoring activities must include: 1) Reviewing of financial and performance reports as required by the pass-through entity. 2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management decision. 2 CRF 200.331(f) establishes the requirement for the pass-through entity to verify whether the subrecipient is subject to a single audit when the subrecipient?s expenditures are expected to exceed the threshold set forth in 2 CRF 200.501. Condition: In 1 out of 1 instance selected, we found that the subrecipient agreement did not contain the federal award identification elements required to be communicated by the County. We found that the County did not have documented policies or procedures for the evaluation of the subrecipient?s risk of noncompliance with program requirements prior to awarding the subrecipient contract. We also found that the County did not have documented monitoring procedures to be followed based on the assessed level of risk of noncompliance. Furthermore, the County did not have documented procedures to verify whether the subrecipient was subject to a single audit. As a result, we found that in 1 out of 1 instance selected, a documented assessment of the subrecipient?s risk of noncompliance was not performed. In this same instance, a documented review of whether the subrecipient was subject to a single audit was also not performed. Cause: The County did not have documented policies and procedures over subrecipient monitoring to ensure that the required risk assessments and monitoring procedures were performed. The County?s subrecipient contracting procedures also did not require the inclusion of the required elements. Effect: The County did not include all the required elements in their subawards and did not perform appropriate monitoring procedures over the subrecipients. Questioned Costs: No known questioned costs identified. Context/Sampling: We selected 100% of the County?s subrecipients of the program. Repeat Finding from Prior Year(s): Yes, prior year finding 2021-004. Recommendation: We recommend that the County establish documented policies and procedures over subrecipient monitoring, including a documented risk assessment, monitoring procedures, and contract reviews. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
Program: Housing Voucher Cluster Assistance Listing No.: 14.871, 14.879 Federal Agency: U.S. Department of Housing and Urban Development Passed-through: n/a ? direct award Award Number and Year: CA131, 2021/2022 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria: 2 CFR 200.331(a) establishes the required elements that the pass-through entity (County) must include in their subrecipient agreements. 2 CFR 200.331(b) establishes the requirement that the pass-through entity must evaluate the risk of noncompliance with Federal statutes, regulations, and terms and conditions of the program for each subaward for the purpose of determining the appropriate subrecipient monitoring activities. 2 CFR 200.331(d) and 2 CFR 200.331(e) establishes the requirement that the pass-through entity must monitor the activities of each subrecipient of program funds to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward and achieves performance goals. 2 CFR 200.331(d) requires that the monitoring activities must include: 1) Reviewing of financial and performance reports as required by the pass-through entity. 2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management decision. 2 CRF 200.331(f) establishes the requirement for the pass-through entity to verify whether the subrecipient is subject to a single audit when the subrecipient?s expenditures are expected to exceed the threshold set forth in 2 CRF 200.501. Condition: In 1 out of 1 instance selected, we found that the subrecipient agreement did not contain the federal award identification elements required to be communicated by the County. We found that the County did not have documented policies or procedures for the evaluation of the subrecipient?s risk of noncompliance with program requirements prior to awarding the subrecipient contract. We also found that the County did not have documented monitoring procedures to be followed based on the assessed level of risk of noncompliance. Furthermore, the County did not have documented procedures to verify whether the subrecipient was subject to a single audit. As a result, we found that in 1 out of 1 instance selected, a documented assessment of the subrecipient?s risk of noncompliance was not performed. In this same instance, a documented review of whether the subrecipient was subject to a single audit was also not performed. Cause: The County did not have documented policies and procedures over subrecipient monitoring to ensure that the required risk assessments and monitoring procedures were performed. The County?s subrecipient contracting procedures also did not require the inclusion of the required elements. Effect: The County did not include all the required elements in their subawards and did not perform appropriate monitoring procedures over the subrecipients. Questioned Costs: No known questioned costs identified. Context/Sampling: We selected 100% of the County?s subrecipients of the program. Repeat Finding from Prior Year(s): Yes, prior year finding 2021-004. Recommendation: We recommend that the County establish documented policies and procedures over subrecipient monitoring, including a documented risk assessment, monitoring procedures, and contract reviews. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
Program: Emergency Rental Assistance Program Assistance Listing No.: 21.023 Federal Agency: U.S. Department of the Treasury Passed-through: n/a ? direct award Award Number and Year: Not Applicable, 2021/2022 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria: 2 CFR 200.331(a) establishes the required elements that the pass-through entity (County) must include in their subrecipient agreements. 2 CFR 200.331(b) establishes the requirement that the pass-through entity must evaluate the risk of noncompliance with Federal statutes, regulations, and terms and conditions of the program for each subaward for the purpose of determining the appropriate subrecipient monitoring activities. 2 CFR 200.331(d) and 2 CFR 200.331(e) establishes the requirement that the pass-through entity must monitor the activities of each subrecipient of program funds to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward and achieves performance goals. 2 CFR 200.331(d) requires that the monitoring activities must include: 1. Reviewing of financial and performance reports as required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3. Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521 Management decision. 2 CRF 200.331(f) establishes the requirement for the pass-through entity to verify whether the subrecipient is subject to a single audit when the subrecipient?s expenditures are expected to exceed the threshold set forth in 2 CRF 200.501. Condition: In 1 out of 1 instance selected, we found that the subrecipient agreement did not contain the federal award identification elements required to be communicated by the County. We found that the County did not have documented policies or procedures for the evaluation of the subrecipient?s risk of noncompliance with program requirements prior to awarding the subrecipient contract. We also found that the County did not have documented monitoring procedures to be followed based on the assessed level of risk of noncompliance. Furthermore, the County did not have documented procedures to verify whether the subrecipient was subject to a single audit. As a result, we found that in 1 out of 1 instance selected, a documented assessment of the subrecipient?s risk of noncompliance was not performed. In this same instance, a documented review of whether the subrecipient was subject to a single audit was also not performed. Cause: The County did not have documented policies and procedures over subrecipient monitoring to ensure that the required risk assessments and monitoring procedures were performed. The County?s subrecipient contracting procedures also did not require the inclusion of the required elements. Effect: The County did not include all the required elements in their subawards and did not perform appropriate monitoring procedures over the subrecipients. Questioned Costs: None noted. Context/Sampling: We selected 100% of the County?s subrecipients of the program. $6,177,719 was paid to the subrecipient during the fiscal year. Repeat Finding from Prior Year: No. Recommendation: We recommend that the County establish documented policies and procedures over subrecipient monitoring, including a documented risk assessment, monitoring procedures, and contract reviews. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
Subrecipient Monitoring 2022-007 GENERAL INFORMATION: Grant Title: COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Award Number: Assistance Listing #: 21.027 Federal Agency: Department of the Treasury CONDITION: We noted during our audit that the Randolph County Commission failed to properly monitor subrecipients. Specifically, there was no assurance that the allocated funds sent were expensed by the subrecipients. CRITERIA: 'Proper internal control over federal awards passed to subrecipients requires the establishment and maintenance of an effective system to provide reasonable assurance that the subrecipient is managing the federal award in compliance with federal statues, regulations, and terms and conditions of the federal award. 2 CFR Part 200.332 states, in part, that: "(a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes:(1) Federal award identification. (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in ? 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (x)Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi)Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii)Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv)Indirect cost rate for the Federal award (including if the de minimis rate is charged) per ? 200.414. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; (4) (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the pass-through entity must determine the appropriate rate in collaboration with the subrecipient, which is either: (A) The negotiated indirect cost rate between the pass-through entity and the subrecipient; which can be based on a prior negotiated rate between a different PTE and the same subrecipient. If basing the rate on a previously negotiated rate, the pass-through entity is not required to collect information justifying this rate, but may elect to do so; (B) The de minimis indirect cost rate. (4) (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. Subrecipients can elect to use the cost allocation method to account for indirect costs in accordance with ? 200.405(d). (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency).... (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ?200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ?200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward.... (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ?200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records." QUESTIONED COSTS: $163,617 CONTEXT: Disbursements totaling $163,617 were made to subrecipients without activities being monitored to ensure expenditures of the subaward were being used for authorized purposes and in accordance with the grant guidelines. CAUSE: The Randolph County Commission did not have procedures in place to ensure subrecipient monitoring requirements were performed. EFFECT: Failure to properly monitor subrecipients increases the likelihood of errors or irregularities not being prevented or detected in a timely manner. Additionally, the risk of unallowable activities and unallowable costs is significantly increased. Management failed to comply with all applicable, material compliance requirements of the grant agreement. REPEAT FINDING: Yes PRIOR YEAR FINDING NUMBER: 2021-002 RECOMMENDATION: The Randolph County Commission is directed to review these regulations and comply with the provisions set forth therein. VIEWS OF RESPONSIBLE OFFICIALS AND PLANNED CORRECTIVE ACTIONS: We will comply and monitor subrecipient spending going forward.
Criteria: Single Audits under 2 CFR Part 200 Subpart F 200.501? Audit Requirements are required to be submitted through the Federal Clearinghouse nine months from the recipient?s year end. Condition: For the third year in a row the County has not been able to begin the audit early enough to meet the nine-month submission deadline. Cause and Effect: The County has been unable to close the financial records and submit the required information to the auditors in a timely manner, resulting in noncompliance. Repeat Finding: No Recommendation: We recommend that the County submit the required information to the auditors in a timely manner in an effort to meet this deadline. To achieve this goal, it may require the County to either increase staffing levels or hire a consultant.
Criteria: Single Audits under 2 CFR Part 200 Subpart F 200.501? Audit Requirements are required to be submitted through the Federal Clearinghouse nine months from the recipient?s year end. Condition: For the third year in a row the County has not been able to begin the audit early enough to meet the nine-month submission deadline. Cause and Effect: The County has been unable to close the financial records and submit the required information to the auditors in a timely manner, resulting in noncompliance. Repeat Finding: No Recommendation: We recommend that the County submit the required information to the auditors in a timely manner in an effort to meet this deadline. To achieve this goal, it may require the County to either increase staffing levels or hire a consultant.
Criteria: Single Audits under 2 CFR Part 200 Subpart F 200.501? Audit Requirements are required to be submitted through the Federal Clearinghouse nine months from the recipient?s year end. Condition: For the third year in a row the County has not been able to begin the audit early enough to meet the nine-month submission deadline. Cause and Effect: The County has been unable to close the financial records and submit the required information to the auditors in a timely manner, resulting in noncompliance. Repeat Finding: No Recommendation: We recommend that the County submit the required information to the auditors in a timely manner in an effort to meet this deadline. To achieve this goal, it may require the County to either increase staffing levels or hire a consultant.
Criteria: Single Audits under 2 CFR Part 200 Subpart F 200.501? Audit Requirements are required to be submitted through the Federal Clearinghouse nine months from the recipient?s year end. Condition: For the third year in a row the County has not been able to begin the audit early enough to meet the nine-month submission deadline. Cause and Effect: The County has been unable to close the financial records and submit the required information to the auditors in a timely manner, resulting in noncompliance. Repeat Finding: No Recommendation: We recommend that the County submit the required information to the auditors in a timely manner in an effort to meet this deadline. To achieve this goal, it may require the County to either increase staffing levels or hire a consultant.
Reference Number: 2022-024 Prior Year Finding: 2021-024 Federal Agency: U.S. Department of Health and Human Services State Department Name: Department of Health and Social Services State Division Name: Division of Substance Abuse and Mental Health Federal Program: Block Grants for Prevention and Treatment of Substance Abuse, COVID-10 - Block Grants for Prevention and Treatment of Substance Abuse Assistance Listing Number: 93.959 Award Number and Year: B08TI083060 (10/1/2019 ? 9/30/2021), B08TI083488 (10/1/2020 ? 9/30/2022) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Criteria or specific requirement: Compliance: 2 CFR ?200.332 - Requirements for Pass-Through Entities states in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (b) Evaluate each subrecipient?s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient?s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521 Management decision. (e) Depending upon the pass-through entity?s assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient?s program operations; (3) Arranging for agreed-upon-procedures engagements as described in ? 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501 Audit requirements. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Division was not able to provide support that it furnished required information to its subrecipients at the time of subaward, monitored its subrecipients, or ensured its subrecipients were audited as required by 2 CFR Part 200 Subpart F ? Audit Requirements (Subpart F). Context: Exceptions were noted in four of eight subrecipients selected for testing (exceptions listed include multiple exceptions for some subrecipients): ? Four of eight subrecipient agreements were missing the following required information: Subrecipient?s Unique Identifier, Federal Award Identification Number (FAIN), Federal Award Date, Federal Award Project Description, Assistance Listing Number and Title. ? For one of eight subrecipients, the Division was unable to provide support that it ensured the subrecipient was audited as required by Subpart F. The Division could not produce evidence of verification that the subrecipient?s Federal awards expended during the fiscal year were below the threshold set forth in ? 200.501 Audit requirements. ? For four of eight subrecipients, the Division was unable to provide support that it conducted during the award monitoring as required by the Division?s policies and procedures. Questioned costs: Undetermined. Cause: The Division did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis. Recommendation: The Division should review and enhance internal controls and procedures to ensure that all required information is included in all subawards and provided to the subrecipients, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed. Views of responsible officials: The Division has been working to implement corrective action, as this was a prior finding. The implementation timeline overlapped into the current audit period. DSAMH continues to reevaluate its current process and to enhance internal controls and procedures to ensure that all required information is included in all subawards and provided to the subrecipients, also that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed.
Reference Number: 2022-024 Prior Year Finding: 2021-024 Federal Agency: U.S. Department of Health and Human Services State Department Name: Department of Health and Social Services State Division Name: Division of Substance Abuse and Mental Health Federal Program: Block Grants for Prevention and Treatment of Substance Abuse, COVID-10 - Block Grants for Prevention and Treatment of Substance Abuse Assistance Listing Number: 93.959 Award Number and Year: B08TI083060 (10/1/2019 ? 9/30/2021), B08TI083488 (10/1/2020 ? 9/30/2022) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Criteria or specific requirement: Compliance: 2 CFR ?200.332 - Requirements for Pass-Through Entities states in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (b) Evaluate each subrecipient?s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient?s prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521 Management decision. (e) Depending upon the pass-through entity?s assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient?s program operations; (3) Arranging for agreed-upon-procedures engagements as described in ? 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501 Audit requirements. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Division was not able to provide support that it furnished required information to its subrecipients at the time of subaward, monitored its subrecipients, or ensured its subrecipients were audited as required by 2 CFR Part 200 Subpart F ? Audit Requirements (Subpart F). Context: Exceptions were noted in four of eight subrecipients selected for testing (exceptions listed include multiple exceptions for some subrecipients): ? Four of eight subrecipient agreements were missing the following required information: Subrecipient?s Unique Identifier, Federal Award Identification Number (FAIN), Federal Award Date, Federal Award Project Description, Assistance Listing Number and Title. ? For one of eight subrecipients, the Division was unable to provide support that it ensured the subrecipient was audited as required by Subpart F. The Division could not produce evidence of verification that the subrecipient?s Federal awards expended during the fiscal year were below the threshold set forth in ? 200.501 Audit requirements. ? For four of eight subrecipients, the Division was unable to provide support that it conducted during the award monitoring as required by the Division?s policies and procedures. Questioned costs: Undetermined. Cause: The Division did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis. Recommendation: The Division should review and enhance internal controls and procedures to ensure that all required information is included in all subawards and provided to the subrecipients, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed. Views of responsible officials: The Division has been working to implement corrective action, as this was a prior finding. The implementation timeline overlapped into the current audit period. DSAMH continues to reevaluate its current process and to enhance internal controls and procedures to ensure that all required information is included in all subawards and provided to the subrecipients, also that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed.
Reference Number: 2022-029 Prior Year Finding: 2021-027 Federal Agency: U.S. Department Homeland Security State Department Name: Department of Safety and Homeland Security, Federal Emergency Management Agency (FEMA) State Division Name: Delaware Emergency Management Agency (DEMA) Federal Program: Disaster Grants - Public Assistance (Presidentially Declared Disasters), COVID-19 ? Disaster Grants ? Public Assistance (Presidentially Declared Disasters) Assistance Listing Number: 97.036 Award Number and Year: 4526-DR-DE (2022), 4566-DR-DE (2022), 4627-DR-DE (2022) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Criteria or specific requirement: Compliance: 2 CFR ?200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal Award Identification (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient?s unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in ? 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521 Management decision. (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501 Audit requirements. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: DEMA did not furnish all required information to its subrecipients at the time of issuance of the subawards. Further, DEMA was not able to provide support that it monitored the activities of its subrecipients to ensure that the subawards were used for authorized purposes, nor that it ensured its subrecipients were audited as required by 2 CFR Part 200 Subpart F ? Audit Requirements (Subpart F). Context: ? For five of five subrecipients, the following required information was not provided to the subrecipient at the time of award issuance: Federal Award Identification (FAIN), Federal award date, subaward budget period start and end date, Federal award project description as required by FFATA, name of Federal awarding agency, and Assistance Listing number and title. ? For five of five subrecipients, DEMA was unable to provide support that it monitored the activities of its subrecipients during the fiscal year to ensure that the subawards were used for authorized purposes. ? For three of five subrecipients, DEMA was unable to provide support that it ensured the subrecipients were audited as required by Subpart F. DEMA could not produce evidence of verification that the subrecipient?s Federal awards expended during the fiscal year were below the threshold set forth in ? 200.501 Audit requirements. Questioned costs: Undetermined. Cause: DEMA did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure to detect that subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis. Recommendation: DEMA should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that subrecipients are properly monitored, and that evaluation of independent audits is performed. Views of responsible officials: A contractor has been assigned to develop and implement internal controls to ensure all required information is included in all subawards, that subrecipients are properly monitored, and that evaluation of independent audits is performed. Subaward letters were updated in September 2022 and a monitoring protocol implemented to begin monitoring all subrecipients to date to include an evaluation of independent audits that is documented as part of the monitoring visit.
Reference Number: 2022-029 Prior Year Finding: 2021-027 Federal Agency: U.S. Department Homeland Security State Department Name: Department of Safety and Homeland Security, Federal Emergency Management Agency (FEMA) State Division Name: Delaware Emergency Management Agency (DEMA) Federal Program: Disaster Grants - Public Assistance (Presidentially Declared Disasters), COVID-19 ? Disaster Grants ? Public Assistance (Presidentially Declared Disasters) Assistance Listing Number: 97.036 Award Number and Year: 4526-DR-DE (2022), 4566-DR-DE (2022), 4627-DR-DE (2022) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Criteria or specific requirement: Compliance: 2 CFR ?200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: (1) Federal Award Identification (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient?s unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in ? 200.1 of this part) of award to the recipient by the Federal agency; (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521 Management decision. (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501 Audit requirements. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: DEMA did not furnish all required information to its subrecipients at the time of issuance of the subawards. Further, DEMA was not able to provide support that it monitored the activities of its subrecipients to ensure that the subawards were used for authorized purposes, nor that it ensured its subrecipients were audited as required by 2 CFR Part 200 Subpart F ? Audit Requirements (Subpart F). Context: ? For five of five subrecipients, the following required information was not provided to the subrecipient at the time of award issuance: Federal Award Identification (FAIN), Federal award date, subaward budget period start and end date, Federal award project description as required by FFATA, name of Federal awarding agency, and Assistance Listing number and title. ? For five of five subrecipients, DEMA was unable to provide support that it monitored the activities of its subrecipients during the fiscal year to ensure that the subawards were used for authorized purposes. ? For three of five subrecipients, DEMA was unable to provide support that it ensured the subrecipients were audited as required by Subpart F. DEMA could not produce evidence of verification that the subrecipient?s Federal awards expended during the fiscal year were below the threshold set forth in ? 200.501 Audit requirements. Questioned costs: Undetermined. Cause: DEMA did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure to detect that subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by agency personnel on a timely basis. Recommendation: DEMA should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that subrecipients are properly monitored, and that evaluation of independent audits is performed. Views of responsible officials: A contractor has been assigned to develop and implement internal controls to ensure all required information is included in all subawards, that subrecipients are properly monitored, and that evaluation of independent audits is performed. Subaward letters were updated in September 2022 and a monitoring protocol implemented to begin monitoring all subrecipients to date to include an evaluation of independent audits that is documented as part of the monitoring visit.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2201CAFOST and 2022, 2101CAFOST and 2021 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: ? 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). ? 2 CFR 200.332(f) ? Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 21/22 ? 115 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are ?considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients?. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, ?counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.? Condition: The County did not have any formal controls or procedures in place for subrecipient monitoring for the Foster Care program. Cause: The County did not maintain procedures to monitor the activities of each subrecipient, or verify that every subrecipient is audited, as required. Effect: The County did not maintain policies and procedures to align with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of eight (8) out of 53 subrecipients were sampled, which included six (6) FFA, and two (2) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring, and was pervasive to the program. Repeat Findings from Prior Years: No. Recommendation: We recommend that the County implement policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2201CAFOST and 2022, 2101CAFOST and 2021 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: ? 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). ? 2 CFR 200.332(f) ? Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 21/22 ? 115 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are ?considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients?. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, ?counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.? Condition: The County did not have any formal controls or procedures in place for subrecipient monitoring for the Foster Care program. Cause: The County did not maintain procedures to monitor the activities of each subrecipient, or verify that every subrecipient is audited, as required. Effect: The County did not maintain policies and procedures to align with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of eight (8) out of 53 subrecipients were sampled, which included six (6) FFA, and two (2) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring, and was pervasive to the program. Repeat Findings from Prior Years: No. Recommendation: We recommend that the County implement policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2201CAFOST and 2022, 2101CAFOST and 2021 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: ? 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). ? 2 CFR 200.332(f) ? Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 21/22 ? 115 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are ?considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients?. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, ?counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.? Condition: The County did not have any formal controls or procedures in place for subrecipient monitoring for the Foster Care program. Cause: The County did not maintain procedures to monitor the activities of each subrecipient, or verify that every subrecipient is audited, as required. Effect: The County did not maintain policies and procedures to align with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of eight (8) out of 53 subrecipients were sampled, which included six (6) FFA, and two (2) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring, and was pervasive to the program. Repeat Findings from Prior Years: No. Recommendation: We recommend that the County implement policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2201CAFOST and 2022, 2101CAFOST and 2021 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: ? 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). ? 2 CFR 200.332(f) ? Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 21/22 ? 115 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are ?considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients?. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, ?counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.? Condition: The County did not have any formal controls or procedures in place for subrecipient monitoring for the Foster Care program. Cause: The County did not maintain procedures to monitor the activities of each subrecipient, or verify that every subrecipient is audited, as required. Effect: The County did not maintain policies and procedures to align with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of eight (8) out of 53 subrecipients were sampled, which included six (6) FFA, and two (2) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring, and was pervasive to the program. Repeat Findings from Prior Years: No. Recommendation: We recommend that the County implement policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Program: Foster Care Federal Financial Assistance Listing Number: 93.658 Federal Grantor: U.S. Department of Health and Human Services Pass-Through: California Department of Social Services Award No. and Year: 2201CAFOST and 2022, 2101CAFOST and 2021 Compliance Requirements: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria: In accordance with Title 2 U.S. Code of Federal Regulations (CFR) 200.332, pass-through entities must comply with the following: ? 2 CFR 200.332(d)- Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include the information at 2 CFR 200.332(d)(1) through (4). ? 2 CFR 200.332(f) ? Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 200.501. The California Department of Social Services further clarifies in its County Fiscal Letter No. 21/22 ? 115 that Foster Family Agency (FFA), Group Home, and Short Term Residential Therapeutic Programs (STRTP) are ?considered subrecipients and subject to the same audit requirements and require the same degree of oversight as other subrecipients?. Further, while there are some licensing and oversight functions performed by the state over FFAs, group homes, and STRTPs, ?counties are still ultimately responsible for review of these audits and their findings, any follow-up to ensure compliance, and any other form of monitoring and oversight required by federal and state laws and regulations.? Condition: The County did not have any formal controls or procedures in place for subrecipient monitoring for the Foster Care program. Cause: The County did not maintain procedures to monitor the activities of each subrecipient, or verify that every subrecipient is audited, as required. Effect: The County did not maintain policies and procedures to align with the Subrecipient Monitoring requirements in 2 CFR 200.332 and did not comply with subrecipient monitoring requirements related to the program. Questioned Costs: No questioned costs were identified as a result of our procedures. Context/Sampling: A nonstatistical sample of eight (8) out of 53 subrecipients were sampled, which included six (6) FFA, and two (2) STRTP types. The condition noted above was identified during our procedures related to subrecipient monitoring, and was pervasive to the program. Repeat Findings from Prior Years: No. Recommendation: We recommend that the County implement policies and procedures in accordance with 2 CFR 200.332 to ensure compliance with subrecipient monitoring requirements. Views of Responsible Officials: Management agrees. See separately issued Corrective Action Plan.
Finding Reference Number: 2022-018 NH Department of Health and Human Services Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (Assistance Listing #93.323) Federal Award Numbers: NUK50CK000522 Federal Award Year: 2019 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2021-021 Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Identify the Award and Applicable Requirements ? Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). 2. Evaluate Risk ? Evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 3. Monitor ? Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. 4. Ensure Accountability of For-Profit Subrecipients ? Some federal awards may be passed through to for-profit entities. For-profit subrecipients are accountable to the PTE for the use of the federal funds provided. Because 2 CFR Part 200 does not make Subpart F applicable to for-profit subrecipients, the PTE is responsible for establishing requirements, as necessary, to ensure compliance by for-profit subrecipients for the subaward. The agreement with the for-profit subrecipient must describe applicable compliance requirements and the for-profit subrecipient's compliance responsibility. Methods to ensure compliance for federal awards made to for-profit subrecipients may include pre-award audits, monitoring during the agreement, and post-award audits (2 CFR section 200.501(h)). Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2022, the New Hampshire Department of Health and Human Services (the Department) passed through $5,070,789 of federal funding to 56 subrecipients, both for-profit and non-profit. As part of our testing related subrecipient monitoring, we noted the following: A. The Department communicates award information to subrecipients through the approved agreement. Per review of the agreement, for 14 of 14 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332(a). Specifically, one or all of the following elements were not communicated: - Subrecipient unique entity identifier; - Federal award date; - Name of the federal awarding agency, pass-through entity, and contact information for the awarding official of the pass-through entity; - Identification of whether the award is R&D; and - Indirect cost rate for the federal award B. The Department was unable to provide documentation to support it had evaluated subrecipient risk of noncompliance for all subrecipients for purposes of determining the appropriate subrecipient monitoring related to subawards. C. The Department did not perform any during the award monitoring over the programs subrecipients. D. The Department passed through federal funding to for-profit subrecipients. These subrecipients are not subject to 2 CFR 200 Subpart F and as such, no review over the uniform guidance audit report is performed by the Department. The Department was unable to provide documentation to support it had performed procedures to ensure compliance with the subrecipient agreement in accordance with 2 CFR section 200.501(h). Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a - h) and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(a-h) and 2 CFR section 200.501(h). View of Responsible Officials The Department will review its Sub-recipient Monitoring Policy and assess compliance across the Department. It is important to note that between April 2020 and June 2022 the Department was involved in the State?s strategic response to the COVID-19 pandemic. During this time, New Hampshire was under a state of emergency (Executive Order 2020-04), processes were rapidly converted to fully digital overnight, the State?s standard approval processes were suspended and non-standard templates were utilized to respond to the COVID-19 pandemic. The Department worked with other State Departments and the National Guard to create a record number of amendments, contracts, and other agreements (approximately 200% more than standard). The Department is in the process of instituting a new contract life cycle management solution that will utilize conditional logic to include the required notifications for agreements involving federal funds in order to ensure compliance. Implementation is anticipated to be complete in July 2023. As the COVID-19 pandemic strategic response has wound down, the Department has not suspended its regular standard approval or subrecipient risk assessment and monitoring processes and has not used non-standard templates to award federal funding. The Financial Compliance Unit (FCU) will continue to work with the Business System Analyst of the Cost Allocation Unit in determining the amount of Federal payments made to the vendors. The FCU receives a vendor payment list on a quarterly basis that includes the total amount of Federal funds that were paid to all contracted agencies. We will continue to closely monitor the FAC to obtain all copies of the Single Audits pertaining to the DHHS agencies. In addition, we will devise a spreadsheet that will list all contracts that have been awarded Federal funds and cross check these agencies to vendor payment list. The DHHS updated the policy on risk assessment on November 16, 2020 to ensure that all contracts have a risk assessment performed regardless of funding source. We also have added verbiage in the contracts effective for contracts that begin after November 2021. It states any Contractor that receives an amount equal to or greater than $250,000 from the Department during a single fiscal year, regardless of the funding source, may be required, at a minimum, to submit annual financial audits performed by an independent CPA if the Department?s risk assessment determination indicates the Contractor is high-risk. Finally, effective for any new procurement subsequent to March 2022, all back-up documentation must accompany the invoices and be submitted on a monthly basis. Anticipated Completion Date: July 2023 Contact Person: Melissa Kelleher, Grants Administrator, Ann Driscoll, Financial Compliance Unit
Finding Reference Number: 2022-018 NH Department of Health and Human Services Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (Assistance Listing #93.323) Federal Award Numbers: NUK50CK000522 Federal Award Year: 2019 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2021-021 Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Identify the Award and Applicable Requirements ? Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). 2. Evaluate Risk ? Evaluate each subrecipient?s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 3. Monitor ? Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. 4. Ensure Accountability of For-Profit Subrecipients ? Some federal awards may be passed through to for-profit entities. For-profit subrecipients are accountable to the PTE for the use of the federal funds provided. Because 2 CFR Part 200 does not make Subpart F applicable to for-profit subrecipients, the PTE is responsible for establishing requirements, as necessary, to ensure compliance by for-profit subrecipients for the subaward. The agreement with the for-profit subrecipient must describe applicable compliance requirements and the for-profit subrecipient's compliance responsibility. Methods to ensure compliance for federal awards made to for-profit subrecipients may include pre-award audits, monitoring during the agreement, and post-award audits (2 CFR section 200.501(h)). Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2022, the New Hampshire Department of Health and Human Services (the Department) passed through $5,070,789 of federal funding to 56 subrecipients, both for-profit and non-profit. As part of our testing related subrecipient monitoring, we noted the following: A. The Department communicates award information to subrecipients through the approved agreement. Per review of the agreement, for 14 of 14 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332(a). Specifically, one or all of the following elements were not communicated: - Subrecipient unique entity identifier; - Federal award date; - Name of the federal awarding agency, pass-through entity, and contact information for the awarding official of the pass-through entity; - Identification of whether the award is R&D; and - Indirect cost rate for the federal award B. The Department was unable to provide documentation to support it had evaluated subrecipient risk of noncompliance for all subrecipients for purposes of determining the appropriate subrecipient monitoring related to subawards. C. The Department did not perform any during the award monitoring over the programs subrecipients. D. The Department passed through federal funding to for-profit subrecipients. These subrecipients are not subject to 2 CFR 200 Subpart F and as such, no review over the uniform guidance audit report is performed by the Department. The Department was unable to provide documentation to support it had performed procedures to ensure compliance with the subrecipient agreement in accordance with 2 CFR section 200.501(h). Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a - h) and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(a-h) and 2 CFR section 200.501(h). View of Responsible Officials The Department will review its Sub-recipient Monitoring Policy and assess compliance across the Department. It is important to note that between April 2020 and June 2022 the Department was involved in the State?s strategic response to the COVID-19 pandemic. During this time, New Hampshire was under a state of emergency (Executive Order 2020-04), processes were rapidly converted to fully digital overnight, the State?s standard approval processes were suspended and non-standard templates were utilized to respond to the COVID-19 pandemic. The Department worked with other State Departments and the National Guard to create a record number of amendments, contracts, and other agreements (approximately 200% more than standard). The Department is in the process of instituting a new contract life cycle management solution that will utilize conditional logic to include the required notifications for agreements involving federal funds in order to ensure compliance. Implementation is anticipated to be complete in July 2023. As the COVID-19 pandemic strategic response has wound down, the Department has not suspended its regular standard approval or subrecipient risk assessment and monitoring processes and has not used non-standard templates to award federal funding. The Financial Compliance Unit (FCU) will continue to work with the Business System Analyst of the Cost Allocation Unit in determining the amount of Federal payments made to the vendors. The FCU receives a vendor payment list on a quarterly basis that includes the total amount of Federal funds that were paid to all contracted agencies. We will continue to closely monitor the FAC to obtain all copies of the Single Audits pertaining to the DHHS agencies. In addition, we will devise a spreadsheet that will list all contracts that have been awarded Federal funds and cross check these agencies to vendor payment list. The DHHS updated the policy on risk assessment on November 16, 2020 to ensure that all contracts have a risk assessment performed regardless of funding source. We also have added verbiage in the contracts effective for contracts that begin after November 2021. It states any Contractor that receives an amount equal to or greater than $250,000 from the Department during a single fiscal year, regardless of the funding source, may be required, at a minimum, to submit annual financial audits performed by an independent CPA if the Department?s risk assessment determination indicates the Contractor is high-risk. Finally, effective for any new procurement subsequent to March 2022, all back-up documentation must accompany the invoices and be submitted on a monthly basis. Anticipated Completion Date: July 2023 Contact Person: Melissa Kelleher, Grants Administrator, Ann Driscoll, Financial Compliance Unit
Finding 2022-079 Minerals Leasing Act?Subrecipient Monitoring In 1920, the U.S. Congress passed the Minerals Leasing Act. This Act directs the federal Office of Natural Resources Revenue (ONRR) within the U.S. Department of the Interior to share 50 percent of mineral leasing revenue received by the ONRR with states that generate mineral lease revenue. Mineral lease revenue results from payments made to the federal government by companies that lease federal land for the right to extract minerals from that land. According to the Act, revenue is to be used by states as each individual state?s legislature directs, giving priority to those sections of the state that are socially or economically impacted by the extraction of minerals. For Colorado, ONRR distributes Program funds to Treasury, which subgrants?or passes through?Program funds to the Department of Local Affairs (DOLA), the Department of Natural Resources (DNR), the Department of Higher Education (DHE), and the Department of Education (DOE), as prescribed by Section 34-63-102, C.R.S. In turn, DOLA passes the majority of the Program funds it receives to local governments impacted by mineral leasing, such as cities and counties. These local governments are considered subrecipients of the Program, and may use Program monies for ??planning; construction and maintenance of public facilities; and provision of public services.? During Fiscal Year 2022, ONRR distributed approximately $124.9 million in Program revenue to Treasury. Treasury passed all of the Program funds to DOLA, DNR, DHE, and DOE. DOLA then passed approximately $49.2 million of the $52.2 million in Program funds it received to local government subrecipients. DOLA retained the remaining $3.0 million in Program funds to cover administrative costs. DNR, DOE, and DHE spent the Program funds at the state level and did not pass any of the funds through to subrecipients. What was the purpose of our audit work and what work was performed? The purpose of the audit work was to determine whether Treasury had adequate internal controls in place over, and complied with, federal subrecipient monitoring and reporting requirements for the Program during Fiscal Year 2022. As part of our testing, we reviewed Treasury?s progress in implementing our Fiscal Year 2020 audit recommendation related to subrecipient monitoring and reporting requirements for the Program. During that audit, we recommended that Treasury strengthen its internal controls to ensure that it complies with federal requirements for subrecipient monitoring and reporting for the Program by developing an effective monitoring process to ensure that required federal award information is communicated to Program subrecipients, including the Assistance Listing Number, program name, federal awarding agency, name of the department awarding the Program monies, Treasury department contact information, and dollar amount. In addition, we recommended that Treasury implement procedures to accurately prepare and submit the Exhibit K1, Schedule of Federal Assistance, to the Office of the State Controller (OSC) for reporting federal assistance information each year and to ensure the Exhibit K1 accurately reflects Program expenditures. During our Fiscal Year 2022 audit, we inquired about Treasury?s monitoring procedures over its Program subrecipients, including its required communications. We also reviewed Treasury?s Exhibit K1 to verify the accuracy of the information reported to the OSC and to assess Treasury?s compliance with federal reporting requirements and the OSC?s instructions. How were the results of the audit work measured? We measured the results of our audit work against the following requirements: Federal regulations [2 CFR 200.303] require that Treasury, as a federal grant recipient, establish and maintain effective internal controls over federal awards that provide reasonable assurance that awards are being managed in compliance with federal statutes, regulation, and the terms and conditions of the federal award. Federal regulations [2 CFR 200.332] further require that Treasury, as the primary recipient of the Program monies, ensure that every subaward it makes is clearly identified to the subrecipient as a subaward, and that Treasury provides specific information about the Program to the subrecipients, including, but not limited to, the following: ? Assistance Listing Number ? Name of the program, name of the federal awarding agency, and name of the department awarding the Program monies ? Contact information for Treasury ? Dollar amount made available to the subrecipient ? Reporting requirements The State and any local governments receiving federal funds are required to present a Schedule of Expenditures of Federal Awards (SEFA) in accordance with the requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Federal regulations [2 CFR 200.501(b)] specifically require that the SEFA include information on each federal award expended during the year, including the total amount provided to subrecipients from each federal award. Any non-federal entity that expends $750,000 or more in total federal awards during the entity?s fiscal year must undergo a Single Audit or program-specific audit for that year. Federal regulations [2 CFR 200.332(f)] further require that Treasury, as the primary recipient of the Program funds, ensure that any non-state subrecipients receiving federal funds from the State during a given fiscal year report the funds on their respective SEFAs and, if applicable, undergo a Single Audit. The Exhibit K1 is used to report federal expenditure information to the OSC to aid the OSC in preparing the State?s SEFA, which reports the total federal awards expended by the State during the fiscal year. The instructions state that the OSC relies on the accuracy of amounts and other information reported on the Exhibit in preparing the SEFA. What problem did the audit work identify? We found that Treasury did not fully implement our prior audit recommendation related to federal subrecipient monitoring for the Program during Fiscal Year 2022. Specifically, we found that Treasury did not communicate, or ensure that DOLA communicated, the required award information and applicable federal compliance requirements to all Program subrecipients in accordance with federal regulations. In response to our prior audit recommendation, Treasury reported that they met with DOLA staff in June 2022 to discuss an interagency agreement that would establish expectations for DOLA to communicate required federal award information and applicable federal compliance requirements for this Program to subrecipients. However, as of the end of the fiscal year, this interagency agreement was not signed or in place. Further, Treasury, as the primary recipient of the Program funds, did not ensure that it or DOLA communicated and followed up with any non-state subrecipients receiving federal funds from the State during Fiscal Year 2022 to ensure the subrecipients reported the funds on their respective SEFAs and, if applicable, underwent a Single Audit. We determined that Treasury implemented part of our prior audit recommendation related to the preparation of its Exhibit K1 in accordance with federal requirements. Specifically, Treasury received information from pass-through departments in order to properly determine whether Program funds ultimately flowed through to subrecipients and reported these funds as ?Expenditures -Passed Through to Subrecipient? on Treasury?s Exhibit K1. Why did this problem occur? Treasury did not have adequate internal controls in place during Fiscal Year 2022 to ensure that it complied with federal subrecipient monitoring requirements for the Program. Specifically, Treasury staff did not effectively communicate with DOLA staff about their responsibility for subrecipient reporting or have a monitoring process in place to ensure that either Treasury or DOLA staff communicated required federal award information and related federal reporting requirements to all subrecipients of Program funds, including a communication that any subrecipients receiving Program funds from the State during Fiscal Year 2022 are required to report the funds on their respective SEFAs and, if applicable, undergo a Single Audit. Why does this problem matter? By not communicating required information to subrecipients, Treasury failed to comply with federal subrecipient monitoring requirements for the Program. This communication is necessary to ensure that subrecipients are aware of the federal requirements for the funds, including the requirement that local governments properly report federal expenditures on their SEFAs. Treasury?s insufficient monitoring of Program subrecipients could result in future federal funding being reduced. In addition, if Treasury does not appropriately communicate SEFA reporting requirements to other state agencies and non-state subrecipients in the future, it could ultimately result in local governments not undergoing Single Audits, as required. See Schedule of Findings and Questioned Costs for chart/table Recommendation 2022-079 The Department of the Treasury (Treasury) should strengthen its internal controls to ensure that it complies with federal requirements for subrecipient monitoring and reporting for the Minerals Leasing Act program (Program). This should include developing effective processes to ensure that required federal award information, including the Assistance Listing Number, federal program name, and dollar amount made available to the subrecipient, and the related federal requirements are communicated to Program subrecipients, and that the subrecipients report the funds on their respective annual Schedules of Expenditures of Federal Awards and, if applicable, undergo a Single Audit. Response Department of The Treasury Agree Implementation Date: June 30, 2023 The Department of the Treasury (Treasury) strengthened its internal controls with DOLA?s agreement to disseminate the necessary information to the subrecipients in compliance with federal requirements for subrecipient monitoring and reporting for the Minerals Leasing Act program (Program) at the earliest possible opportunity following receipt of the recommendation in the previous FYE?s report as the monitoring and reporting for the Program could only be performed following the annual distribution of such funds which took place subsequent to FYE 2022. The Department will formalize an Interagency Agreement with DOLA and any other relevant parties, incorporating additional corrective action before the stated date above (June 30, 2023).
Assistance Listing, Federal Agency, and Program Name - Assistance Listing 66.443, Environmental Protection Agency, Reducing Lead in Drinking Water Federal Award Identification Number and Year - OOE02968, 2021 Pass-through Entity - n/a Finding Type - Material weakness Repeat Finding - No Criteria - 2 CFR 200.508 requires the City to prepare appropriate financial statements, including the schedule of expenditures of federal awards (SEFA) in accordance with 2 CFR 200.510. The SEFA must list individual federal programs as required by 2 CFR 200.501(b)(1). The SEFA is the basis for the auditor determination of major programs as required by 2 CFR 200.518. Condition - The original SEFA prepared for audit purposes did not include all federal expenditures that should have been reported under ALN 66.443. Questioned Costs - None Identification of How Questioned Costs Were Computed - n/a Context - Approximately $864,000 of federal expenditures were not included in the original SEFA prepared for audit purposes under ALN 66.443. Cause and Effect - The City's controls over reconciling the SEFA to federal revenue did not detect the missing expenditures because federal revenue was not appropriately accrued by $864,000. As a result, ALN 66.443 was not originally identified as a major program. Recommendation - The City should review its controls over preparation of the SEFA and reconciling the SEFA to federal expenditures per the general ledger to ensure the appropriate amount of federal expenditures are reported on the SEFA. Views of Responsible Officials and Corrective Action Plan - We agree with the auditor’s recommendation. Changes have been implemented to ensure all programs with both federal and state/local funding will be examined to ensure correct expenditure by funding source is properly recorded.
Reference Number: 2022-011 Category of Finding: Subrecipient Monitoring Type of Finding: Material Weakness and Material Instance of Noncompliance State Administering Department: California Department of Public Health (Public Health) Assistance Listing Number: 93.323 Federal Program Title: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) Federal Award Number and Year: NU50CK000539; 2021 Criteria Title 2 - Grants and Agreements. Subtitle A - Office of Management and Budget Guidance for Grants and Agreements. Chapter II - Office of Management and Budget Guidance. Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D - Post Federal Award Requirements. §200.303 Internal controls (2 CFR 200.303): The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2 - Grants and Agreements. Subtitle A - Office of Management and Budget Guidance for Grants and Agreements. Chapter II - Office of Management and Budget Guidance. Part 200 - Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D - Post Federal Award Requirements. §200.332 Requirements for pass-through entities (2 CFR 200.332): All pass-through entities must: (b) Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient’s prior experience with the same or similar subawards: (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving cross-cutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section §200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in §200.501. (g) Consider whether the results of the subrecipient’s audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity’s own records. Condition Public Health did not establish a formal risk assessment process over its subrecipients of federal awards to determine the frequency and extent of subrecipient monitoring to be performed. While Public Health received reimbursement invoices from subrecipients, there did not appear to be other financial or programmatic monitoring to verify subrecipents compliance with applicable requirements. In addition, Public Health did not obtain Single Audit reports from those subrecipients as required. Identification as a Repeat Finding Finding 2021-014 was reported in the immediate prior year. Cause Procedures to perform the required subrecipient monitoring were not established nor performed by Public Health. Effect By not properly evaluating the risk of noncompliance, Public Health may inadvertently award grant funds to subrecipients who lack the necessary mechanisms or understanding to adhere to federal statutes. This increases the likelihood of noncompliance arising during the performance of the grant-funded activities. Furthermore, failure to perform monitoring procedures or obtain Single Audit reports increases the risk for not properly identifying subrecipient program control weaknesses, noncompliance, and performing sufficient follow-up on any subrecipient corrective action. Questioned Costs No questioned costs were identified. Context Disbursements to subrecipients for the ELC program totaled $301,107,041, or 31.0% of total reported program expenditures. Recommendation Public Health should establish and document formal procedures for conducting risk assessments of its subrecipients, including criteria for evaluating organizational capacity, financial stability, compliance history, and programmatic capabilities. Public Health should also develop and implement specific subrecipient monitoring procedures and establish a process for obtaining Single Audit reports from its subrecipients. Furthermore, a monitoring mechanism should be implemented to track compliance with the single audit mandate among subrecipients, including regular follow-ups and documentation of communication efforts. Views of Responsible Officials and Corrective Action Plan Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
2022-007 - Noncompliance with Subrecipient Monitoring RequirementsAward Years: 2018, 2020 - 2022Award Numbers: DUE-2044358, NA18OAR4170098, OIA-2019511, OIA-2119688Compliance Requirement: Subrecipient MonitoringRepeat Finding: Yes (Prior Year Finding No. 2021-010)See Schedule of Findings and Questioned Costs for chart/tableCondition:For the second consecutive year, UL Lafayette did not adequately monitor subrecipients of the R&D Cluster programs. In a non-statistical sample of five subawards out of a population of 49 subawards, it was noted that for four (80%) of the subrecipients evaluated UL Lafayette was unable to provide documentation that ensured each subrecipient obtained the required audit or that the audit was reviewed so that timely and appropriate action could be taken for any findings pertaining to the federal awards. Additionally, for all five (100%) of the subrecipients evaluated, UL Lafayette could not provide evidence that the required risk analyses were performed to evaluate each subrecipients? risk of noncompliance with federal regulations and the terms of the subaward.Criteria:2 CFR 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.Per 2 CFR 200.332(f), pass-through entities are responsible for verifying that every subrecipient is audited as required by 2 CFR Part 200, subpart F when it is expected that the subrecipient's federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in CFR 200.501 of $750,000 or more in federal awards during the subrecipient?s fiscal year.2 CFR 200.332(d)(2) requires that pass-through entities follow-up and ensure that the subrecipient takes timely and appropriate action on all deficiencies provided to the subrecipient from the pass-through entities detected through audits, on-site reviews, and written confirmation from the subrecipient.2 CFR 200.332(d)(2) and (3) require pass-through entities to issue a management decision on applicable audit findings in accordance with 2 CFR 200.521, within six months after acceptance of the subrecipient?s audit report by the Federal Audit Clearinghouse, and ensure that the subrecipient takes timely and appropriate corrective action on all findings.Cause:UL Lafayette management indicated that it was working on internal procedures to adequately monitor subrecipients as result of the prior-year finding. However, management has yet to finalize and apply these procedures on all active subrecipients.Effect:Failure to properly monitor subrecipients results in noncompliance with federal regulations and increases the likelihood of improper payments which may have to be returned to the federal awarding agency.Recommendation:UL Lafayette should strengthen controls to ensure the timely review of all required subrecipient audit reports in order to evaluate the impact of any findings noted in the audits and issue management decision letters, if applicable. In addition, UL Lafayette should strengthen controls to ensure risk assessments are performed and documented on all subrecipients in accordance with federal regulations.Management?s Response and Corrective Action Plan:Management did not concur with the finding, noting it did not have sufficient time in fiscal year 2022 for corrective action and provided its progress on addressing the finding (B-83).
2022-007 - Noncompliance with Subrecipient Monitoring RequirementsAward Years: 2018, 2020 - 2022Award Numbers: DUE-2044358, NA18OAR4170098, OIA-2019511, OIA-2119688Compliance Requirement: Subrecipient MonitoringRepeat Finding: Yes (Prior Year Finding No. 2021-010)See Schedule of Findings and Questioned Costs for chart/tableCondition:For the second consecutive year, UL Lafayette did not adequately monitor subrecipients of the R&D Cluster programs. In a non-statistical sample of five subawards out of a population of 49 subawards, it was noted that for four (80%) of the subrecipients evaluated UL Lafayette was unable to provide documentation that ensured each subrecipient obtained the required audit or that the audit was reviewed so that timely and appropriate action could be taken for any findings pertaining to the federal awards. Additionally, for all five (100%) of the subrecipients evaluated, UL Lafayette could not provide evidence that the required risk analyses were performed to evaluate each subrecipients? risk of noncompliance with federal regulations and the terms of the subaward.Criteria:2 CFR 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.Per 2 CFR 200.332(f), pass-through entities are responsible for verifying that every subrecipient is audited as required by 2 CFR Part 200, subpart F when it is expected that the subrecipient's federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in CFR 200.501 of $750,000 or more in federal awards during the subrecipient?s fiscal year.2 CFR 200.332(d)(2) requires that pass-through entities follow-up and ensure that the subrecipient takes timely and appropriate action on all deficiencies provided to the subrecipient from the pass-through entities detected through audits, on-site reviews, and written confirmation from the subrecipient.2 CFR 200.332(d)(2) and (3) require pass-through entities to issue a management decision on applicable audit findings in accordance with 2 CFR 200.521, within six months after acceptance of the subrecipient?s audit report by the Federal Audit Clearinghouse, and ensure that the subrecipient takes timely and appropriate corrective action on all findings.Cause:UL Lafayette management indicated that it was working on internal procedures to adequately monitor subrecipients as result of the prior-year finding. However, management has yet to finalize and apply these procedures on all active subrecipients.Effect:Failure to properly monitor subrecipients results in noncompliance with federal regulations and increases the likelihood of improper payments which may have to be returned to the federal awarding agency.Recommendation:UL Lafayette should strengthen controls to ensure the timely review of all required subrecipient audit reports in order to evaluate the impact of any findings noted in the audits and issue management decision letters, if applicable. In addition, UL Lafayette should strengthen controls to ensure risk assessments are performed and documented on all subrecipients in accordance with federal regulations.Management?s Response and Corrective Action Plan:Management did not concur with the finding, noting it did not have sufficient time in fiscal year 2022 for corrective action and provided its progress on addressing the finding (B-83).
2022-007 - Noncompliance with Subrecipient Monitoring RequirementsAward Years: 2018, 2020 - 2022Award Numbers: DUE-2044358, NA18OAR4170098, OIA-2019511, OIA-2119688Compliance Requirement: Subrecipient MonitoringRepeat Finding: Yes (Prior Year Finding No. 2021-010)See Schedule of Findings and Questioned Costs for chart/tableCondition:For the second consecutive year, UL Lafayette did not adequately monitor subrecipients of the R&D Cluster programs. In a non-statistical sample of five subawards out of a population of 49 subawards, it was noted that for four (80%) of the subrecipients evaluated UL Lafayette was unable to provide documentation that ensured each subrecipient obtained the required audit or that the audit was reviewed so that timely and appropriate action could be taken for any findings pertaining to the federal awards. Additionally, for all five (100%) of the subrecipients evaluated, UL Lafayette could not provide evidence that the required risk analyses were performed to evaluate each subrecipients? risk of noncompliance with federal regulations and the terms of the subaward.Criteria:2 CFR 200.332(b) requires pass-through entities to evaluate each subrecipient's risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.Per 2 CFR 200.332(f), pass-through entities are responsible for verifying that every subrecipient is audited as required by 2 CFR Part 200, subpart F when it is expected that the subrecipient's federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in CFR 200.501 of $750,000 or more in federal awards during the subrecipient?s fiscal year.2 CFR 200.332(d)(2) requires that pass-through entities follow-up and ensure that the subrecipient takes timely and appropriate action on all deficiencies provided to the subrecipient from the pass-through entities detected through audits, on-site reviews, and written confirmation from the subrecipient.2 CFR 200.332(d)(2) and (3) require pass-through entities to issue a management decision on applicable audit findings in accordance with 2 CFR 200.521, within six months after acceptance of the subrecipient?s audit report by the Federal Audit Clearinghouse, and ensure that the subrecipient takes timely and appropriate corrective action on all findings.Cause:UL Lafayette management indicated that it was working on internal procedures to adequately monitor subrecipients as result of the prior-year finding. However, management has yet to finalize and apply these procedures on all active subrecipients.Effect:Failure to properly monitor subrecipients results in noncompliance with federal regulations and increases the likelihood of improper payments which may have to be returned to the federal awarding agency.Recommendation:UL Lafayette should strengthen controls to ensure the timely review of all required subrecipient audit reports in order to evaluate the impact of any findings noted in the audits and issue management decision letters, if applicable. In addition, UL Lafayette should strengthen controls to ensure risk assessments are performed and documented on all subrecipients in accordance with federal regulations.Management?s Response and Corrective Action Plan:Management did not concur with the finding, noting it did not have sufficient time in fiscal year 2022 for corrective action and provided its progress on addressing the finding (B-83).
Reference Number:2022-010Prior Year Finding:NoFederal Agency:U.S. Department of the TreasuryState Agency:Department of Community AffairsFederal Program:COVID-19 - Homeowner Assistance FundAssistance Listing Number:21.026Award Number and Year:HAF0019 (2021)Compliance Requirement:Subrecipient MonitoringType of FindingSignificant Deficiency in Internal Control over Compliance, Other MattersCriteria or specific requirement:Compliance ? Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward.Required information includes:i. Subrecipient name (which must match the name associated with its unique entity identifier);ii. Subrecipient's unique entity identifier;iii. Federal Award Identification Number (FAIN);iv. Federal Award Date (see the definition of Federal award date in ? 200.1 of this part) of award to the recipient by the Federal agency;v. Subaward Period of Performance Start and End Date;vi. Subaward Budget Period Start and End Date;vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient;viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation;ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity;x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA);xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity;xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement;xiii. Identification of whether the award is R&D; andxiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per section 200.414.2 CFR section 200.332 also states that pass-through entities must:(d) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as:1) The subrecipient's prior experience with the same or similar subawards;2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program;3) Whether the subrecipient has new personnel or new or substantially changed systems;4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency).(e) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include:(1) Reviewing financial and performance reports required by the pass-through entity.(2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means.(3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521 Management decision.(f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in ? 200.501 Audit requirements.Control ? Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).Condition:The Department of Community Affairs (Department) did not comply with subrecipient monitoring requirements for the program.Context:The Department issued one subaward under the program and it was noted that the subaward did not include all required Federal Award information, nor did the Department perform a risk assessment of the subrecipient or perform monitoring activities for the award.Questioned costs:None noted.Cause:The Department?s procedures and controls were not effective to ensure the subaward was issued in compliance with Federal requirements, nor that it performed a risk assessment or timely monitoring of subrecipient.Effect:Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance.Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved.Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis.Recommendation:The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed.Views of responsible officials:As recommended, the Department of Community Affairs (DCA) will review current procedures to ensure that all subaward information required by the federal Uniform Guidance is included in all subaward contracts and grant agreements. The DCA has also reviewed its current subrecipient monitoring procedures for standard subawards made by the agency and has determined that no internal control enhancements are required. The HAF award was a unique grant relationship for DCA in that the entire award was passed through to another New Jersey State government agency that is a direct affiliate of the Department. Monitoring procedures were determined based on the close working relationship with our affiliate organization and the fact that less than 1 percent of the grant award was expended through June 30, 2022. Current procedures included a risk assessment of the subrecipient and performance of the single audit desk review of the independent audit report. In addition, the Director of Audit, and the Executive Director of the subgrantee affiliate participate in weekly meetings where updates on the program status can be determined. DCA?s subrecipient monitoring plan also includes the hiring of an Integrity Monitor to oversee and monitor the use of the HAF funds as well as compliance with all HAF program reporting requirements. As program disbursement activity is continuing to increase with the HAF program(s) created more fully up and running, DCA is currently targeting the Integrity Monitor hire to take place sometime within the next three to six months.
Lack of Internal Controls and Noncompliance with Subrecipient Monitoring Requirement –Coronavirus Relief Fund (Repeat Finding - 2021-001) FEDERAL AGENCY: U.S. Department of the Treasury ASSISTANCE LISTING: 21.019 FEDERAL PROGRAM NAME: Coronavirus Relief Fund FEDERAL AWARD NUMBER: SLT0259 FEDERAL AWARD YEAR: 2021 CONTROL CATEGORY: Subrecipient Monitoring QUESTIONED COSTS: $176,562 Condition: During the process of documenting the County’s internal controls regarding federal disbursements, we noted that Oklahoma County has not established the following procedures to ensure compliance with the Subrecipient Monitoring requirements: • Identify the award and applicable requirements to the subrecipients. • Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). Further, when performing tests over compliance of the federal grant, it was noted that the County did not perform any subrecipient monitoring procedures. In addition, subaward agreements were not designed to ensure the subrecipients understand and use the funds in accordance with federal regulations, and terms and conditions of the subaward. Cause of Condition: Policies and procedures have not been designed and implemented to ensure the County complies with federal laws and regulations and grant agreements. Effect of Condition: This condition resulted in noncompliance with federal laws and regulations and grant agreements. Recommendation: OSAI recommends the County comply with federal laws and regulations and grant agreements by creating award agreements that are designed and implemented to ensure Subrecipient Monitoring is performed. Management Response: Chairman of the Board of County Commissioners: Oklahoma County will comply with federal laws and regulations and grant agreements by creating award agreements that are designed and implemented to ensure Subrecipient Monitoring is performed. Criteria: GAO Standards – Section 2 – Establishing an Effective Internal Control System – OV2.23 states in part: Objectives of an Entity – Compliance Objectives Management conducts activities in accordance with applicable laws and regulations. As part of specifying compliance objectives, the entity determines which laws and regulations apply to the entity. Management is expected to set objectives that incorporate these requirements. 2 CFR § 200.303(a) Internal Controls reads as follows: The non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR § 200.332 states: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward… (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section,… (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals areachieved. ... (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations.
Lack of Internal Controls and Noncompliance with Subrecipient Monitoring Requirement – Emergency Rental Assistance Program (Repeat Finding – 2021-002) FEDERAL AGENCY: U.S. Department of the Treasury ASSISTANCE LISTING: 21.023 FEDERAL PROGRAM NAME: Emergency Rental Assistance Program FEDERAL AWARD NUMBER: ERAE0514, ERAE0418 FEDERAL AWARD YEAR: 2022 CONTROL CATEGORY: Subrecipient Monitoring QUESTIONED COSTS: $13,241,928 Condition: During the process of documenting the County’s internal controls regarding federal disbursements, we noted that Oklahoma County has not established the following procedures to ensure compliance with the Subrecipient Monitoring requirements: • Identify the award and applicable requirements to the subrecipients. • Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). Further, when performing tests over compliance of the federal grant, it was noted that the County did not perform any subrecipient monitoring procedures. In addition, subaward agreements were not designed to ensure the subrecipients understand and use the funds in accordance with federal regulations, and terms and conditions of the subaward. Cause of Condition: Policies and procedures have not been designed and implemented to ensure the County complies with federal laws and regulations and grant agreements. Effect of Condition: This condition resulted in noncompliance with federal laws and regulations and grant agreements. Recommendation: OSAI recommends the County comply with federal laws and regulations and grant agreements by creating award agreements that are designed and implemented to ensure Subrecipient Monitoring is performed. Management Response: Chairman of the Board of County Commissioners: Oklahoma County will comply with federal laws and regulations and grant agreements by creating award agreements that are designed and implemented to ensure Subrecipient Monitoring is performed. Criteria: GAO Standards – Section 2 – Establishing an Effective Internal Control System – OV2.23 states in part: Objectives of an Entity – Compliance Objectives Management conducts activities in accordance with applicable laws and regulations. As part of specifying compliance objectives, the entity determines which laws and regulations apply to the entity. Management is expected to set objectives that incorporate these requirements. 2 CFR § 200.303(a) Internal Controls reads as follows: The non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). 2 CFR § 200.332 states: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward… (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, . . . (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. … (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations.
Condition: The Single Audit reporting package, as defined and required in 2 CRF 200.512 for fiscal year ended June 30, 2022, was not submitted timely. Context: Despite the Municipality’s best efforts to provide, on a timely basis, the information needed to complete the preparation and subsequent audit of their financial statements, the effects of the major disaster area declaration due to Hurricane Fiona delayed the submission of the Single Audit reporting package of the current year. Criteria: As per 2 CRF 200.512, the audit, data collection form, and reporting package must be submitted within the earlier of 30 calendar days after receipt of the auditor’s report, or nine months after the end of the audit period. However, for any 2022 submissions with fiscal periods ending between January 1, 2022, and October 31, 2022, the requirement stating that single audits are due to the Federal Audit Clearinghouse 30 days after receipt of the auditor’s report(s), is waived. These audits will be considered on time if they are submitted within nine months after their fiscal period end date. Cause: On September 18, 2022, Puerto Rico was declared a major disaster area due to the passage of Hurricane Fiona. As a result of this declaration, the OMB granted a six-month extension for all single audits that cover recipients in Puerto Rico and have due dates between September 18, 2022 and December 31, 2022. For June 30, 2021, the extended due date was March 31, 2023. The Municipality benefited from this extension and submitted their financial statements and data collection form on March 17, 2023. The due date of the current fiscal year, June 30, 2022 however was not extended and was also due on March 31, 2023. This situation prevented the timely submission of the current fiscal year Single Audit reporting package. Effect: Because of the situation described above, the Municipality did not comply with the report submission requirement since the audit was not submitted within nine months after their fiscal period end date. Auditor’s recommendation: Management should continue to fulfill their auditee responsibilities as stated in 2 CRF 200.508 which among other things, require management to prepare appropriate financial statements and provide the auditor with access to personnel, accounts, books, records, supporting documentation, and other information as needed for the auditor to perform the audit to ensure that subsequent financial reporting packages are submitted timely. Views of Responsible officials and corrective actions: The Municipality Administration is committed to complying with all submissions and has ensured the proper signing of an external auditors firm to comply with such requirements. Auditor Comments: 2 CFR 200.501 states that a non-federal entity that expends $750,000 or more in Federal awards during the non-Federal entity’s fiscal year must have a single audit conducted in accordance with 2 CFR 200.514. 2 CFR 200.508 states that it is the auditee responsibility to (1) prepare financial statements, including, the schedule of expenditures of Federal awards in accordance with 2 CFR 200.510, (2) promptly follow up and take corrective action on audit findings, including preparing a summary schedule of prior audit findings and a corrective plan, and (3) provide the auditor access to personnel, accounts, books, records, supporting documentation, and any other information needed for the auditor to perform the audit required by this part, among other things. Audit Status: In process of completion.
Finding 2022-007 — Lack of Internal Controls and Noncompliance with Subrecipient Monitoring – Emergency Rental Assistance Program (Repeat Finding 2021-013) FEDERAL AGENCY: U.S. Department of the Treasury ASSISTANCE LISTING: 21.023 FEDERAL PROGRAM NAME: Emergency Rental Assistance Program FEDERAL AWARD NUMBER: ERA0174, ERAE0225 FEDERAL AWARD YEAR: 2022 CONTROL CATEGORY: Subrecipient Monitoring QUESTIONED COSTS: $6,397,374 Condition: During the process of documenting the County’s internal controls regarding federal disbursements for the Emergency Rental Assistance Program (ERA), we noted that Cleveland County has not established the following procedures to ensure compliance with the Subrecipient Monitoring requirements: • Evaluate subrecipient’s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward. • Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. Further, while documenting controls over the subrecipient program and administrative expenditures for the ERA1, we noted the following: • The County was unable to provide supporting documents for the administrative costs of the consultant for this grant totaling $64,800. • The County was unable to provide supporting documentation of the subrecipient’s administrative expenditures totaling $453,067. Cause of Condition: Policies and procedures have not been designed and implemented to ensure the County complies with federal laws and regulations and grant agreements; and adequate subrecipient monitoring policies and procedures had not been established by the County prior to entering into agreements with subrecipients. Effect of Condition: This condition resulted in noncompliance with grant requirements. Also, the subrecipient may not be in compliance with the award terms and there is an increased risk of mismanagement and fraud by the subgrantees. Recommendation: OSAI recommends the County design and implement internal controls to ensure that it administers current and future ERA grants in accordance with applicable federal laws and grant requirements, including ensuring that grant subrecipients are properly informed of federal requirements related to allowable costs and that subrecipient monitoring procedures are designed and implemented. Subrecipients should be reimbursed for administrative costs based on supporting documentation for actual costs incurred rather than making advance payments for a set percentage of program funds advanced. Management Response: Chairman of the Board of County Commissioners: Cleveland County takes the auditor's findings seriously and has already implemented several improvements in documentation, monitoring, and reporting practices. Cleveland County is working toward improvements for fiscal year 2025 and has reconciled billing to align with the contract scope of work. However, we recognize the need for documented internal controls and are committed to addressing all recommendations to ensure compliance and transparency in future programs. The County appreciates the constructive feedback and will continue to refine its processes to better serve its citizens. Criteria: GAO Standards – Section 2 – Establishing an Effective Internal Control System – OV2.23 states in part: Objectives of an Entity – Compliance Objectives Management conducts activities in accordance with applicable laws and regulations. As part of specifying compliance objectives, the entity determines which laws and regulations apply to the entity. Management is expected to set objectives that incorporate these requirements. 2 CFR § 200.332 states in part: (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In addition, identify procedures necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. Reviewing financial and programmatic (performance and special reports) required by the Pass-Through Entity (PTE). The Consolidated Appropriations Act§ Section 501 (c)(5) Use of Funds - Administrative Costs states in part: (A) IN GENERAL. —Not more than 10 percent of the amount paid to an eligible grantee under this section may be used for administrative costs attributable to providing financial assistance and housing stability services under paragraphs (2) and (3), respectively, including for data collection and reporting requirements related to such funds. (B) NO OTHER ADMINISTRATIVE COSTS. —Amounts paid under this section shall not be used for any administrative costs other than to the extent allowed under subparagraph (A). In addition, the U.S. Department of Treasury Emergency Rental Assistance (ERA) FAQ #29 What are the applicable limitations on administrative expenses, states in part: Under ERAl, not more than 10 percent of the amount paid to a grantee may be used for administrative costs attributable to providing financial assistance and housing stability services to eligible households. Under ERA2, not more than 15 percent of the amount paid to a grantee may be used for administrative costs attributable to providing financial assistance, housing stability services, and other affordable rental housing and eviction prevention activities. 2 CFR § 200.332 states: All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward… (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section,… (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. . . . (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations.
CRITERIA/SPECIFIC REQUIREMENT: The Code of Federal Regulations (Code) (2 CFR § 200.332 (a)) requires the Regional Office of Education No. 39 (ROE) to ensure that every subaward is clearly identified to the subrecipient as a subaward and include information to comply with federal statutes, regulations, and the terms and conditions of the award. The required information includes the subrecipient’s name and unique entity identifier, assistance listing number, federal award date, federal awarding agency, etc. When some of this information is not available, the pass-through entity shall provide the best information available to describe the Federal award. The Code (2 CFR § 200.332 (f)) requires the ROE to verify every subrecipient is audited as required by Subpart F when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR § 200.501. The Code (2 CFR § 200.332 (d)) requires the ROE to monitor the activities of the subrecipient to ensure the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. The Code (2 CFR §200.303 (a)) requires the ROE to establish and maintain effective internal control over the federal award to provide reasonable assurance the ROE is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Effective internal controls should include procedures over subrecipient monitoring. CONDITION: The ROE did not have adequate controls over subrecipient monitoring in compliance with the Code. CONTEXT: During our testing of four subrecipients, we noted the following: • The ROE did not communicate the required federal award information to all (100%) subrecipients to comply with federal statutes, regulations, and the terms and conditions at the start of the award. All the subaward agreements were signed and became effective after the start date of the grant. • The ROE did not verify whether subrecipients were required to be audited or not. • The ROE did not have written policies and procedures for subrecipient monitoring and could not provide evidence the ROE monitored its subrecipients during the audit period. EFFECT: Lack of controls over subrecipient monitoring may result in subrecipients not properly administering the federal programs in accordance with federal regulations. CAUSE: ROE management indicated this was due to oversight and staffing limitations. RECOMMENDATION: We recommend the ROE establish and implement procedures over subrecipient monitoring. MANAGEMENT’S RESPONSE: The ROE agrees with this finding. The ROE did communicate federal award information to all subrecipients but failed to get the signature of Regional Office of Education No. 17 documenting their decline of the federal award and preference for ROE to manage the funds and services for their area.
Reference Number: 2022-001 Assistance Listing Number: 84.425 Federal Program Title: Education Stabilization Fund Awarding Agency / Pass-Through Entity: U.S. Department of Education, Colorado Department of Education Compliance Requirement: Subrecipient Monitoring Criteria: Under 2 CFR section 200.332, Requirements for Pass-through Entities, all pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in section 200.501.?Condition: During procedures performed over the subrecipient monitoring compliance requirements, we noted that the District did not conduct an assessment/evaluation over the risk of noncompliance of all subrecipients in fiscal year 2022. Cause: The condition appears to be caused by an oversight by the District. Questioned Costs: None Recommendation: We recommend the District perform and document a risk assessment/evaluation of noncompliance on all subrecipents receiving federal funding. Views of Responsible Officials: The District agrees with the auditing finding. See separately prepared Corrective Action Letter.
THIS FINDING IS: New FINDING TYPE: Internal Control DEFICIENCY TYPE: Significant Deficiency Federal Program Name and Year: Education Stabilization Fund - 2022 Project No.: 20-4998-ER AL No.: 84.425D Passed Through: Illinois State Board of Education Federal Agency: U.S. Department of Education Criteria or specific requirement (including statutory, regulatory, or other citation): The District is required to report grant expenditures in accordance with the Illinois State Board of Education State and Federal Grant Administration Policy and Fiscal Requirements and Procedures and the ISBE Illinois Program Account Manual, which is consistent with the provisions of the Uniform Guidance. According to Uniform Guidance, Title 2 CFR 200.516, the District is required to maintain internal control over Federal programs that provide reasonable assurance that the Auditee is managing Federal awards in compliance with laws, regulations, and provisions of contracts or grant agreements that could have a material effect on each of its Federal programs. Under Uniform Guidance, Title 2 CFR 200.501, a non-Federal entity that expends $750,000 or more during the entity's fiscal year in Federal awards must have a single audit conducted for that year. Condition: The District overstated expenditures on the ESSER I June 30, 2021 expenditure report. Questioned Costs: The ESSER I 2020 project year's June 30, 2021 expenditure report included $10,678 of questioned costs. Purchased Services were overstated by $2,300, Supplies and Materials were overstated by $6,035, and Capital Outlay was overstated by $2,343 when compared to the accounting records. Context: The ESSER I 2020 project year's June 30, 2021 expenditure report included $10,678 of questioned costs. Purchased Services were overstated by $2,300, Supplies and Materials were overstated by $6,035, and Capital Outlay was overstated by $2,343 when compared to the accounting records. Effect: Expenditures reported on the final project expenditure report were overstated by $10,678. Excluding the $10,678 of overstated expenditures from the calculation of over all expenditures of federal awards resulted in the district expending less than $750,000 of federal awards during the year ended June 30, 2021 and thereby not being subject to the Uniform Guidance/Single Audit provisions. Cause: ESSER I 2020 project year's final expenditures were reported in error. Recommendation: Grant expenditures should be reviewed and reconciled back to the accounting records prior to submitting final reports; ISBE grants division should be contacted regarding this discrepancy. Management's response: The District agrees that the expenditures claimed on the June 30, 2021 expenditure report was overstated by $10,678 and in the future will review and reconcile the expenditure reports to the accounting records before submitting to ISBE.
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward