Assistance Listings numbers and names: 14.231 Emergency Solutions Grant Program 14.231 COVID-19—Emergency Solutions Grant Program Award numbers and years: E-20-DW-04-001, July 1, 2020 through September 9, 2022 E-21-DC-04-001, July 1, 2021 through September 9, 2023 Federal agency: U.S. Department of Housing and Urban Development Questioned costs: $1,425 Assistance Listings number and name: 14.267 Continuum of Care Program Award numbers and years: AZ0009L9T001912, October 1, 2020 through September 30, 2021; AZ0118L9T002008, February 1, 2021 through January 31, 2022; AZ0011L9T002013, May 1, 2021 through April 30, 2022; AZ0173L9T002004, July 1, 2021 through June 30, 2022; AZ0009L9T002013, October 1, 2021 through September 30, 2022 Federal agency: U.S. Department of Housing and Urban Development Questioned costs: $46,352 Compliance requirement: Subrecipient monitoring Total questioned costs: $47,777 Condition—Contrary to federal regulations and its federal award terms, the Department of Housing (ADOH) and Department of Economic Security (DES) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $47,777 during fiscal year 2022 that were unsupported, unallowable, and/or paid to the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 51 reimbursements that included Continuum of Care Program and Emergency Solutions Grant Program costs totaling $446,695 and $10,692 for the year, respectively, and found that the departments reimbursed the subrecipient for: • $35,562 for financial and accounting services, travel, and supplies that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to both departments as required by federal laws. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, neither department verified that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the programs’ requirements. We noted that the allocation method used may have resulted in multiple programs being overbilled for these services by up to $5,087. (ADOH and DES) • $7,274 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, the departments reimbursed the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to the departments as required by federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the departments did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the programs’ requirements. (ADOH and DES) • $4,365 for repairs and maintenance, travel, and supplies that were paid to another principal officer who performed various handyman services, including plumbing, painting, and building repairs, that were not adequately supported by a contract having specified price rates for the services and terms; therefore, we were unable to verify if the amounts reimbursed by ADOH were appropriate. Further, ADOH reimbursed the principal officer, whose services were not disclosed as a conflict of interest to ADOH as required by its contract with the subrecipient and federal regulations. (ADOH) • $576 for incentive payments to the subrecipient’s executive director without documentation demonstrating it was authorized by an agreement, reasonable for the services performed as provided in the subrecipient’s policies, and consistent with compensation paid for similar work in other activities; therefore, we were unable to verify if the amounts reimbursed by ADOH were allowable. (ADOH) Additionally, contrary to federal regulations, the departments had not ensured that the subrecipient implemented competitive purchasing procedures when procuring the professional services and handyman services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. (ADOH and DES) The Continuum of Care and the Emergency Solutions Grant Programs were not audited as major federal programs for the State’s fiscal year 2022 single audit; therefore, the scope of our review was not sufficient to determine whether the departments or their subrecipients complied with all applicable federal requirements for these programs. During the audit, we became aware of the potentially noncompliant 51 reimbursements involving 1 of the departments’ nonprofit subrecipients with which they partner to carry out federal and State programs, including the Continuum of Care Program, the Emergency Solutions Grants Program, and Temporary Assistance to Needy Families (TANF), which was audited as a major federal program for fiscal year 2022, as well as the State Housing Trust Fund. Our review of select reimbursements to this subrecipient resulted in similar findings for the TANF federal program and the State Housing Trust Fund that are described in items 2022-114 and 2022-05, respectively. Effect—The departments’ lack of required monitoring increased the risk that the monies it awarded to 1 nonprofit organization may not have been spent in accordance with the award terms and program requirements. Further, the departments’ reimbursing the subrecipient for $47,777 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose of providing housing assistance to those in need. Consequently, the departments may be required to return these monies to the federal agencies in accordance with federal requirements.1 Cause—ADOH had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. Also, ADOH had not properly assessed this subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures or training the subrecipient needed. For example, ADOH was unaware that the subrecipient had not informed it of principal officers’ conflicts of interest so that ADOH could ensure that those principal officers or their immediate family member were not involved in decision-making related to those conflicts and selectively reviewed the related costs and activities for compliance purposes. Further, ADOH personnel responsible for reviewing and approving the subrecipient’s reimbursement requests reported to us that they were trained to not follow its policies and procedures but, instead, to approve any costs that had been previously reimbursed. As reported in finding 2022-114, although the DES subrecipient-monitoring policies and procedures did not require it to obtain from subrecipients documentation supporting charges for personal and contracted professional services to verify allowability when subrecipients requested reimbursement, the policies and procedures required an on-site monitoring visit once every 3 years for each subrecipient in which it reviews a sample of the subrecipient’s personal and professional services charges. However, DES had not performed an on-site monitoring visit of the nonprofit subrecipient since 2018 because it had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. In addition, DES had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures or training the subrecipient needed. For example, the Division was unaware that the subrecipient had not informed it of a principal officer’s conflicts of interest so that the Division could ensure that the principal officer or their immediate family member were not involved in decision-making related to those conflicts and selectively review the related costs and activities for compliance purposes. Criteria—Federal regulations require the Departments to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring (2 CFR §§200.332, .339, and .521). Federal regulations provide that monitoring procedures the Departments may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs (2 CFR §200.332[e]). Further, federal regulations require the Departments’ subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to the Departments any potential conflicts of interest.2 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Departments should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements without obtaining documentation to support they comply with the program’s requirements and take appropriate enforcement actions in accordance with its subaward contract. (ADOH and DES) 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported and allowable in accordance with program requirements. (ADOH and DES) 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. (ADOH) 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. (ADOH and DES) 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to the Departments any potential conflicts of interest. The Departments may need to provide training and technical assistance to subrecipients that addresses these compliance areas, including the Departments’ obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. (ADOH and DES) 6. Continue to work with the nonprofit subrecipient to resolve the $47,777 in unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. (ADOH and DES) 7. Work with the federal agencies to resolve the $47,777 of unallowable costs that it reimbursed, which may involve returning monies to the agencies. (ADOH and DES) The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E, and 24 CFR §578.95 and 45 CFR §75.112.
Assistance Listings numbers and names: 14.231 Emergency Solutions Grant Program 14.231 COVID-19—Emergency Solutions Grant Program Award numbers and years: E-20-DW-04-001, July 1, 2020 through September 9, 2022 E-21-DC-04-001, July 1, 2021 through September 9, 2023 Federal agency: U.S. Department of Housing and Urban Development Questioned costs: $1,425 Assistance Listings number and name: 14.267 Continuum of Care Program Award numbers and years: AZ0009L9T001912, October 1, 2020 through September 30, 2021; AZ0118L9T002008, February 1, 2021 through January 31, 2022; AZ0011L9T002013, May 1, 2021 through April 30, 2022; AZ0173L9T002004, July 1, 2021 through June 30, 2022; AZ0009L9T002013, October 1, 2021 through September 30, 2022 Federal agency: U.S. Department of Housing and Urban Development Questioned costs: $46,352 Compliance requirement: Subrecipient monitoring Total questioned costs: $47,777 Condition—Contrary to federal regulations and its federal award terms, the Department of Housing (ADOH) and Department of Economic Security (DES) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $47,777 during fiscal year 2022 that were unsupported, unallowable, and/or paid to the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 51 reimbursements that included Continuum of Care Program and Emergency Solutions Grant Program costs totaling $446,695 and $10,692 for the year, respectively, and found that the departments reimbursed the subrecipient for: • $35,562 for financial and accounting services, travel, and supplies that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to both departments as required by federal laws. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, neither department verified that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the programs’ requirements. We noted that the allocation method used may have resulted in multiple programs being overbilled for these services by up to $5,087. (ADOH and DES) • $7,274 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, the departments reimbursed the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to the departments as required by federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the departments did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the programs’ requirements. (ADOH and DES) • $4,365 for repairs and maintenance, travel, and supplies that were paid to another principal officer who performed various handyman services, including plumbing, painting, and building repairs, that were not adequately supported by a contract having specified price rates for the services and terms; therefore, we were unable to verify if the amounts reimbursed by ADOH were appropriate. Further, ADOH reimbursed the principal officer, whose services were not disclosed as a conflict of interest to ADOH as required by its contract with the subrecipient and federal regulations. (ADOH) • $576 for incentive payments to the subrecipient’s executive director without documentation demonstrating it was authorized by an agreement, reasonable for the services performed as provided in the subrecipient’s policies, and consistent with compensation paid for similar work in other activities; therefore, we were unable to verify if the amounts reimbursed by ADOH were allowable. (ADOH) Additionally, contrary to federal regulations, the departments had not ensured that the subrecipient implemented competitive purchasing procedures when procuring the professional services and handyman services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. (ADOH and DES) The Continuum of Care and the Emergency Solutions Grant Programs were not audited as major federal programs for the State’s fiscal year 2022 single audit; therefore, the scope of our review was not sufficient to determine whether the departments or their subrecipients complied with all applicable federal requirements for these programs. During the audit, we became aware of the potentially noncompliant 51 reimbursements involving 1 of the departments’ nonprofit subrecipients with which they partner to carry out federal and State programs, including the Continuum of Care Program, the Emergency Solutions Grants Program, and Temporary Assistance to Needy Families (TANF), which was audited as a major federal program for fiscal year 2022, as well as the State Housing Trust Fund. Our review of select reimbursements to this subrecipient resulted in similar findings for the TANF federal program and the State Housing Trust Fund that are described in items 2022-114 and 2022-05, respectively. Effect—The departments’ lack of required monitoring increased the risk that the monies it awarded to 1 nonprofit organization may not have been spent in accordance with the award terms and program requirements. Further, the departments’ reimbursing the subrecipient for $47,777 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose of providing housing assistance to those in need. Consequently, the departments may be required to return these monies to the federal agencies in accordance with federal requirements.1 Cause—ADOH had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. Also, ADOH had not properly assessed this subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures or training the subrecipient needed. For example, ADOH was unaware that the subrecipient had not informed it of principal officers’ conflicts of interest so that ADOH could ensure that those principal officers or their immediate family member were not involved in decision-making related to those conflicts and selectively reviewed the related costs and activities for compliance purposes. Further, ADOH personnel responsible for reviewing and approving the subrecipient’s reimbursement requests reported to us that they were trained to not follow its policies and procedures but, instead, to approve any costs that had been previously reimbursed. As reported in finding 2022-114, although the DES subrecipient-monitoring policies and procedures did not require it to obtain from subrecipients documentation supporting charges for personal and contracted professional services to verify allowability when subrecipients requested reimbursement, the policies and procedures required an on-site monitoring visit once every 3 years for each subrecipient in which it reviews a sample of the subrecipient’s personal and professional services charges. However, DES had not performed an on-site monitoring visit of the nonprofit subrecipient since 2018 because it had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. In addition, DES had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures or training the subrecipient needed. For example, the Division was unaware that the subrecipient had not informed it of a principal officer’s conflicts of interest so that the Division could ensure that the principal officer or their immediate family member were not involved in decision-making related to those conflicts and selectively review the related costs and activities for compliance purposes. Criteria—Federal regulations require the Departments to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring (2 CFR §§200.332, .339, and .521). Federal regulations provide that monitoring procedures the Departments may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs (2 CFR §200.332[e]). Further, federal regulations require the Departments’ subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to the Departments any potential conflicts of interest.2 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Departments should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements without obtaining documentation to support they comply with the program’s requirements and take appropriate enforcement actions in accordance with its subaward contract. (ADOH and DES) 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported and allowable in accordance with program requirements. (ADOH and DES) 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. (ADOH) 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. (ADOH and DES) 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to the Departments any potential conflicts of interest. The Departments may need to provide training and technical assistance to subrecipients that addresses these compliance areas, including the Departments’ obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. (ADOH and DES) 6. Continue to work with the nonprofit subrecipient to resolve the $47,777 in unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. (ADOH and DES) 7. Work with the federal agencies to resolve the $47,777 of unallowable costs that it reimbursed, which may involve returning monies to the agencies. (ADOH and DES) The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E, and 24 CFR §578.95 and 45 CFR §75.112.
Assistance Listings numbers and names: 14.231 Emergency Solutions Grant Program 14.231 COVID-19—Emergency Solutions Grant Program Award numbers and years: E-20-DW-04-001, July 1, 2020 through September 9, 2022 E-21-DC-04-001, July 1, 2021 through September 9, 2023 Federal agency: U.S. Department of Housing and Urban Development Questioned costs: $1,425 Assistance Listings number and name: 14.267 Continuum of Care Program Award numbers and years: AZ0009L9T001912, October 1, 2020 through September 30, 2021; AZ0118L9T002008, February 1, 2021 through January 31, 2022; AZ0011L9T002013, May 1, 2021 through April 30, 2022; AZ0173L9T002004, July 1, 2021 through June 30, 2022; AZ0009L9T002013, October 1, 2021 through September 30, 2022 Federal agency: U.S. Department of Housing and Urban Development Questioned costs: $46,352 Compliance requirement: Subrecipient monitoring Total questioned costs: $47,777 Condition—Contrary to federal regulations and its federal award terms, the Department of Housing (ADOH) and Department of Economic Security (DES) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $47,777 during fiscal year 2022 that were unsupported, unallowable, and/or paid to the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 51 reimbursements that included Continuum of Care Program and Emergency Solutions Grant Program costs totaling $446,695 and $10,692 for the year, respectively, and found that the departments reimbursed the subrecipient for: • $35,562 for financial and accounting services, travel, and supplies that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to both departments as required by federal laws. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, neither department verified that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the programs’ requirements. We noted that the allocation method used may have resulted in multiple programs being overbilled for these services by up to $5,087. (ADOH and DES) • $7,274 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, the departments reimbursed the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to the departments as required by federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the departments did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the programs’ requirements. (ADOH and DES) • $4,365 for repairs and maintenance, travel, and supplies that were paid to another principal officer who performed various handyman services, including plumbing, painting, and building repairs, that were not adequately supported by a contract having specified price rates for the services and terms; therefore, we were unable to verify if the amounts reimbursed by ADOH were appropriate. Further, ADOH reimbursed the principal officer, whose services were not disclosed as a conflict of interest to ADOH as required by its contract with the subrecipient and federal regulations. (ADOH) • $576 for incentive payments to the subrecipient’s executive director without documentation demonstrating it was authorized by an agreement, reasonable for the services performed as provided in the subrecipient’s policies, and consistent with compensation paid for similar work in other activities; therefore, we were unable to verify if the amounts reimbursed by ADOH were allowable. (ADOH) Additionally, contrary to federal regulations, the departments had not ensured that the subrecipient implemented competitive purchasing procedures when procuring the professional services and handyman services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. (ADOH and DES) The Continuum of Care and the Emergency Solutions Grant Programs were not audited as major federal programs for the State’s fiscal year 2022 single audit; therefore, the scope of our review was not sufficient to determine whether the departments or their subrecipients complied with all applicable federal requirements for these programs. During the audit, we became aware of the potentially noncompliant 51 reimbursements involving 1 of the departments’ nonprofit subrecipients with which they partner to carry out federal and State programs, including the Continuum of Care Program, the Emergency Solutions Grants Program, and Temporary Assistance to Needy Families (TANF), which was audited as a major federal program for fiscal year 2022, as well as the State Housing Trust Fund. Our review of select reimbursements to this subrecipient resulted in similar findings for the TANF federal program and the State Housing Trust Fund that are described in items 2022-114 and 2022-05, respectively. Effect—The departments’ lack of required monitoring increased the risk that the monies it awarded to 1 nonprofit organization may not have been spent in accordance with the award terms and program requirements. Further, the departments’ reimbursing the subrecipient for $47,777 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose of providing housing assistance to those in need. Consequently, the departments may be required to return these monies to the federal agencies in accordance with federal requirements.1 Cause—ADOH had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. Also, ADOH had not properly assessed this subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures or training the subrecipient needed. For example, ADOH was unaware that the subrecipient had not informed it of principal officers’ conflicts of interest so that ADOH could ensure that those principal officers or their immediate family member were not involved in decision-making related to those conflicts and selectively reviewed the related costs and activities for compliance purposes. Further, ADOH personnel responsible for reviewing and approving the subrecipient’s reimbursement requests reported to us that they were trained to not follow its policies and procedures but, instead, to approve any costs that had been previously reimbursed. As reported in finding 2022-114, although the DES subrecipient-monitoring policies and procedures did not require it to obtain from subrecipients documentation supporting charges for personal and contracted professional services to verify allowability when subrecipients requested reimbursement, the policies and procedures required an on-site monitoring visit once every 3 years for each subrecipient in which it reviews a sample of the subrecipient’s personal and professional services charges. However, DES had not performed an on-site monitoring visit of the nonprofit subrecipient since 2018 because it had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. In addition, DES had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures or training the subrecipient needed. For example, the Division was unaware that the subrecipient had not informed it of a principal officer’s conflicts of interest so that the Division could ensure that the principal officer or their immediate family member were not involved in decision-making related to those conflicts and selectively review the related costs and activities for compliance purposes. Criteria—Federal regulations require the Departments to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring (2 CFR §§200.332, .339, and .521). Federal regulations provide that monitoring procedures the Departments may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs (2 CFR §200.332[e]). Further, federal regulations require the Departments’ subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to the Departments any potential conflicts of interest.2 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Departments should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements without obtaining documentation to support they comply with the program’s requirements and take appropriate enforcement actions in accordance with its subaward contract. (ADOH and DES) 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported and allowable in accordance with program requirements. (ADOH and DES) 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. (ADOH) 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. (ADOH and DES) 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to the Departments any potential conflicts of interest. The Departments may need to provide training and technical assistance to subrecipients that addresses these compliance areas, including the Departments’ obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. (ADOH and DES) 6. Continue to work with the nonprofit subrecipient to resolve the $47,777 in unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. (ADOH and DES) 7. Work with the federal agencies to resolve the $47,777 of unallowable costs that it reimbursed, which may involve returning monies to the agencies. (ADOH and DES) The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E, and 24 CFR §578.95 and 45 CFR §75.112.
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings number and name: 21.027 COVID-19 State and Local Fiscal Recovery Funds Award number and year: None Federal agency: U.S. Department of the Treasury Compliance requirement: Eligibility Questioned costs: $10,000 Condition—Contrary to federal regulations and its policies and procedures, the Department of Economic Security—Division of Employment and Rehabilitation Services (Division) made benefits payments totaling $10,000 to individuals for the State’s Return-to-Work Bonus Program for which it lacked documentation to support that it paid only those individuals who were eligible to receive them. We tested 67 individuals who received benefit payments and found that the Division made benefit payments to 5 individuals totaling $10,000 for which it lacked documentation to support the eligibility determinations.1 This calculates to a 7.5 percent exception rate for our 67 individual eligibility sample, totaling $133,000. Effect—The Division’s payment of $10,000 of program benefits for which it lacked documentation showing the 5 individuals were eligible beneficiaries increases the risk that the Division may not have been able to effectively prevent or detect fraud. Consequently, the Division may be required to return $10,000 to the federal agency.2 Cause—The Division’s management reported that it contracted with a third party to implement and use a new, temporary benefits system for the State’s Return-to-Work Bonus Program from July 1, 2021, through December 31, 2021.1 When the program and the Department’s contract with the third party ended, the Division did not ensure that the third-party contractor provided it with a complete set of program documentation that was derived from the system. Criteria—Federal regulations require the Division to retain all federal program records for a period of 3 years from the submission date of the final expenditure report to the federal agency (2 CFR §200.334). In addition, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—This program ended on December 31, 2021, and the Division’s management reported to us that it received all the records related to the federal program from the third-party contractor when operations of the State’s Return-to-Work Bonus Program and related benefits system ceased.1 However, to the extent possible for this program and for all future federal programs the Division administers, the Division should: 1. Ensure subaward entities provide all records and the Division retains all records relating to a federal award for a period of 3 years from the date it submits the final expenditure report. 2. Work with the State of Arizona Office of the Governor and U.S. Department of the Treasury to resolve the $10,000 in questioned costs.2 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 To be eligible for the State’s Return-to-Work Bonus Program benefits, individuals had to have filed, received, and been deemed eligible for Unemployment Insurance program benefits in Arizona between the period of May 8, 2021, and May 15, 2021. The benefit payments consisted of bonus payments of either $1,000 or $2,000, with a total maximum benefit amount of $2,000 per eligible individual. The State’s Return-to-Work Bonus Program was funded by the federal Coronavirus State and Local Fiscal Recovery Funds, an American Rescue Plan Act of 2021 program (Public Law 117-2), as administered by the Arizona Governor’s Office. The Department of Economic Security operated the program from July 1, 2021, through December 31, 2021, and the program ended on December 31, 2021. (State of Arizona, Office of the Governor and Department of Economic Security Interagency Service Agreement No. ISA-DES-ARPA-070121-02). 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office of the Governor, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings numbers and names: 93.558 Temporary Assistance for Needy Families 93.558 COVID-19 Temporary Assistance for Needy Families Award numbers and years: 2101AZTANF, October 1, 2020 through September 30, 2021; 2201AZTANF, October 1, 2021 through September 30, 2022 Federal agency: U.S. Department of Health and Human Services Compliance requirement: Subrecipient monitoring Questioned costs: $6,754 Condition—Contrary to federal regulations and its federal award terms, the Department of Economic Security—Division of Community Assistance and Development (Division) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $6,754 during fiscal year 2022 that were unsupported, unallowable, and/or paid to 1 of the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 12 reimbursements that included Temporary Assistance for Needy Family program costs totaling $72,800 for the year and found that the Division reimbursed the subrecipient for: • $4,973 for financial and accounting services that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to the Division as required by the Division’s contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the Division did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements. We noted that the allocation method used may have resulted in multiple programs being overbilled for these services by up to $5,087. • $1,474 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed, written contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, the Division reimbursed the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to the Division as required by the Division’s contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the Division did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements. • $307 for incentive payments to the subrecipient’s Executive Director without documentation to support that it was authorized by an agreement, reasonable for the services performed as provided in the subrecipient’s policies, and consistent with compensation paid for similar work in other activities; therefore, we were unable to verify if the amounts reimbursed by the Division were allowable. Additionally, contrary to federal regulations, the Division had not ensured that the subrecipient implemented its competitive purchasing procedures when procuring the professional services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. The Temporary Assistance for Needy Family program was audited as a major federal program for the State’s fiscal year 2022 single audit. During the audit, we became aware of the potentially noncompliant 12 reimbursements involving 1 of the Division’s nonprofit subrecipients with which it partners to carry out federal programs, including the Emergency Solutions Grants Program, which was not audited as a major federal program for the State’s fiscal year 2022 single audit. Our review of select reimbursements to this subrecipient resulted in similar findings for the Emergency Solutions Grants Program, Continuum of Care Program, and the State Housing Trust Fund that are described in items 2022 115 and 2022-05, respectively. Effect—The Division’s lack of required monitoring increased the risk that the monies it awarded to a nonprofit organization may not have been spent in accordance with the award terms and program requirements. Further, the Division’s reimbursing the subrecipient for $6,754 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officer or their immediate family member in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose to provide housing assistance to individuals in need. Consequently, the Division may be required to return these monies to the federal agency in accordance with federal requirements.1 Cause—Although the Division’s subrecipient-monitoring policies and procedures did not require it to obtain from subrecipients documentation supporting charges for personal and contracted professional services to verify allowability when subrecipients requested reimbursement, the policies and procedures required an on-site monitoring visit once every 3 years for each subrecipient in which it reviews a sample of the subrecipient’s personal and professional services charges. However, the Division had not performed an on-site monitoring visit of the nonprofit subrecipient since 2018 because it had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. In addition, the Division had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures or training the subrecipient needed. For example, the Division was unaware that the subrecipient had not informed it of a principal officer’s conflicts of interest so that the Division could ensure that the principal officer or their immediate family member were not involved in decision-making related to those conflicts and selectively review the related costs and activities for compliance purposes. Criteria—Federal regulations require the Division to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring (2 CFR §§200.332, .339, and .521). Federal regulations provide that monitoring procedures the Division may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs (2 CFR §200.332[e]). Further, federal regulations require the Division’s subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to the Division any potential conflicts of interest.2 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Division should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officer or their immediate family member in violation of conflict-of-interest disclosure requirements without obtaining documentation to support they comply with the program’s requirements and take appropriate enforcement actions with the subrecipient in accordance with its contract. 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported and allowable in accordance with program requirements. 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to the Division any potential conflicts of interest. The Division may need to provide training and technical assistance to subrecipients that address these compliance areas, including the Division’s obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. 6. Continue to work with the nonprofit subrecipient to resolve the $6,754 of unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. 7. Work with the federal agency to resolve the $6,754 of unallowable costs that it reimbursed, which may involve returning monies to the federal agency. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E, and 45 CFR §75.112.
Assistance Listings numbers and names: 93.558 Temporary Assistance for Needy Families 93.558 COVID-19 Temporary Assistance for Needy Families Award numbers and years: 2101AZTANF, October 1, 2020 through September 30, 2021; 2201AZTANF, October 1, 2021 through September 30, 2022 Federal agency: U.S. Department of Health and Human Services Compliance requirement: Subrecipient monitoring Questioned costs: $6,754 Condition—Contrary to federal regulations and its federal award terms, the Department of Economic Security—Division of Community Assistance and Development (Division) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $6,754 during fiscal year 2022 that were unsupported, unallowable, and/or paid to 1 of the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 12 reimbursements that included Temporary Assistance for Needy Family program costs totaling $72,800 for the year and found that the Division reimbursed the subrecipient for: • $4,973 for financial and accounting services that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to the Division as required by the Division’s contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the Division did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements. We noted that the allocation method used may have resulted in multiple programs being overbilled for these services by up to $5,087. • $1,474 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed, written contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, the Division reimbursed the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to the Division as required by the Division’s contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the Division did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements. • $307 for incentive payments to the subrecipient’s Executive Director without documentation to support that it was authorized by an agreement, reasonable for the services performed as provided in the subrecipient’s policies, and consistent with compensation paid for similar work in other activities; therefore, we were unable to verify if the amounts reimbursed by the Division were allowable. Additionally, contrary to federal regulations, the Division had not ensured that the subrecipient implemented its competitive purchasing procedures when procuring the professional services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. The Temporary Assistance for Needy Family program was audited as a major federal program for the State’s fiscal year 2022 single audit. During the audit, we became aware of the potentially noncompliant 12 reimbursements involving 1 of the Division’s nonprofit subrecipients with which it partners to carry out federal programs, including the Emergency Solutions Grants Program, which was not audited as a major federal program for the State’s fiscal year 2022 single audit. Our review of select reimbursements to this subrecipient resulted in similar findings for the Emergency Solutions Grants Program, Continuum of Care Program, and the State Housing Trust Fund that are described in items 2022 115 and 2022-05, respectively. Effect—The Division’s lack of required monitoring increased the risk that the monies it awarded to a nonprofit organization may not have been spent in accordance with the award terms and program requirements. Further, the Division’s reimbursing the subrecipient for $6,754 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officer or their immediate family member in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose to provide housing assistance to individuals in need. Consequently, the Division may be required to return these monies to the federal agency in accordance with federal requirements.1 Cause—Although the Division’s subrecipient-monitoring policies and procedures did not require it to obtain from subrecipients documentation supporting charges for personal and contracted professional services to verify allowability when subrecipients requested reimbursement, the policies and procedures required an on-site monitoring visit once every 3 years for each subrecipient in which it reviews a sample of the subrecipient’s personal and professional services charges. However, the Division had not performed an on-site monitoring visit of the nonprofit subrecipient since 2018 because it had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. In addition, the Division had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures or training the subrecipient needed. For example, the Division was unaware that the subrecipient had not informed it of a principal officer’s conflicts of interest so that the Division could ensure that the principal officer or their immediate family member were not involved in decision-making related to those conflicts and selectively review the related costs and activities for compliance purposes. Criteria—Federal regulations require the Division to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring (2 CFR §§200.332, .339, and .521). Federal regulations provide that monitoring procedures the Division may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs (2 CFR §200.332[e]). Further, federal regulations require the Division’s subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to the Division any potential conflicts of interest.2 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Division should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officer or their immediate family member in violation of conflict-of-interest disclosure requirements without obtaining documentation to support they comply with the program’s requirements and take appropriate enforcement actions with the subrecipient in accordance with its contract. 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported and allowable in accordance with program requirements. 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to the Division any potential conflicts of interest. The Division may need to provide training and technical assistance to subrecipients that address these compliance areas, including the Division’s obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. 6. Continue to work with the nonprofit subrecipient to resolve the $6,754 of unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. 7. Work with the federal agency to resolve the $6,754 of unallowable costs that it reimbursed, which may involve returning monies to the federal agency. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E, and 45 CFR §75.112.
Assistance Listings numbers and names: 93.558 Temporary Assistance for Needy Families 93.558 COVID-19 Temporary Assistance for Needy Families Award numbers and years: 2101AZTANF, October 1, 2020 through September 30, 2021; 2201AZTANF, October 1, 2021 through September 30, 2022 Federal agency: U.S. Department of Health and Human Services Compliance requirement: Subrecipient monitoring Questioned costs: $6,754 Condition—Contrary to federal regulations and its federal award terms, the Department of Economic Security—Division of Community Assistance and Development (Division) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $6,754 during fiscal year 2022 that were unsupported, unallowable, and/or paid to 1 of the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 12 reimbursements that included Temporary Assistance for Needy Family program costs totaling $72,800 for the year and found that the Division reimbursed the subrecipient for: • $4,973 for financial and accounting services that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to the Division as required by the Division’s contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the Division did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements. We noted that the allocation method used may have resulted in multiple programs being overbilled for these services by up to $5,087. • $1,474 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed, written contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, the Division reimbursed the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to the Division as required by the Division’s contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, the Division did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements. • $307 for incentive payments to the subrecipient’s Executive Director without documentation to support that it was authorized by an agreement, reasonable for the services performed as provided in the subrecipient’s policies, and consistent with compensation paid for similar work in other activities; therefore, we were unable to verify if the amounts reimbursed by the Division were allowable. Additionally, contrary to federal regulations, the Division had not ensured that the subrecipient implemented its competitive purchasing procedures when procuring the professional services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. The Temporary Assistance for Needy Family program was audited as a major federal program for the State’s fiscal year 2022 single audit. During the audit, we became aware of the potentially noncompliant 12 reimbursements involving 1 of the Division’s nonprofit subrecipients with which it partners to carry out federal programs, including the Emergency Solutions Grants Program, which was not audited as a major federal program for the State’s fiscal year 2022 single audit. Our review of select reimbursements to this subrecipient resulted in similar findings for the Emergency Solutions Grants Program, Continuum of Care Program, and the State Housing Trust Fund that are described in items 2022 115 and 2022-05, respectively. Effect—The Division’s lack of required monitoring increased the risk that the monies it awarded to a nonprofit organization may not have been spent in accordance with the award terms and program requirements. Further, the Division’s reimbursing the subrecipient for $6,754 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officer or their immediate family member in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose to provide housing assistance to individuals in need. Consequently, the Division may be required to return these monies to the federal agency in accordance with federal requirements.1 Cause—Although the Division’s subrecipient-monitoring policies and procedures did not require it to obtain from subrecipients documentation supporting charges for personal and contracted professional services to verify allowability when subrecipients requested reimbursement, the policies and procedures required an on-site monitoring visit once every 3 years for each subrecipient in which it reviews a sample of the subrecipient’s personal and professional services charges. However, the Division had not performed an on-site monitoring visit of the nonprofit subrecipient since 2018 because it had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. In addition, the Division had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures or training the subrecipient needed. For example, the Division was unaware that the subrecipient had not informed it of a principal officer’s conflicts of interest so that the Division could ensure that the principal officer or their immediate family member were not involved in decision-making related to those conflicts and selectively review the related costs and activities for compliance purposes. Criteria—Federal regulations require the Division to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring (2 CFR §§200.332, .339, and .521). Federal regulations provide that monitoring procedures the Division may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs (2 CFR §200.332[e]). Further, federal regulations require the Division’s subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to the Division any potential conflicts of interest.2 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Division should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officer or their immediate family member in violation of conflict-of-interest disclosure requirements without obtaining documentation to support they comply with the program’s requirements and take appropriate enforcement actions with the subrecipient in accordance with its contract. 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported and allowable in accordance with program requirements. 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to the Division any potential conflicts of interest. The Division may need to provide training and technical assistance to subrecipients that address these compliance areas, including the Division’s obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. 6. Continue to work with the nonprofit subrecipient to resolve the $6,754 of unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. 7. Work with the federal agency to resolve the $6,754 of unallowable costs that it reimbursed, which may involve returning monies to the federal agency. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E, and 45 CFR §75.112.
Assistance Listings numbers and names: 93.568 Low-Income Home Energy Assistance 93.568 COVID-19 Low-Income Home Energy Assistance Award numbers and years: 2001AZLIEA and 2001AZE5C3, 2020; 2101AZLIEA and 2101AZE5C6, 2021; 2201AZLIEA and 2101AZLIE4, 2022 Federal agency: U.S. Department of Health and Human Services Compliance requirement: Earmarking Questioned costs: $211,916 Condition—Contrary to federal law, the Department of Economic Security—Division of Aging and Adult Services (Division), failed to limit its spending for weatherization and exceeded the 15 percent maximum weatherization earmarking threshold of $4,288,749. Specifically, for one of its awards (2001AZLIEA), the Division spent $4,500,665 for low-cost residential weatherization and other energy-related home repairs, exceeding the program’s 15 percent maximum weatherization earmarking threshold by $211,916. Effect—The Division’s exceeding the maximum weatherization earmarking threshold resulted in less monies being available for the program’s other intended purposes, such as to assist low-income households to meet their home heating and cooling energy costs and reduce their vulnerability resulting from energy needs. In addition, the Division faces an increased risk that the U.S. Department of Health and Human Services (US DHHS) may require it to repay the misspent monies in accordance with Uniform Guidance requirements.1 Cause—The Division reported that newer staff involved in the program’s administration did not consider the limitation on weatherization expenditures when reviewing the final 2 expenditures before charging them to the 2020 award. In addition, the Division did not enable a feature in the State’s accounting system that could have alerted the Division that the award’s expenditures were approaching the limitation to help ensure it would not exceed the program’s weatherization limitation. Criteria—Federal law requires the Division to limit its program spending for low-cost residential weatherization or other energy-related home repairs to no more than 15 percent of its total program expenditures each fiscal year (42 USC §8624[k]). Also, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Division should: 1. Spend no more than the maximum 15 percent of program monies for weatherization or other energy-related home repairs. 2. Train newer staff administrating the program on the program’s weatherization limitation and on the Division’s policies and procedures to review and approve expenditures considering this limitation. 3. Enable the feature in the State’s accounting system to alert the Division of an award’s expenditures approaching the limitation to help ensure the Division does not exceed the weatherization limitation when spending program monies. 4. Work with U.S. DHHS to resolve the $211,916 the Division overspent for weatherization or other energy-related home repairs, which may involve returning monies to the federal agency.1 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Division, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires the federal awarding agencies’ management decision to clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings numbers and names: 93.568 Low-Income Home Energy Assistance 93.568 COVID-19 Low-Income Home Energy Assistance Award numbers and years: 2001AZLIEA and 2001AZE5C3, 2020; 2101AZLIEA and 2101AZE5C6, 2021; 2201AZLIEA and 2101AZLIE4, 2022 Federal agency: U.S. Department of Health and Human Services Compliance requirement: Earmarking Questioned costs: $211,916 Condition—Contrary to federal law, the Department of Economic Security—Division of Aging and Adult Services (Division), failed to limit its spending for weatherization and exceeded the 15 percent maximum weatherization earmarking threshold of $4,288,749. Specifically, for one of its awards (2001AZLIEA), the Division spent $4,500,665 for low-cost residential weatherization and other energy-related home repairs, exceeding the program’s 15 percent maximum weatherization earmarking threshold by $211,916. Effect—The Division’s exceeding the maximum weatherization earmarking threshold resulted in less monies being available for the program’s other intended purposes, such as to assist low-income households to meet their home heating and cooling energy costs and reduce their vulnerability resulting from energy needs. In addition, the Division faces an increased risk that the U.S. Department of Health and Human Services (US DHHS) may require it to repay the misspent monies in accordance with Uniform Guidance requirements.1 Cause—The Division reported that newer staff involved in the program’s administration did not consider the limitation on weatherization expenditures when reviewing the final 2 expenditures before charging them to the 2020 award. In addition, the Division did not enable a feature in the State’s accounting system that could have alerted the Division that the award’s expenditures were approaching the limitation to help ensure it would not exceed the program’s weatherization limitation. Criteria—Federal law requires the Division to limit its program spending for low-cost residential weatherization or other energy-related home repairs to no more than 15 percent of its total program expenditures each fiscal year (42 USC §8624[k]). Also, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Division should: 1. Spend no more than the maximum 15 percent of program monies for weatherization or other energy-related home repairs. 2. Train newer staff administrating the program on the program’s weatherization limitation and on the Division’s policies and procedures to review and approve expenditures considering this limitation. 3. Enable the feature in the State’s accounting system to alert the Division of an award’s expenditures approaching the limitation to help ensure the Division does not exceed the weatherization limitation when spending program monies. 4. Work with U.S. DHHS to resolve the $211,916 the Division overspent for weatherization or other energy-related home repairs, which may involve returning monies to the federal agency.1 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Division, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires the federal awarding agencies’ management decision to clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings numbers and names: 93.568 Low-Income Home Energy Assistance 93.568 COVID-19 Low-Income Home Energy Assistance Award numbers and years: 2001AZLIEA and 2001AZE5C3, 2020; 2101AZLIEA and 2101AZE5C6, 2021; 2201AZLIEA and 2101AZLIE4, 2022 Federal agency: U.S. Department of Health and Human Services Compliance requirement: Earmarking Questioned costs: $211,916 Condition—Contrary to federal law, the Department of Economic Security—Division of Aging and Adult Services (Division), failed to limit its spending for weatherization and exceeded the 15 percent maximum weatherization earmarking threshold of $4,288,749. Specifically, for one of its awards (2001AZLIEA), the Division spent $4,500,665 for low-cost residential weatherization and other energy-related home repairs, exceeding the program’s 15 percent maximum weatherization earmarking threshold by $211,916. Effect—The Division’s exceeding the maximum weatherization earmarking threshold resulted in less monies being available for the program’s other intended purposes, such as to assist low-income households to meet their home heating and cooling energy costs and reduce their vulnerability resulting from energy needs. In addition, the Division faces an increased risk that the U.S. Department of Health and Human Services (US DHHS) may require it to repay the misspent monies in accordance with Uniform Guidance requirements.1 Cause—The Division reported that newer staff involved in the program’s administration did not consider the limitation on weatherization expenditures when reviewing the final 2 expenditures before charging them to the 2020 award. In addition, the Division did not enable a feature in the State’s accounting system that could have alerted the Division that the award’s expenditures were approaching the limitation to help ensure it would not exceed the program’s weatherization limitation. Criteria—Federal law requires the Division to limit its program spending for low-cost residential weatherization or other energy-related home repairs to no more than 15 percent of its total program expenditures each fiscal year (42 USC §8624[k]). Also, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Division should: 1. Spend no more than the maximum 15 percent of program monies for weatherization or other energy-related home repairs. 2. Train newer staff administrating the program on the program’s weatherization limitation and on the Division’s policies and procedures to review and approve expenditures considering this limitation. 3. Enable the feature in the State’s accounting system to alert the Division of an award’s expenditures approaching the limitation to help ensure the Division does not exceed the weatherization limitation when spending program monies. 4. Work with U.S. DHHS to resolve the $211,916 the Division overspent for weatherization or other energy-related home repairs, which may involve returning monies to the federal agency.1 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Division, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires the federal awarding agencies’ management decision to clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
Assistance Listings numbers and names: 93.568 Low-Income Home Energy Assistance 93.568 COVID-19 Low-Income Home Energy Assistance Award numbers and years: 2001AZLIEA and 2001AZE5C3, 2020; 2101AZLIEA and 2101AZE5C6, 2021; 2201AZLIEA and 2101AZLIE4, 2022 Federal agency: U.S. Department of Health and Human Services Compliance requirement: Earmarking Questioned costs: $211,916 Condition—Contrary to federal law, the Department of Economic Security—Division of Aging and Adult Services (Division), failed to limit its spending for weatherization and exceeded the 15 percent maximum weatherization earmarking threshold of $4,288,749. Specifically, for one of its awards (2001AZLIEA), the Division spent $4,500,665 for low-cost residential weatherization and other energy-related home repairs, exceeding the program’s 15 percent maximum weatherization earmarking threshold by $211,916. Effect—The Division’s exceeding the maximum weatherization earmarking threshold resulted in less monies being available for the program’s other intended purposes, such as to assist low-income households to meet their home heating and cooling energy costs and reduce their vulnerability resulting from energy needs. In addition, the Division faces an increased risk that the U.S. Department of Health and Human Services (US DHHS) may require it to repay the misspent monies in accordance with Uniform Guidance requirements.1 Cause—The Division reported that newer staff involved in the program’s administration did not consider the limitation on weatherization expenditures when reviewing the final 2 expenditures before charging them to the 2020 award. In addition, the Division did not enable a feature in the State’s accounting system that could have alerted the Division that the award’s expenditures were approaching the limitation to help ensure it would not exceed the program’s weatherization limitation. Criteria—Federal law requires the Division to limit its program spending for low-cost residential weatherization or other energy-related home repairs to no more than 15 percent of its total program expenditures each fiscal year (42 USC §8624[k]). Also, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Division should: 1. Spend no more than the maximum 15 percent of program monies for weatherization or other energy-related home repairs. 2. Train newer staff administrating the program on the program’s weatherization limitation and on the Division’s policies and procedures to review and approve expenditures considering this limitation. 3. Enable the feature in the State’s accounting system to alert the Division of an award’s expenditures approaching the limitation to help ensure the Division does not exceed the weatherization limitation when spending program monies. 4. Work with U.S. DHHS to resolve the $211,916 the Division overspent for weatherization or other energy-related home repairs, which may involve returning monies to the federal agency.1 The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Division, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires the federal awarding agencies’ management decision to clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521).
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward