2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-040 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to subrecipients of the Low-Income Home Energy Assistance Program. Assistance Listing Number and Title: 93.568, Low-Income Home Energy Assistance Program 93.568, COVID-19 Low-Income Home Energy Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2201WALIEA; 2101WALIEA; 2201WALIEI; 2101WALWC5; 2101WEA5C6; 2102WALWC6 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Department of Commerce (Department) administers the Low-Income Home Energy Assistance Program, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2022, the Department spent more than $102 million in federal program funds, approximately $98 million of which it paid to subrecipients. Federal regulations require the Department to monitor its subrecipients? activities. This includes verifying that subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes on to subrecipients, the Department must follow up and ensure its subrecipients take timely and appropriate corrective action on all deficiencies identified through audits, onsite reviews and other means. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of acceptance of the audit report by Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reasons for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to the program?s subrecipients. The Department had a process in place to monitor that program subrecipients received single audits. However, for the first half of the audit period, it did not have a process in place to issue, communicate and follow up on management decisions to its subrecipients when program findings were issued. During the audit period, the Department had 26 subrecipients that were required to submit a single audit. One subrecipient received a finding for which the Department was required to issue a management decision. We found the Department did not issue a management decision for this subrecipient. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Management did not establish sufficient internal controls or monitoring procedures to ensure the Department issued the required management decisions. The Department also lacks written policies over issuing management decisions to its federal program subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitor them for effectiveness, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Department: ? Establish effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the program ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Department?s Response The Department of Commerce concurs with the finding. The Department hired an Internal Control Officer in November 2021 assigned to complete the required verification of Federal Audit Clearinghouse (FAC) submissions. This process was completed for all recipients who expended $750,000 or more in federal funds passed through the Department. One subrecipients submission selected for testing was verified, however, a formal management decision was not issued. The audit report submitted to the FAC included various errors which included no identification of the pass through entity (the Department of Commerce) as part of the finding and the Schedule of Expenditure of Federal Awards (SEFA) reported the wrong state agency?s acronym. The Department of Corrections was listed, not Commerce as required. The accurate reporting of the pass through entity in the audit report is imperative for Commerce to identify who they are required to issue a management decision for. A comprehensive spreadsheet of the Department?s management decision was maintained, however, the subrecipient selected for testing was omitted. The Department currently has a robust and comprehensive process to identify required reporters, verify their submission to the FAC, document late or non-reporters, and document communication requests for information related to submissions. The Department has also created a method to formally communicate the management decision to our subrecipients who have received Commerce funded audit findings. Our prior process included verbally discussing the finding, corrective action plans and Commerce requests with the subrecipient. Internal controls for the monitoring of federal reporting and issuing of management decisions have been in place since March 2022. Commerce management will continue to monitor the process and implement efficiencies to ensure continued compliance with all respects of the code of federal regulations. We appreciate the State Auditor?s Office thorough review of this process and recommendations. We anticipate all future audits will find the Department has employed strong internal controls supporting compliance with all requirements. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-040 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to subrecipients of the Low-Income Home Energy Assistance Program. Assistance Listing Number and Title: 93.568, Low-Income Home Energy Assistance Program 93.568, COVID-19 Low-Income Home Energy Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2201WALIEA; 2101WALIEA; 2201WALIEI; 2101WALWC5; 2101WEA5C6; 2102WALWC6 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Department of Commerce (Department) administers the Low-Income Home Energy Assistance Program, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2022, the Department spent more than $102 million in federal program funds, approximately $98 million of which it paid to subrecipients. Federal regulations require the Department to monitor its subrecipients? activities. This includes verifying that subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes on to subrecipients, the Department must follow up and ensure its subrecipients take timely and appropriate corrective action on all deficiencies identified through audits, onsite reviews and other means. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of acceptance of the audit report by Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reasons for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to the program?s subrecipients. The Department had a process in place to monitor that program subrecipients received single audits. However, for the first half of the audit period, it did not have a process in place to issue, communicate and follow up on management decisions to its subrecipients when program findings were issued. During the audit period, the Department had 26 subrecipients that were required to submit a single audit. One subrecipient received a finding for which the Department was required to issue a management decision. We found the Department did not issue a management decision for this subrecipient. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Management did not establish sufficient internal controls or monitoring procedures to ensure the Department issued the required management decisions. The Department also lacks written policies over issuing management decisions to its federal program subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitor them for effectiveness, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Department: ? Establish effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the program ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Department?s Response The Department of Commerce concurs with the finding. The Department hired an Internal Control Officer in November 2021 assigned to complete the required verification of Federal Audit Clearinghouse (FAC) submissions. This process was completed for all recipients who expended $750,000 or more in federal funds passed through the Department. One subrecipients submission selected for testing was verified, however, a formal management decision was not issued. The audit report submitted to the FAC included various errors which included no identification of the pass through entity (the Department of Commerce) as part of the finding and the Schedule of Expenditure of Federal Awards (SEFA) reported the wrong state agency?s acronym. The Department of Corrections was listed, not Commerce as required. The accurate reporting of the pass through entity in the audit report is imperative for Commerce to identify who they are required to issue a management decision for. A comprehensive spreadsheet of the Department?s management decision was maintained, however, the subrecipient selected for testing was omitted. The Department currently has a robust and comprehensive process to identify required reporters, verify their submission to the FAC, document late or non-reporters, and document communication requests for information related to submissions. The Department has also created a method to formally communicate the management decision to our subrecipients who have received Commerce funded audit findings. Our prior process included verbally discussing the finding, corrective action plans and Commerce requests with the subrecipient. Internal controls for the monitoring of federal reporting and issuing of management decisions have been in place since March 2022. Commerce management will continue to monitor the process and implement efficiencies to ensure continued compliance with all respects of the code of federal regulations. We appreciate the State Auditor?s Office thorough review of this process and recommendations. We anticipate all future audits will find the Department has employed strong internal controls supporting compliance with all requirements. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
Noncompliance and Material Weakness 2 CFR ? 400.1 gives regulatory effect to the Department of Agriculture for 2 CFR ? 200.303 which requires that non- Federal entities receiving Federal awards (i.e., auditee management) establish and maintain effective internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. 2 C.F.R. ? 200.514(c) requires auditors to obtain an understanding of the non-Federal entity?s internal control over Federal programs sufficient to plan the audit to support a low assessed level of control risk of noncompliance for major programs, and, unless internal control is likely to be ineffective, plan the testing of internal control over major programs to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each major program and perform testing of internal control as planned. 7 CFR ? 210.7(c) states, in part, ?to be entitled to reimbursement under this part, each school authority shall ensure that the Claim for Reimbursement accurately reflects the number of lunches and meal supplements served to eligible children, and the school food authority shall, at a minimum: (iii) Base Claims for Reimbursement on lunch counts, taken daily at the point of service, which correctly identify the number of free, reduced price and paid lunches served to eligible children; (iv) Correctly record, consolidate and report those lunch and supplement counts on the Claim for Reimbursement; and (v) Ensure that Claims for Reimbursement do not request payment for any excess lunches produced, as prohibited in ?210.10(a)(2), or non-Program lunches (i.e., a la carte or adult lunches) or for more than one meal supplement per child per day. 7 CFR ? 210.8(c) states the Claim for Reimbursement shall include data in sufficient detail to justify the reimbursement claimed and to enable the State agency to provide the Report of School Program Operations required under ?210.5(d) of this part. Such data shall include, at a minimum, the number of free, reduced price and paid lunches and meal supplements served to eligible children. The claim shall be signed by a school food authority official. Two out of thirty (6.7%) site claim forms submitted by the District to the Ohio Department of Education were inaccurate, since the District claimed more meals served than what was actually distributed. These errors occurred due to a weakness in internal controls, which failed to ensure site claim forms for reimbursable meals served at each building and submitted by the District to the Ohio Department of Education were entered correctly. Failure to properly report the number of eligible meals resulted in the District receiving unsubstantiated reimbursements totaling $837. The District should implement policies and procedures to help ensure that monthly site claim forms for all District buildings are reviewed and submitted to reflect actual counts for reimbursable meals served.
Noncompliance and Material Weakness 2 CFR ? 400.1 gives regulatory effect to the Department of Agriculture for 2 CFR ? 200.303 which requires that non- Federal entities receiving Federal awards (i.e., auditee management) establish and maintain effective internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. 2 C.F.R. ? 200.514(c) requires auditors to obtain an understanding of the non-Federal entity?s internal control over Federal programs sufficient to plan the audit to support a low assessed level of control risk of noncompliance for major programs, and, unless internal control is likely to be ineffective, plan the testing of internal control over major programs to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each major program and perform testing of internal control as planned. 7 CFR ? 210.7(c) states, in part, ?to be entitled to reimbursement under this part, each school authority shall ensure that the Claim for Reimbursement accurately reflects the number of lunches and meal supplements served to eligible children, and the school food authority shall, at a minimum: (iii) Base Claims for Reimbursement on lunch counts, taken daily at the point of service, which correctly identify the number of free, reduced price and paid lunches served to eligible children; (iv) Correctly record, consolidate and report those lunch and supplement counts on the Claim for Reimbursement; and (v) Ensure that Claims for Reimbursement do not request payment for any excess lunches produced, as prohibited in ?210.10(a)(2), or non-Program lunches (i.e., a la carte or adult lunches) or for more than one meal supplement per child per day. 7 CFR ? 210.8(c) states the Claim for Reimbursement shall include data in sufficient detail to justify the reimbursement claimed and to enable the State agency to provide the Report of School Program Operations required under ?210.5(d) of this part. Such data shall include, at a minimum, the number of free, reduced price and paid lunches and meal supplements served to eligible children. The claim shall be signed by a school food authority official. Two out of thirty (6.7%) site claim forms submitted by the District to the Ohio Department of Education were inaccurate, since the District claimed more meals served than what was actually distributed. These errors occurred due to a weakness in internal controls, which failed to ensure site claim forms for reimbursable meals served at each building and submitted by the District to the Ohio Department of Education were entered correctly. Failure to properly report the number of eligible meals resulted in the District receiving unsubstantiated reimbursements totaling $837. The District should implement policies and procedures to help ensure that monthly site claim forms for all District buildings are reviewed and submitted to reflect actual counts for reimbursable meals served.
Noncompliance and Material Weakness 2 CFR ? 400.1 gives regulatory effect to the Department of Agriculture for 2 CFR ? 200.303 which requires that non- Federal entities receiving Federal awards (i.e., auditee management) establish and maintain effective internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. 2 C.F.R. ? 200.514(c) requires auditors to obtain an understanding of the non-Federal entity?s internal control over Federal programs sufficient to plan the audit to support a low assessed level of control risk of noncompliance for major programs, and, unless internal control is likely to be ineffective, plan the testing of internal control over major programs to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each major program and perform testing of internal control as planned. 7 CFR ? 210.7(c) states, in part, ?to be entitled to reimbursement under this part, each school authority shall ensure that the Claim for Reimbursement accurately reflects the number of lunches and meal supplements served to eligible children, and the school food authority shall, at a minimum: (iii) Base Claims for Reimbursement on lunch counts, taken daily at the point of service, which correctly identify the number of free, reduced price and paid lunches served to eligible children; (iv) Correctly record, consolidate and report those lunch and supplement counts on the Claim for Reimbursement; and (v) Ensure that Claims for Reimbursement do not request payment for any excess lunches produced, as prohibited in ?210.10(a)(2), or non-Program lunches (i.e., a la carte or adult lunches) or for more than one meal supplement per child per day. 7 CFR ? 210.8(c) states the Claim for Reimbursement shall include data in sufficient detail to justify the reimbursement claimed and to enable the State agency to provide the Report of School Program Operations required under ?210.5(d) of this part. Such data shall include, at a minimum, the number of free, reduced price and paid lunches and meal supplements served to eligible children. The claim shall be signed by a school food authority official. Two out of thirty (6.7%) site claim forms submitted by the District to the Ohio Department of Education were inaccurate, since the District claimed more meals served than what was actually distributed. These errors occurred due to a weakness in internal controls, which failed to ensure site claim forms for reimbursable meals served at each building and submitted by the District to the Ohio Department of Education were entered correctly. Failure to properly report the number of eligible meals resulted in the District receiving unsubstantiated reimbursements totaling $837. The District should implement policies and procedures to help ensure that monthly site claim forms for all District buildings are reviewed and submitted to reflect actual counts for reimbursable meals served.
Noncompliance and Material Weakness 2 CFR ? 400.1 gives regulatory effect to the Department of Agriculture for 2 CFR ? 200.303 which requires that non- Federal entities receiving Federal awards (i.e., auditee management) establish and maintain effective internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. 2 C.F.R. ? 200.514(c) requires auditors to obtain an understanding of the non-Federal entity?s internal control over Federal programs sufficient to plan the audit to support a low assessed level of control risk of noncompliance for major programs, and, unless internal control is likely to be ineffective, plan the testing of internal control over major programs to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each major program and perform testing of internal control as planned. 7 CFR ? 210.7(c) states, in part, ?to be entitled to reimbursement under this part, each school authority shall ensure that the Claim for Reimbursement accurately reflects the number of lunches and meal supplements served to eligible children, and the school food authority shall, at a minimum: (iii) Base Claims for Reimbursement on lunch counts, taken daily at the point of service, which correctly identify the number of free, reduced price and paid lunches served to eligible children; (iv) Correctly record, consolidate and report those lunch and supplement counts on the Claim for Reimbursement; and (v) Ensure that Claims for Reimbursement do not request payment for any excess lunches produced, as prohibited in ?210.10(a)(2), or non-Program lunches (i.e., a la carte or adult lunches) or for more than one meal supplement per child per day. 7 CFR ? 210.8(c) states the Claim for Reimbursement shall include data in sufficient detail to justify the reimbursement claimed and to enable the State agency to provide the Report of School Program Operations required under ?210.5(d) of this part. Such data shall include, at a minimum, the number of free, reduced price and paid lunches and meal supplements served to eligible children. The claim shall be signed by a school food authority official. Two out of thirty (6.7%) site claim forms submitted by the District to the Ohio Department of Education were inaccurate, since the District claimed more meals served than what was actually distributed. These errors occurred due to a weakness in internal controls, which failed to ensure site claim forms for reimbursable meals served at each building and submitted by the District to the Ohio Department of Education were entered correctly. Failure to properly report the number of eligible meals resulted in the District receiving unsubstantiated reimbursements totaling $837. The District should implement policies and procedures to help ensure that monthly site claim forms for all District buildings are reviewed and submitted to reflect actual counts for reimbursable meals served.
2022-001 ? Child Nutrition Cluster: National School Lunch Program Federal Agency: U.S. Department of Agriculture Federal Program Title: Child Nutrition Cluster: National School Lunch Program FAL Number: 10.555 Pass-Through Agency: California Department of Education Pass-Through Number: 23165 Award Period: July 1, 2021 ? June 30, 2022 Type of Finding: Significant Deficiency in Internal Control over Reimbursed Meal Claims Condition: During the sampled selection of three months of meal claims, the month of January 2022, had a clerical error that resulted in a duplication of the School's lunch meal claims of 173 additional meals. Criteria or specific requirement: Per 2 CFR section 200.514, in assessing the internal controls over reimbursement of meal claims, it was noted an additional review of reimbursements prior to submission was not accurately performed. Context: We reviewed the underlying support of the reimbursement meal claims was accurate; however, upon entering the reimbursement claims into the system, there was a clerical error that was not identified. The combined elementary school and middle school meal claims was entered into the reimbursement submission software, rather than reporting only elementary school, which resulted in a duplication of the middle school reimbursement claims. Questioned Costs: No questioned costs Effect: Over-reporting of middle school reimbursement meal claims of 173 meals. Cause: Clerical error and lack of secondary review of inputs prior to reimbursement meal claim submission. Repeat Finding: Not a repeat finding. Recommendation: We recommend the School design an additional internal control to review the reimbursement meal claim to underlying support prior to submission. Views of responsible officials and Corrective Action Plan: The School will implement an additional internal control to review the reimbursement meal claim to underlying support prior to submission, with evidence of review.
REPORTING Immaterial Noncompliance 2022-026 Ensure Compliance with Reporting Requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. ALN Number 93.767- Children's Health Insurance Program (CHIP) 93.778-Medical Assistance Program (Medicaid; Title XIX) Federal Award No. All Current Active Grants Federal Agency Department of Health and Human Services (HSS) Pass-through Entity NI A Questioned Costs $206,763 Criteria Code of Federal Regulations (45 CFR ? 95.517) states, "A State must claim FFP for costs associated with a program only in accordance with its approved cost allocation plan. However, if a State has submitted a plan or plan amendment for a State agency, it may, at its option claim FFP based on the proposed plan or plan amendment, unless otherwise advised by the DCA." Per the Mississippi Division of Medicaid Cost Allocation Plan, the Children's Health Insurance Program (CHIP) administration cost pool consists of costs of contracted services to support the administration of CHIP and the allocation method is direct to CHIP. The Code of Federal Regulations (2 CFR ? 200.511) tasks auditees with the responsibility for follow-up and corrective action on all audit findings. As a part of this responsibility, auditees are required to report the status of all audit findings included in the prior audit's schedule of findings and questioned costs. Auditees may either note that the finding has been 1) fully corrected, 2) partially corrected or 3) not corrected. Code of Federal Regulations (2 CFR ? 200.514(e)) states, "The auditor must follow-up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings prepared by the auditee in accordance with ? 200.51l(b), and report, as a current year audit finding, when the auditor concludes that the summary schedule of prior audit findings materially misrepresents the status of any prior audit finding." Condition During testwork performed over Quarterly Children's Health Insurance Program Statement of Expenditures for Title XXI reporting requirements, the auditor noted administration expenditures for the quarters ended September 2021 and December 2021 included indirect costs of $97,484 and $109,279 respectively. The Mississippi Division of Medicaid (MDOM) Summary Schedule of Prior Federal Audit Findings dated March 8, 2023, states finding 2021-041 Strengthen controls to ensure compliance with eligibility requirements of the Medical Assistance Program and the Children's Health Insurance Program (CHIP) has been "Fully Corrected". However, during testwork performed over eligibility requirements for the Medical Assistance Program and the Children's Health Insurance Program (CHIP), auditor noted the finding as a repeat finding (2022- 025) in fiscal year 2022. Cause The incorrect cost allocation method was used for administration expenditures of the Children's Health Insurance Program (CHIP). The Mississippi Division of Medicaid did not concur with finding 2021-041 in the prior year. Effect Failure to comply with federal requirements could result in questioned costs and the possible recoupment of funds by the federal granting agency Recommendation We recommend the Mississippi Division of Medicaid ensure compliance with reporting requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. Repeat Finding No. Statistically Valid No.
REPORTING Immaterial Noncompliance 2022-026 Ensure Compliance with Reporting Requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. ALN Number 93.767- Children's Health Insurance Program (CHIP) 93.778-Medical Assistance Program (Medicaid; Title XIX) Federal Award No. All Current Active Grants Federal Agency Department of Health and Human Services (HSS) Pass-through Entity NI A Questioned Costs $206,763 Criteria Code of Federal Regulations (45 CFR ? 95.517) states, "A State must claim FFP for costs associated with a program only in accordance with its approved cost allocation plan. However, if a State has submitted a plan or plan amendment for a State agency, it may, at its option claim FFP based on the proposed plan or plan amendment, unless otherwise advised by the DCA." Per the Mississippi Division of Medicaid Cost Allocation Plan, the Children's Health Insurance Program (CHIP) administration cost pool consists of costs of contracted services to support the administration of CHIP and the allocation method is direct to CHIP. The Code of Federal Regulations (2 CFR ? 200.511) tasks auditees with the responsibility for follow-up and corrective action on all audit findings. As a part of this responsibility, auditees are required to report the status of all audit findings included in the prior audit's schedule of findings and questioned costs. Auditees may either note that the finding has been 1) fully corrected, 2) partially corrected or 3) not corrected. Code of Federal Regulations (2 CFR ? 200.514(e)) states, "The auditor must follow-up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings prepared by the auditee in accordance with ? 200.51l(b), and report, as a current year audit finding, when the auditor concludes that the summary schedule of prior audit findings materially misrepresents the status of any prior audit finding." Condition During testwork performed over Quarterly Children's Health Insurance Program Statement of Expenditures for Title XXI reporting requirements, the auditor noted administration expenditures for the quarters ended September 2021 and December 2021 included indirect costs of $97,484 and $109,279 respectively. The Mississippi Division of Medicaid (MDOM) Summary Schedule of Prior Federal Audit Findings dated March 8, 2023, states finding 2021-041 Strengthen controls to ensure compliance with eligibility requirements of the Medical Assistance Program and the Children's Health Insurance Program (CHIP) has been "Fully Corrected". However, during testwork performed over eligibility requirements for the Medical Assistance Program and the Children's Health Insurance Program (CHIP), auditor noted the finding as a repeat finding (2022- 025) in fiscal year 2022. Cause The incorrect cost allocation method was used for administration expenditures of the Children's Health Insurance Program (CHIP). The Mississippi Division of Medicaid did not concur with finding 2021-041 in the prior year. Effect Failure to comply with federal requirements could result in questioned costs and the possible recoupment of funds by the federal granting agency Recommendation We recommend the Mississippi Division of Medicaid ensure compliance with reporting requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. Repeat Finding No. Statistically Valid No.
REPORTING Immaterial Noncompliance 2022-026 Ensure Compliance with Reporting Requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. ALN Number 93.767- Children's Health Insurance Program (CHIP) 93.778-Medical Assistance Program (Medicaid; Title XIX) Federal Award No. All Current Active Grants Federal Agency Department of Health and Human Services (HSS) Pass-through Entity NI A Questioned Costs $206,763 Criteria Code of Federal Regulations (45 CFR ? 95.517) states, "A State must claim FFP for costs associated with a program only in accordance with its approved cost allocation plan. However, if a State has submitted a plan or plan amendment for a State agency, it may, at its option claim FFP based on the proposed plan or plan amendment, unless otherwise advised by the DCA." Per the Mississippi Division of Medicaid Cost Allocation Plan, the Children's Health Insurance Program (CHIP) administration cost pool consists of costs of contracted services to support the administration of CHIP and the allocation method is direct to CHIP. The Code of Federal Regulations (2 CFR ? 200.511) tasks auditees with the responsibility for follow-up and corrective action on all audit findings. As a part of this responsibility, auditees are required to report the status of all audit findings included in the prior audit's schedule of findings and questioned costs. Auditees may either note that the finding has been 1) fully corrected, 2) partially corrected or 3) not corrected. Code of Federal Regulations (2 CFR ? 200.514(e)) states, "The auditor must follow-up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings prepared by the auditee in accordance with ? 200.51l(b), and report, as a current year audit finding, when the auditor concludes that the summary schedule of prior audit findings materially misrepresents the status of any prior audit finding." Condition During testwork performed over Quarterly Children's Health Insurance Program Statement of Expenditures for Title XXI reporting requirements, the auditor noted administration expenditures for the quarters ended September 2021 and December 2021 included indirect costs of $97,484 and $109,279 respectively. The Mississippi Division of Medicaid (MDOM) Summary Schedule of Prior Federal Audit Findings dated March 8, 2023, states finding 2021-041 Strengthen controls to ensure compliance with eligibility requirements of the Medical Assistance Program and the Children's Health Insurance Program (CHIP) has been "Fully Corrected". However, during testwork performed over eligibility requirements for the Medical Assistance Program and the Children's Health Insurance Program (CHIP), auditor noted the finding as a repeat finding (2022- 025) in fiscal year 2022. Cause The incorrect cost allocation method was used for administration expenditures of the Children's Health Insurance Program (CHIP). The Mississippi Division of Medicaid did not concur with finding 2021-041 in the prior year. Effect Failure to comply with federal requirements could result in questioned costs and the possible recoupment of funds by the federal granting agency Recommendation We recommend the Mississippi Division of Medicaid ensure compliance with reporting requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. Repeat Finding No. Statistically Valid No.
REPORTING Immaterial Noncompliance 2022-026 Ensure Compliance with Reporting Requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. ALN Number 93.767- Children's Health Insurance Program (CHIP) 93.778-Medical Assistance Program (Medicaid; Title XIX) Federal Award No. All Current Active Grants Federal Agency Department of Health and Human Services (HSS) Pass-through Entity NI A Questioned Costs $206,763 Criteria Code of Federal Regulations (45 CFR ? 95.517) states, "A State must claim FFP for costs associated with a program only in accordance with its approved cost allocation plan. However, if a State has submitted a plan or plan amendment for a State agency, it may, at its option claim FFP based on the proposed plan or plan amendment, unless otherwise advised by the DCA." Per the Mississippi Division of Medicaid Cost Allocation Plan, the Children's Health Insurance Program (CHIP) administration cost pool consists of costs of contracted services to support the administration of CHIP and the allocation method is direct to CHIP. The Code of Federal Regulations (2 CFR ? 200.511) tasks auditees with the responsibility for follow-up and corrective action on all audit findings. As a part of this responsibility, auditees are required to report the status of all audit findings included in the prior audit's schedule of findings and questioned costs. Auditees may either note that the finding has been 1) fully corrected, 2) partially corrected or 3) not corrected. Code of Federal Regulations (2 CFR ? 200.514(e)) states, "The auditor must follow-up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings prepared by the auditee in accordance with ? 200.51l(b), and report, as a current year audit finding, when the auditor concludes that the summary schedule of prior audit findings materially misrepresents the status of any prior audit finding." Condition During testwork performed over Quarterly Children's Health Insurance Program Statement of Expenditures for Title XXI reporting requirements, the auditor noted administration expenditures for the quarters ended September 2021 and December 2021 included indirect costs of $97,484 and $109,279 respectively. The Mississippi Division of Medicaid (MDOM) Summary Schedule of Prior Federal Audit Findings dated March 8, 2023, states finding 2021-041 Strengthen controls to ensure compliance with eligibility requirements of the Medical Assistance Program and the Children's Health Insurance Program (CHIP) has been "Fully Corrected". However, during testwork performed over eligibility requirements for the Medical Assistance Program and the Children's Health Insurance Program (CHIP), auditor noted the finding as a repeat finding (2022- 025) in fiscal year 2022. Cause The incorrect cost allocation method was used for administration expenditures of the Children's Health Insurance Program (CHIP). The Mississippi Division of Medicaid did not concur with finding 2021-041 in the prior year. Effect Failure to comply with federal requirements could result in questioned costs and the possible recoupment of funds by the federal granting agency Recommendation We recommend the Mississippi Division of Medicaid ensure compliance with reporting requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. Repeat Finding No. Statistically Valid No.
REPORTING Immaterial Noncompliance 2022-026 Ensure Compliance with Reporting Requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. ALN Number 93.767- Children's Health Insurance Program (CHIP) 93.778-Medical Assistance Program (Medicaid; Title XIX) Federal Award No. All Current Active Grants Federal Agency Department of Health and Human Services (HSS) Pass-through Entity NI A Questioned Costs $206,763 Criteria Code of Federal Regulations (45 CFR ? 95.517) states, "A State must claim FFP for costs associated with a program only in accordance with its approved cost allocation plan. However, if a State has submitted a plan or plan amendment for a State agency, it may, at its option claim FFP based on the proposed plan or plan amendment, unless otherwise advised by the DCA." Per the Mississippi Division of Medicaid Cost Allocation Plan, the Children's Health Insurance Program (CHIP) administration cost pool consists of costs of contracted services to support the administration of CHIP and the allocation method is direct to CHIP. The Code of Federal Regulations (2 CFR ? 200.511) tasks auditees with the responsibility for follow-up and corrective action on all audit findings. As a part of this responsibility, auditees are required to report the status of all audit findings included in the prior audit's schedule of findings and questioned costs. Auditees may either note that the finding has been 1) fully corrected, 2) partially corrected or 3) not corrected. Code of Federal Regulations (2 CFR ? 200.514(e)) states, "The auditor must follow-up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings prepared by the auditee in accordance with ? 200.51l(b), and report, as a current year audit finding, when the auditor concludes that the summary schedule of prior audit findings materially misrepresents the status of any prior audit finding." Condition During testwork performed over Quarterly Children's Health Insurance Program Statement of Expenditures for Title XXI reporting requirements, the auditor noted administration expenditures for the quarters ended September 2021 and December 2021 included indirect costs of $97,484 and $109,279 respectively. The Mississippi Division of Medicaid (MDOM) Summary Schedule of Prior Federal Audit Findings dated March 8, 2023, states finding 2021-041 Strengthen controls to ensure compliance with eligibility requirements of the Medical Assistance Program and the Children's Health Insurance Program (CHIP) has been "Fully Corrected". However, during testwork performed over eligibility requirements for the Medical Assistance Program and the Children's Health Insurance Program (CHIP), auditor noted the finding as a repeat finding (2022- 025) in fiscal year 2022. Cause The incorrect cost allocation method was used for administration expenditures of the Children's Health Insurance Program (CHIP). The Mississippi Division of Medicaid did not concur with finding 2021-041 in the prior year. Effect Failure to comply with federal requirements could result in questioned costs and the possible recoupment of funds by the federal granting agency Recommendation We recommend the Mississippi Division of Medicaid ensure compliance with reporting requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. Repeat Finding No. Statistically Valid No.
REPORTING Immaterial Noncompliance 2022-026 Ensure Compliance with Reporting Requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. ALN Number 93.767- Children's Health Insurance Program (CHIP) 93.778-Medical Assistance Program (Medicaid; Title XIX) Federal Award No. All Current Active Grants Federal Agency Department of Health and Human Services (HSS) Pass-through Entity NI A Questioned Costs $206,763 Criteria Code of Federal Regulations (45 CFR ? 95.517) states, "A State must claim FFP for costs associated with a program only in accordance with its approved cost allocation plan. However, if a State has submitted a plan or plan amendment for a State agency, it may, at its option claim FFP based on the proposed plan or plan amendment, unless otherwise advised by the DCA." Per the Mississippi Division of Medicaid Cost Allocation Plan, the Children's Health Insurance Program (CHIP) administration cost pool consists of costs of contracted services to support the administration of CHIP and the allocation method is direct to CHIP. The Code of Federal Regulations (2 CFR ? 200.511) tasks auditees with the responsibility for follow-up and corrective action on all audit findings. As a part of this responsibility, auditees are required to report the status of all audit findings included in the prior audit's schedule of findings and questioned costs. Auditees may either note that the finding has been 1) fully corrected, 2) partially corrected or 3) not corrected. Code of Federal Regulations (2 CFR ? 200.514(e)) states, "The auditor must follow-up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings prepared by the auditee in accordance with ? 200.51l(b), and report, as a current year audit finding, when the auditor concludes that the summary schedule of prior audit findings materially misrepresents the status of any prior audit finding." Condition During testwork performed over Quarterly Children's Health Insurance Program Statement of Expenditures for Title XXI reporting requirements, the auditor noted administration expenditures for the quarters ended September 2021 and December 2021 included indirect costs of $97,484 and $109,279 respectively. The Mississippi Division of Medicaid (MDOM) Summary Schedule of Prior Federal Audit Findings dated March 8, 2023, states finding 2021-041 Strengthen controls to ensure compliance with eligibility requirements of the Medical Assistance Program and the Children's Health Insurance Program (CHIP) has been "Fully Corrected". However, during testwork performed over eligibility requirements for the Medical Assistance Program and the Children's Health Insurance Program (CHIP), auditor noted the finding as a repeat finding (2022- 025) in fiscal year 2022. Cause The incorrect cost allocation method was used for administration expenditures of the Children's Health Insurance Program (CHIP). The Mississippi Division of Medicaid did not concur with finding 2021-041 in the prior year. Effect Failure to comply with federal requirements could result in questioned costs and the possible recoupment of funds by the federal granting agency Recommendation We recommend the Mississippi Division of Medicaid ensure compliance with reporting requirements of the Children's Health Insurance Program (CHIP) and the Medical Assistance Program. Repeat Finding No. Statistically Valid No.
2022-003 Accuracy of Federal Reports Criteria: 2 CFR Section 200.514(c) requires NPOs to maintain records that support the allocation of indirect costs to each Federal Award. These Federal reports include all activity of the reporting period supported by the applicable accounting or performance records and are fairly presented in accordance with governing requirements. Condition: The management was not able to provide accurate supporting schedule to corroborate the reports submitted to the funding agency. Cause of Condition: This is the first time that Cleveland Umadaop is subject to Single Audit. The management may not have a complete understanding of the requirements for documenting the support that should corroborate the reports submitted to the agency or may not be aware of the risks associated with not documenting their supporting schedules. Effect: Failure to provide accurate supporting documentation that matches the federal reports could result in non-compliance with the terms and conditions of the Federal Award. This may lead to the suspension or termination of the award, and the management may be required to return any funds that were improperly spent or may fail to receive the maximum allowable reimbursement for indirect costs. Questioned Cost: Not quantifiable. Recommendation: To avoid these potential effects, we recommend that it is important for the management to ensure that their federal reports are accurate and supported by appropriate documentation. This can be achieved by implementing strong internal controls and processes for managing and documenting costs, and by regularly reviewing and reconciling financial records to ensure that they are consistent with the federal reports submitted. Description of the Nature and Extent of Issues Reported: We considered material noncompliance of 5% of the total awards expended for the program amounting to $33,187.
New York City Department of Health and Mental Hygiene ("DOHMH") Finding #: 2022-006 Funding Year(s): 7/1/2021 ? 6/30/2022 Public Health Emergency Preparedness (FAL #93.069) Contract Numbers: NU90TP922035 Federal Agency: U.S. Department of Health and Human Services Type of Finding: Level of Effort ? Compliance and Internal Control (Control Deficiency) Criteria: The 2 CFR section 200.514(d)(3) states that for those federal programs not covered in the compliance supplement the auditor must use the types of compliance requirements contained and described in Part 3 of the compliance supplement as guidance for identifying the types of compliance requirements to test, and determine the requirements governing the federal program by reviewing the provisions of the federal award or pass-through agency sub-award, and the laws and regulations referred in such awards. As stipulated by Public Health Solutions ("PHS"), the pass-through agency, in its sub-award agreement, Awardees must maintain non-federal expenditures for health-care preparedness and public health security at a level that is not less than the average level of such non-federal expenditures maintained by the awardee for the preceding two-year (2) period. Condition/Context: We noted that total Public Health Emergency Preparedness (?PHEP?) non-federal expenditures for the current year were below the average level of non-federal expenditures for the preceding two-year (2) period. Non-federal expenditures to the program for FY2022 totaled $2,091,743; whereas the average non-federal expenditures for FY2020 & FY2021 totaled $2,482,528. Cause/Effect: While DOHMH has a process in place to track and calculate non-federal expenditures for health-care preparedness and public health security, they did not consistently ensure progressive non-federal expenditures were adequately meeting the appropriate level of effort requirements. As a result, total programmatic non-federal expenditures for the year totaled less than the level of effort requirement. Questioned Costs: None identified Identification as a Repeat Finding: This is not a repeat finding Recommendation: We recommend that DOHMH strengthen their internal controls regarding compliance surrounding the level of effort requirements, including the appropriate tracking of progressive non-federal expenditures to ensure programmatic level of effort requirements are met. Finding #: 2022-006 Funding Year(s): 7/1/2021 ? 6/30/2022 Public Health Emergency Preparedness (FAL #93.069) Contract Numbers: NU90TP922035 Federal Agency: U.S. Department of Health and Human Services Type of Finding: Level of Effort ? Compliance and Internal Control (Control Deficiency) Criteria: The 2 CFR section 200.514(d)(3) states that for those federal programs not covered in the compliance supplement the auditor must use the types of compliance requirements contained and described in Part 3 of the compliance supplement as guidance for identifying the types of compliance requirements to test, and determine the requirements governing the federal program by reviewing the provisions of the federal award or pass-through agency sub-award, and the laws and regulations referred in such awards. As stipulated by Public Health Solutions ("PHS"), the pass-through agency, in its sub-award agreement, Awardees must maintain non-federal expenditures for health-care preparedness and public health security at a level that is not less than the average level of such non-federal expenditures maintained by the awardee for the preceding two-year (2) period. Condition/Context: We noted that total Public Health Emergency Preparedness (?PHEP?) non-federal expenditures for the current year were below the average level of non-federal expenditures for the preceding two-year (2) period. Non-federal expenditures to the program for FY2022 totaled $2,091,743; whereas the average non-federal expenditures for FY2020 & FY2021 totaled $2,482,528. Cause/Effect: While DOHMH has a process in place to track and calculate non-federal expenditures for health-care preparedness and public health security, they did not consistently ensure progressive non-federal expenditures were adequately meeting the appropriate level of effort requirements. As a result, total programmatic non-federal expenditures for the year totaled less than the level of effort requirement. Questioned Costs: None identified Identification as a Repeat Finding: This is not a repeat finding Recommendation: We recommend that DOHMH strengthen their internal controls regarding compliance surrounding the level of effort requirements, including the appropriate tracking of progressive non-federal expenditures to ensure programmatic level of effort requirements are met.
MATERIAL WEAKNESSES 2022-001 - Procurement, Suspension and Debarment Federal Program Information: US Department of Agriculture - ALN# - 10.555/10.559/10.582 - Child Nutrition Cluster Criteria: The following CFR(s) apply to this finding: 2 CFR 200.514(c), 2 CFR section 200.305(b)(3). Condition: During audit procedures, it was identified that the Unit was not completing procurement documentation for all purchases being made outside of the Food Directors Management Contract. Cause: The Unit does not have the necessary internal controls over compliance. Effect: Not completing this documentation could result in purchasing from vendors who have been debarred. Identification of Questioned Costs: None identified. Context: Not all of the samples tested had the appropriate procurement form attached. Repeat Finding: This is not a repeat finding. Recommendation: It is recommended that the Unit implement internal control processes and procedures to ensure that federal procurement form is completed for any vendors used outside of the Food Directors Management Contract. Views of Responsible Officials and Corrective Action Plan: Please see the Corrective Action Plan issued by the Green Mountain Unified School District.
MATERIAL WEAKNESSES 2022-001 - Procurement, Suspension and Debarment Federal Program Information: US Department of Agriculture - ALN# - 10.555/10.559/10.582 - Child Nutrition Cluster Criteria: The following CFR(s) apply to this finding: 2 CFR 200.514(c), 2 CFR section 200.305(b)(3). Condition: During audit procedures, it was identified that the Unit was not completing procurement documentation for all purchases being made outside of the Food Directors Management Contract. Cause: The Unit does not have the necessary internal controls over compliance. Effect: Not completing this documentation could result in purchasing from vendors who have been debarred. Identification of Questioned Costs: None identified. Context: Not all of the samples tested had the appropriate procurement form attached. Repeat Finding: This is not a repeat finding. Recommendation: It is recommended that the Unit implement internal control processes and procedures to ensure that federal procurement form is completed for any vendors used outside of the Food Directors Management Contract. Views of Responsible Officials and Corrective Action Plan: Please see the Corrective Action Plan issued by the Green Mountain Unified School District.
MATERIAL WEAKNESSES 2022-001 - Procurement, Suspension and Debarment Federal Program Information: US Department of Agriculture - ALN# - 10.555/10.559/10.582 - Child Nutrition Cluster Criteria: The following CFR(s) apply to this finding: 2 CFR 200.514(c), 2 CFR section 200.305(b)(3). Condition: During audit procedures, it was identified that the Unit was not completing procurement documentation for all purchases being made outside of the Food Directors Management Contract. Cause: The Unit does not have the necessary internal controls over compliance. Effect: Not completing this documentation could result in purchasing from vendors who have been debarred. Identification of Questioned Costs: None identified. Context: Not all of the samples tested had the appropriate procurement form attached. Repeat Finding: This is not a repeat finding. Recommendation: It is recommended that the Unit implement internal control processes and procedures to ensure that federal procurement form is completed for any vendors used outside of the Food Directors Management Contract. Views of Responsible Officials and Corrective Action Plan: Please see the Corrective Action Plan issued by the Green Mountain Unified School District.
MATERIAL WEAKNESSES 2022-001 - Procurement, Suspension and Debarment Federal Program Information: US Department of Agriculture - ALN# - 10.555/10.559/10.582 - Child Nutrition Cluster Criteria: The following CFR(s) apply to this finding: 2 CFR 200.514(c), 2 CFR section 200.305(b)(3). Condition: During audit procedures, it was identified that the Unit was not completing procurement documentation for all purchases being made outside of the Food Directors Management Contract. Cause: The Unit does not have the necessary internal controls over compliance. Effect: Not completing this documentation could result in purchasing from vendors who have been debarred. Identification of Questioned Costs: None identified. Context: Not all of the samples tested had the appropriate procurement form attached. Repeat Finding: This is not a repeat finding. Recommendation: It is recommended that the Unit implement internal control processes and procedures to ensure that federal procurement form is completed for any vendors used outside of the Food Directors Management Contract. Views of Responsible Officials and Corrective Action Plan: Please see the Corrective Action Plan issued by the Green Mountain Unified School District.
2022-030 Strengthen Controls over the Summary Schedule of Prior Audit Findings Compliance Requirement: Other Internal Control Impact: Material Weakness Compliance Impact: Material Noncompliance Federal Awarding Agency: U.S. Department of Labor Pass-Through Entity: None AL Numbers and Titles: 17.225 ? Unemployment Insurance 17.225 ? COVID-19 ? Unemployment Insurance Federal Award Number: UI328881855A13 (Year: 2018), UI325941955A13 (Year: 2019), UI328341960A13 (Year: 2019), UI340532055A13 (Year: 2020), UI341592055A13 (Year: 2020), UI344912060A13 (Year: 2020), UI347102055A13 (Year: 2020), UI356432155A13 (Year: 2021), UI356992155A13 (Year: 2021), UI359392160A13 (Year: 2021) Questioned Costs: None Identified Description: The Georgia Department of Labor materially misrepresented the status of two prior period audit findings as reported on the Summary Schedule of Prior Audit Findings. Background Information: The State Accounting Office (SAO) is responsible for preparing the Summary Schedule of Prior Audit Findings for inclusion in the State of Georgia?s (State) Single Audit report. All prior audit findings that were not shown as being resolved in the State?s prior year Single Audit report are reflected within the current year Summary Schedule of Prior Audit Findings. The SAO requires each State agency to submit information associated with their individual prior audit findings, including the status and response. This information is, then, compiled to create the State?s final Summary Schedule of Prior Audit Findings each year. Criteria: As a recipient of federal awards, the Georgia Department of Labor (DOL) is required to establish and maintain effective internal control over federal awards that provides reasonable assurance of managing the federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards pursuant to Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), Section 200.303 ? Internal Controls. Provisions reflected within the Uniform Guidance, Section 200.511 ? Audit Findings Follow-Up state that ?The auditee is responsible for follow-up and corrective action on all audit findings. As part of this responsibility the auditee must prepare a summary schedule of prior audit findings? That summary schedule of prior audit findings must report the status of all audit findings included in the prior audit?s schedule of findings and questioned costs? When audit findings were not corrected or were only partially corrected, the summary schedule must describe the reasons for the finding?s recurrence and planned corrective action, and any partial corrective action taken?? Additionally, provisions reflected within the Uniform Guidance, Section 200.514 ? Scope of Audit explain the auditor?s responsibilities associated with audit follow-up and state, ?The auditor must follow-up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings prepared by the auditee? and report, as a current year audit finding, when the auditor concludes that the summary schedule of prior audit findings materiality misrepresents the status of any prior audit finding.? Condition: Management of the DOL indicated on the Summary Schedule of Prior Audit Findings for the year ended June 30, 2022 that the following prior audit findings had been fully corrected: ? 2020-036 ? Improve Controls over Eligibility Determinations ? 2021-036 ? Improve Controls over Employer-Filed Claims However, in performing follow-up and current period audit procedures associated with the Unemployment Insurance program, it was determined that these audit findings were unresolved and would be repeated in the current period as planned corrective actions had not been adequately implemented and current period deficiencies and/or questioned costs were identified. Cause: The DOL management believed that the prior period audit findings were resolved as the U.S. Department of Labor review of these audit findings was closed; however, given that repeat, current period audit findings were issued, these prior period audit findings were clearly unresolved. Effect: The Summary Schedule of Prior Audit Findings reflects the material misrepresentation of the status of two prior audit findings, and therefore, the DOL is not in compliance with provisions reflected within the Uniform Guidance. Additionally, incorrect information regarding the status of these audit findings will be reported to the U.S. Department of Labor through the Federal Audit Clearinghouse. Recommendation: The DOL management should develop and implement procedures to ensure that the status of each prior audit finding is reported in an accurate manner. In addition, the DOL should ensure that staff responsible for submitting the status of prior period audit findings are trained and understand their responsibilities associated with the Summary Schedule of Prior Audit Findings under the Uniform Guidance. Views of Responsible Officials: We do not concur with this finding. GDOL Response: As Georgia progressed towards addressing and pursuing efforts to resolve outstanding CARES Act matters, impediments such as limited workforce and system restrictions hindered progress. Such factors, imposed upon the intents to make system changes, corrections and enhancements. We have taken the following corrective actions in an ongoing effort to bring these findings to full resolution: 2020- 036 Improve Controls Over Eligibility Determinations In addition to steadily reviewing and determining eligibility of responses providing proof of PUA employment and wages, a task force has been established to assist with this effort. An ongoing campaign is in progress to onboard additional resources to increase the cadence of addressing these items. Claimants who fail to provide adequate proof are manually reconsidered and overpayments established appropriately. Since this process is manually reviewed by staff rather than by system automation, we anticipate this effort will take approximately 60 weeks to complete. When there are indications of potential fraud, additional investigation is pursued to determine if fraud penalties should be imposed. 2021-036 ? Improve Controls over Employer-Filed Claims Effective December 6, 2021, the EFC process was revised to require individuals (employees) to complete an EFC profile to include a real-time identity verification before payments can be made. Employers are responsible for submitting the request for the payment to certify to the individual?s employment status but the individuals must certify their identity and personal information for the claim to be processed. Employees are notified when a claim is filed on their behalf and provided instructions for their portion of completing the EFC process. The MyUI dashboard provides all the EFC correspondence sent to the individual as well as a status of the profile set up and identify verification. Summary We are currently seeking funding to modernize our UI benefits system which will incorporate and improve the controls cited. GDOL will develop and implement procedures to ensure the status of each prior audit finding is reported in an accurate manner. GDOL will ensure staff responsible for submitting the status of prior period audit findings are trained and understand their responsibilities associated with the Summary Schedule of Prior Audit Findings under the Uniform Guidance. Auditor's Concluding Remarks: As noted in the finding details above and given the DOL?s plans to ensure that the status of each prior year finding is reported accurately going forward, it is clear that the information reported by the DOL on the Summary Schedule of Prior Period Findings for the two findings in question is materially misrepresented. Therefore, we reaffirm our finding and will review the status of the finding during our next audit.
2022-030 Strengthen Controls over the Summary Schedule of Prior Audit Findings Compliance Requirement: Other Internal Control Impact: Material Weakness Compliance Impact: Material Noncompliance Federal Awarding Agency: U.S. Department of Labor Pass-Through Entity: None AL Numbers and Titles: 17.225 ? Unemployment Insurance 17.225 ? COVID-19 ? Unemployment Insurance Federal Award Number: UI328881855A13 (Year: 2018), UI325941955A13 (Year: 2019), UI328341960A13 (Year: 2019), UI340532055A13 (Year: 2020), UI341592055A13 (Year: 2020), UI344912060A13 (Year: 2020), UI347102055A13 (Year: 2020), UI356432155A13 (Year: 2021), UI356992155A13 (Year: 2021), UI359392160A13 (Year: 2021) Questioned Costs: None Identified Description: The Georgia Department of Labor materially misrepresented the status of two prior period audit findings as reported on the Summary Schedule of Prior Audit Findings. Background Information: The State Accounting Office (SAO) is responsible for preparing the Summary Schedule of Prior Audit Findings for inclusion in the State of Georgia?s (State) Single Audit report. All prior audit findings that were not shown as being resolved in the State?s prior year Single Audit report are reflected within the current year Summary Schedule of Prior Audit Findings. The SAO requires each State agency to submit information associated with their individual prior audit findings, including the status and response. This information is, then, compiled to create the State?s final Summary Schedule of Prior Audit Findings each year. Criteria: As a recipient of federal awards, the Georgia Department of Labor (DOL) is required to establish and maintain effective internal control over federal awards that provides reasonable assurance of managing the federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards pursuant to Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), Section 200.303 ? Internal Controls. Provisions reflected within the Uniform Guidance, Section 200.511 ? Audit Findings Follow-Up state that ?The auditee is responsible for follow-up and corrective action on all audit findings. As part of this responsibility the auditee must prepare a summary schedule of prior audit findings? That summary schedule of prior audit findings must report the status of all audit findings included in the prior audit?s schedule of findings and questioned costs? When audit findings were not corrected or were only partially corrected, the summary schedule must describe the reasons for the finding?s recurrence and planned corrective action, and any partial corrective action taken?? Additionally, provisions reflected within the Uniform Guidance, Section 200.514 ? Scope of Audit explain the auditor?s responsibilities associated with audit follow-up and state, ?The auditor must follow-up on prior audit findings, perform procedures to assess the reasonableness of the summary schedule of prior audit findings prepared by the auditee? and report, as a current year audit finding, when the auditor concludes that the summary schedule of prior audit findings materiality misrepresents the status of any prior audit finding.? Condition: Management of the DOL indicated on the Summary Schedule of Prior Audit Findings for the year ended June 30, 2022 that the following prior audit findings had been fully corrected: ? 2020-036 ? Improve Controls over Eligibility Determinations ? 2021-036 ? Improve Controls over Employer-Filed Claims However, in performing follow-up and current period audit procedures associated with the Unemployment Insurance program, it was determined that these audit findings were unresolved and would be repeated in the current period as planned corrective actions had not been adequately implemented and current period deficiencies and/or questioned costs were identified. Cause: The DOL management believed that the prior period audit findings were resolved as the U.S. Department of Labor review of these audit findings was closed; however, given that repeat, current period audit findings were issued, these prior period audit findings were clearly unresolved. Effect: The Summary Schedule of Prior Audit Findings reflects the material misrepresentation of the status of two prior audit findings, and therefore, the DOL is not in compliance with provisions reflected within the Uniform Guidance. Additionally, incorrect information regarding the status of these audit findings will be reported to the U.S. Department of Labor through the Federal Audit Clearinghouse. Recommendation: The DOL management should develop and implement procedures to ensure that the status of each prior audit finding is reported in an accurate manner. In addition, the DOL should ensure that staff responsible for submitting the status of prior period audit findings are trained and understand their responsibilities associated with the Summary Schedule of Prior Audit Findings under the Uniform Guidance. Views of Responsible Officials: We do not concur with this finding. GDOL Response: As Georgia progressed towards addressing and pursuing efforts to resolve outstanding CARES Act matters, impediments such as limited workforce and system restrictions hindered progress. Such factors, imposed upon the intents to make system changes, corrections and enhancements. We have taken the following corrective actions in an ongoing effort to bring these findings to full resolution: 2020- 036 Improve Controls Over Eligibility Determinations In addition to steadily reviewing and determining eligibility of responses providing proof of PUA employment and wages, a task force has been established to assist with this effort. An ongoing campaign is in progress to onboard additional resources to increase the cadence of addressing these items. Claimants who fail to provide adequate proof are manually reconsidered and overpayments established appropriately. Since this process is manually reviewed by staff rather than by system automation, we anticipate this effort will take approximately 60 weeks to complete. When there are indications of potential fraud, additional investigation is pursued to determine if fraud penalties should be imposed. 2021-036 ? Improve Controls over Employer-Filed Claims Effective December 6, 2021, the EFC process was revised to require individuals (employees) to complete an EFC profile to include a real-time identity verification before payments can be made. Employers are responsible for submitting the request for the payment to certify to the individual?s employment status but the individuals must certify their identity and personal information for the claim to be processed. Employees are notified when a claim is filed on their behalf and provided instructions for their portion of completing the EFC process. The MyUI dashboard provides all the EFC correspondence sent to the individual as well as a status of the profile set up and identify verification. Summary We are currently seeking funding to modernize our UI benefits system which will incorporate and improve the controls cited. GDOL will develop and implement procedures to ensure the status of each prior audit finding is reported in an accurate manner. GDOL will ensure staff responsible for submitting the status of prior period audit findings are trained and understand their responsibilities associated with the Summary Schedule of Prior Audit Findings under the Uniform Guidance. Auditor's Concluding Remarks: As noted in the finding details above and given the DOL?s plans to ensure that the status of each prior year finding is reported accurately going forward, it is clear that the information reported by the DOL on the Summary Schedule of Prior Period Findings for the two findings in question is materially misrepresented. Therefore, we reaffirm our finding and will review the status of the finding during our next audit.
Reference Number: 2022-024 Prior Year Finding: No Federal Agency: U.S. Department of Labor U.S. Department of Education State Agency: Department of Labor Agency of Education Department of Finance and Management Federal Program: Unemployment Insurance Title I Grants to Local Educational Agencies Special Education Cluster Assistance Listing Number: 17.225, 84.010, 84.027 and 84.173 Award Number and Year: UI340892055A50 (10/1/2019 ? 12/31/2022) UI356792155A50 (10/1/2020 ? 12/31/2023) UI372542255A50 (10/1/2021 ? 12/31/2024) S010A200045 (7/1/2020 ? 9/30/2021), S01A210045 (7/1/2021-9/30/2022) H027A200098 (7/1/2020 ? 9/30/2021), H173A200106 (7/1/2020 ? 9/30/2021), H027A210098 (7/1/2021 ? 9/30/2022), H173A210106 (7/1/2021 ? 9/30/2022) Compliance Requirement: Cash Management Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: US Department of the Treasury (Treasury) regulations at 31 CFR Part 205 implement the Cash Management Improvement Act of 1990 (CMIA), as amended (Pub. L. No. 101-453; 31 USC 6501 et seq.). Subpart A of those regulations requires state recipients to enter into Treasury-State Agreements that prescribe specific methods of drawing down federal funds (funding techniques) for federal programs listed in the Assistance Listing (Catalog of federal Domestic Assistance) that meet the funding threshold for a major federal assistance program under the CMIA. Treasury-State Agreements also specify the terms and conditions under which an interest liability would be incurred. Programs not covered by a Treasury-State Agreement are subject to procedures prescribed by Treasury in Subpart B of 31 CFR Part 205 (Subpart B), which at 31 CFR section 205.33(a) include the requirement for a state to minimize the time between the drawdown of federal funds and their disbursement for federal program purposes. Per 2 CFR section 200.514(a)(5), if a State fails to request funds timely as set forth in 2 CFR section 205.29, or otherwise fails to apply a funding technique properly, we may deny any resulting Federal interest liability, notwithstanding any other provision of this section. Annual Reports are submitted electronically by December 31 of each year. The Annual Report includes Federal interest liabilities, State interest liabilities, and State direct cost claims. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Labor (Department) and the Agency of Education (Agency) were not in compliance with the funding techniques included in the State? CMIA Treasury-State Agreement. Federal interest liabilities were improperly calculated on the CMIA Annual Report by the Department of Finance and Management (Finance) for Unemployment Insurance, Title I Grants to Local Educational Agencies, and the Special Education Cluster. Context: The following exceptions were noted when testing compliance with Cash Management: Department of Labor ? The Department was not in compliance with the Prior Month Actual funding technique included in the State?s Treasury-State Agreement. The funding technique requires cash draws to occur on a monthly basis, however, the Department performed multiple cash draws during certain months and other cash draws were performed inconsistently with this funding technique. We noted that the Department did not perform cash draws early, therefore, there is no State interest liability for these exceptions. Agency of Education ? The Agency was not in compliance with the funding techniques included in the State?s Treasury-State Agreement for the Title I Grants to Local Educational Agencies program and for the Special Education Cluster. The funding techniques for these programs required cash draws occur on a bi-weekly basis, or 26 times during the fiscal year. Instead, the Agency performed 11 cash draws on a random basis throughout the year. Department of Finance and Management ? Finance is the responsible State agency for submission of the CMIA Annual Report. The interest liability for the Unemployment Insurance program was calculated incorrectly and since the Agency of Education failed to request funds timely in accordance with the Treasury-State Agreement, a federal interest liability should not have been calculated for the Title I Grants to Local Education Agencies program nor for the Special Education Cluster. The following specific federal interest liability calculation errors were noted on the FY 2022 CMIA Annual Report: o $448 for Unemployment Insurance should have been calculated as $120. o $17,067 for Title I Grants to Local Educational Agencies should have been $0. o $12,706 for the Special Education Cluster should have been $0. Cause: The Agency?s and Department?s procedures were not sufficient to ensure that cash draws were performed timely per the terms of the Treasury-State Agreement. Internal controls did not detect or prevent these errors. Finance prepares the CMA Annual Report using data provided by the Agency and the Department. Finance?s CMIA Annual Report procedures were not sufficient to ensure that it calculated federal interest liabilities for these programs only when the State was entitled to this interest. Internal controls did not detect these errors prior to submission of the CMIA Annual Report. Effect: The Cash Management Improvement Act is intended to minimize the time between the transfer of federal funds to States and the payout of those funds for program purposes. When the Agency and Department do not draw down federal funds timely per the funding techniques included in the Treasury-State Agreement, it causes the State to advance its own funds for federal program purposes, negatively impacting the State?s cash flow. Improperly calculating Federal interest liabilities could potentially allow the State to receive interest payments to which it is not entitled per 2 CFR section 200.514. Questioned costs: Federal interest liabilities improperly calculated and included on the Annual Report: ? $328 for Unemployment Insurance, the difference between the $448 claimed and the allowable $120. ? $17,067 for Title I Grants to Local Educational Agencies ? $12,706 for the Special Education Cluster Recommendation: We recommend the Agency and the Department review and enhance their internal controls and procedures over cash management to ensure that cash draws are performed timely and in accordance with the funding techniques included in the State?s Treasury-State Agreement. We further recommend that Finance enhance its procedures and internal controls to ensure that federal interest liabilities are properly calculated in accordance with 2 CFR section 200.514. Views of responsible officials: Management agrees with the finding.
Reference Number: 2022-024 Prior Year Finding: No Federal Agency: U.S. Department of Labor U.S. Department of Education State Agency: Department of Labor Agency of Education Department of Finance and Management Federal Program: Unemployment Insurance Title I Grants to Local Educational Agencies Special Education Cluster Assistance Listing Number: 17.225, 84.010, 84.027 and 84.173 Award Number and Year: UI340892055A50 (10/1/2019 ? 12/31/2022) UI356792155A50 (10/1/2020 ? 12/31/2023) UI372542255A50 (10/1/2021 ? 12/31/2024) S010A200045 (7/1/2020 ? 9/30/2021), S01A210045 (7/1/2021-9/30/2022) H027A200098 (7/1/2020 ? 9/30/2021), H173A200106 (7/1/2020 ? 9/30/2021), H027A210098 (7/1/2021 ? 9/30/2022), H173A210106 (7/1/2021 ? 9/30/2022) Compliance Requirement: Cash Management Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: US Department of the Treasury (Treasury) regulations at 31 CFR Part 205 implement the Cash Management Improvement Act of 1990 (CMIA), as amended (Pub. L. No. 101-453; 31 USC 6501 et seq.). Subpart A of those regulations requires state recipients to enter into Treasury-State Agreements that prescribe specific methods of drawing down federal funds (funding techniques) for federal programs listed in the Assistance Listing (Catalog of federal Domestic Assistance) that meet the funding threshold for a major federal assistance program under the CMIA. Treasury-State Agreements also specify the terms and conditions under which an interest liability would be incurred. Programs not covered by a Treasury-State Agreement are subject to procedures prescribed by Treasury in Subpart B of 31 CFR Part 205 (Subpart B), which at 31 CFR section 205.33(a) include the requirement for a state to minimize the time between the drawdown of federal funds and their disbursement for federal program purposes. Per 2 CFR section 200.514(a)(5), if a State fails to request funds timely as set forth in 2 CFR section 205.29, or otherwise fails to apply a funding technique properly, we may deny any resulting Federal interest liability, notwithstanding any other provision of this section. Annual Reports are submitted electronically by December 31 of each year. The Annual Report includes Federal interest liabilities, State interest liabilities, and State direct cost claims. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Labor (Department) and the Agency of Education (Agency) were not in compliance with the funding techniques included in the State? CMIA Treasury-State Agreement. Federal interest liabilities were improperly calculated on the CMIA Annual Report by the Department of Finance and Management (Finance) for Unemployment Insurance, Title I Grants to Local Educational Agencies, and the Special Education Cluster. Context: The following exceptions were noted when testing compliance with Cash Management: Department of Labor ? The Department was not in compliance with the Prior Month Actual funding technique included in the State?s Treasury-State Agreement. The funding technique requires cash draws to occur on a monthly basis, however, the Department performed multiple cash draws during certain months and other cash draws were performed inconsistently with this funding technique. We noted that the Department did not perform cash draws early, therefore, there is no State interest liability for these exceptions. Agency of Education ? The Agency was not in compliance with the funding techniques included in the State?s Treasury-State Agreement for the Title I Grants to Local Educational Agencies program and for the Special Education Cluster. The funding techniques for these programs required cash draws occur on a bi-weekly basis, or 26 times during the fiscal year. Instead, the Agency performed 11 cash draws on a random basis throughout the year. Department of Finance and Management ? Finance is the responsible State agency for submission of the CMIA Annual Report. The interest liability for the Unemployment Insurance program was calculated incorrectly and since the Agency of Education failed to request funds timely in accordance with the Treasury-State Agreement, a federal interest liability should not have been calculated for the Title I Grants to Local Education Agencies program nor for the Special Education Cluster. The following specific federal interest liability calculation errors were noted on the FY 2022 CMIA Annual Report: o $448 for Unemployment Insurance should have been calculated as $120. o $17,067 for Title I Grants to Local Educational Agencies should have been $0. o $12,706 for the Special Education Cluster should have been $0. Cause: The Agency?s and Department?s procedures were not sufficient to ensure that cash draws were performed timely per the terms of the Treasury-State Agreement. Internal controls did not detect or prevent these errors. Finance prepares the CMA Annual Report using data provided by the Agency and the Department. Finance?s CMIA Annual Report procedures were not sufficient to ensure that it calculated federal interest liabilities for these programs only when the State was entitled to this interest. Internal controls did not detect these errors prior to submission of the CMIA Annual Report. Effect: The Cash Management Improvement Act is intended to minimize the time between the transfer of federal funds to States and the payout of those funds for program purposes. When the Agency and Department do not draw down federal funds timely per the funding techniques included in the Treasury-State Agreement, it causes the State to advance its own funds for federal program purposes, negatively impacting the State?s cash flow. Improperly calculating Federal interest liabilities could potentially allow the State to receive interest payments to which it is not entitled per 2 CFR section 200.514. Questioned costs: Federal interest liabilities improperly calculated and included on the Annual Report: ? $328 for Unemployment Insurance, the difference between the $448 claimed and the allowable $120. ? $17,067 for Title I Grants to Local Educational Agencies ? $12,706 for the Special Education Cluster Recommendation: We recommend the Agency and the Department review and enhance their internal controls and procedures over cash management to ensure that cash draws are performed timely and in accordance with the funding techniques included in the State?s Treasury-State Agreement. We further recommend that Finance enhance its procedures and internal controls to ensure that federal interest liabilities are properly calculated in accordance with 2 CFR section 200.514. Views of responsible officials: Management agrees with the finding.
Reference Number: 2022-024 Prior Year Finding: No Federal Agency: U.S. Department of Labor U.S. Department of Education State Agency: Department of Labor Agency of Education Department of Finance and Management Federal Program: Unemployment Insurance Title I Grants to Local Educational Agencies Special Education Cluster Assistance Listing Number: 17.225, 84.010, 84.027 and 84.173 Award Number and Year: UI340892055A50 (10/1/2019 ? 12/31/2022) UI356792155A50 (10/1/2020 ? 12/31/2023) UI372542255A50 (10/1/2021 ? 12/31/2024) S010A200045 (7/1/2020 ? 9/30/2021), S01A210045 (7/1/2021-9/30/2022) H027A200098 (7/1/2020 ? 9/30/2021), H173A200106 (7/1/2020 ? 9/30/2021), H027A210098 (7/1/2021 ? 9/30/2022), H173A210106 (7/1/2021 ? 9/30/2022) Compliance Requirement: Cash Management Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: US Department of the Treasury (Treasury) regulations at 31 CFR Part 205 implement the Cash Management Improvement Act of 1990 (CMIA), as amended (Pub. L. No. 101-453; 31 USC 6501 et seq.). Subpart A of those regulations requires state recipients to enter into Treasury-State Agreements that prescribe specific methods of drawing down federal funds (funding techniques) for federal programs listed in the Assistance Listing (Catalog of federal Domestic Assistance) that meet the funding threshold for a major federal assistance program under the CMIA. Treasury-State Agreements also specify the terms and conditions under which an interest liability would be incurred. Programs not covered by a Treasury-State Agreement are subject to procedures prescribed by Treasury in Subpart B of 31 CFR Part 205 (Subpart B), which at 31 CFR section 205.33(a) include the requirement for a state to minimize the time between the drawdown of federal funds and their disbursement for federal program purposes. Per 2 CFR section 200.514(a)(5), if a State fails to request funds timely as set forth in 2 CFR section 205.29, or otherwise fails to apply a funding technique properly, we may deny any resulting Federal interest liability, notwithstanding any other provision of this section. Annual Reports are submitted electronically by December 31 of each year. The Annual Report includes Federal interest liabilities, State interest liabilities, and State direct cost claims. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Labor (Department) and the Agency of Education (Agency) were not in compliance with the funding techniques included in the State? CMIA Treasury-State Agreement. Federal interest liabilities were improperly calculated on the CMIA Annual Report by the Department of Finance and Management (Finance) for Unemployment Insurance, Title I Grants to Local Educational Agencies, and the Special Education Cluster. Context: The following exceptions were noted when testing compliance with Cash Management: Department of Labor ? The Department was not in compliance with the Prior Month Actual funding technique included in the State?s Treasury-State Agreement. The funding technique requires cash draws to occur on a monthly basis, however, the Department performed multiple cash draws during certain months and other cash draws were performed inconsistently with this funding technique. We noted that the Department did not perform cash draws early, therefore, there is no State interest liability for these exceptions. Agency of Education ? The Agency was not in compliance with the funding techniques included in the State?s Treasury-State Agreement for the Title I Grants to Local Educational Agencies program and for the Special Education Cluster. The funding techniques for these programs required cash draws occur on a bi-weekly basis, or 26 times during the fiscal year. Instead, the Agency performed 11 cash draws on a random basis throughout the year. Department of Finance and Management ? Finance is the responsible State agency for submission of the CMIA Annual Report. The interest liability for the Unemployment Insurance program was calculated incorrectly and since the Agency of Education failed to request funds timely in accordance with the Treasury-State Agreement, a federal interest liability should not have been calculated for the Title I Grants to Local Education Agencies program nor for the Special Education Cluster. The following specific federal interest liability calculation errors were noted on the FY 2022 CMIA Annual Report: o $448 for Unemployment Insurance should have been calculated as $120. o $17,067 for Title I Grants to Local Educational Agencies should have been $0. o $12,706 for the Special Education Cluster should have been $0. Cause: The Agency?s and Department?s procedures were not sufficient to ensure that cash draws were performed timely per the terms of the Treasury-State Agreement. Internal controls did not detect or prevent these errors. Finance prepares the CMA Annual Report using data provided by the Agency and the Department. Finance?s CMIA Annual Report procedures were not sufficient to ensure that it calculated federal interest liabilities for these programs only when the State was entitled to this interest. Internal controls did not detect these errors prior to submission of the CMIA Annual Report. Effect: The Cash Management Improvement Act is intended to minimize the time between the transfer of federal funds to States and the payout of those funds for program purposes. When the Agency and Department do not draw down federal funds timely per the funding techniques included in the Treasury-State Agreement, it causes the State to advance its own funds for federal program purposes, negatively impacting the State?s cash flow. Improperly calculating Federal interest liabilities could potentially allow the State to receive interest payments to which it is not entitled per 2 CFR section 200.514. Questioned costs: Federal interest liabilities improperly calculated and included on the Annual Report: ? $328 for Unemployment Insurance, the difference between the $448 claimed and the allowable $120. ? $17,067 for Title I Grants to Local Educational Agencies ? $12,706 for the Special Education Cluster Recommendation: We recommend the Agency and the Department review and enhance their internal controls and procedures over cash management to ensure that cash draws are performed timely and in accordance with the funding techniques included in the State?s Treasury-State Agreement. We further recommend that Finance enhance its procedures and internal controls to ensure that federal interest liabilities are properly calculated in accordance with 2 CFR section 200.514. Views of responsible officials: Management agrees with the finding.
Reference Number: 2022-024 Prior Year Finding: No Federal Agency: U.S. Department of Labor U.S. Department of Education State Agency: Department of Labor Agency of Education Department of Finance and Management Federal Program: Unemployment Insurance Title I Grants to Local Educational Agencies Special Education Cluster Assistance Listing Number: 17.225, 84.010, 84.027 and 84.173 Award Number and Year: UI340892055A50 (10/1/2019 ? 12/31/2022) UI356792155A50 (10/1/2020 ? 12/31/2023) UI372542255A50 (10/1/2021 ? 12/31/2024) S010A200045 (7/1/2020 ? 9/30/2021), S01A210045 (7/1/2021-9/30/2022) H027A200098 (7/1/2020 ? 9/30/2021), H173A200106 (7/1/2020 ? 9/30/2021), H027A210098 (7/1/2021 ? 9/30/2022), H173A210106 (7/1/2021 ? 9/30/2022) Compliance Requirement: Cash Management Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: US Department of the Treasury (Treasury) regulations at 31 CFR Part 205 implement the Cash Management Improvement Act of 1990 (CMIA), as amended (Pub. L. No. 101-453; 31 USC 6501 et seq.). Subpart A of those regulations requires state recipients to enter into Treasury-State Agreements that prescribe specific methods of drawing down federal funds (funding techniques) for federal programs listed in the Assistance Listing (Catalog of federal Domestic Assistance) that meet the funding threshold for a major federal assistance program under the CMIA. Treasury-State Agreements also specify the terms and conditions under which an interest liability would be incurred. Programs not covered by a Treasury-State Agreement are subject to procedures prescribed by Treasury in Subpart B of 31 CFR Part 205 (Subpart B), which at 31 CFR section 205.33(a) include the requirement for a state to minimize the time between the drawdown of federal funds and their disbursement for federal program purposes. Per 2 CFR section 200.514(a)(5), if a State fails to request funds timely as set forth in 2 CFR section 205.29, or otherwise fails to apply a funding technique properly, we may deny any resulting Federal interest liability, notwithstanding any other provision of this section. Annual Reports are submitted electronically by December 31 of each year. The Annual Report includes Federal interest liabilities, State interest liabilities, and State direct cost claims. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Labor (Department) and the Agency of Education (Agency) were not in compliance with the funding techniques included in the State? CMIA Treasury-State Agreement. Federal interest liabilities were improperly calculated on the CMIA Annual Report by the Department of Finance and Management (Finance) for Unemployment Insurance, Title I Grants to Local Educational Agencies, and the Special Education Cluster. Context: The following exceptions were noted when testing compliance with Cash Management: Department of Labor ? The Department was not in compliance with the Prior Month Actual funding technique included in the State?s Treasury-State Agreement. The funding technique requires cash draws to occur on a monthly basis, however, the Department performed multiple cash draws during certain months and other cash draws were performed inconsistently with this funding technique. We noted that the Department did not perform cash draws early, therefore, there is no State interest liability for these exceptions. Agency of Education ? The Agency was not in compliance with the funding techniques included in the State?s Treasury-State Agreement for the Title I Grants to Local Educational Agencies program and for the Special Education Cluster. The funding techniques for these programs required cash draws occur on a bi-weekly basis, or 26 times during the fiscal year. Instead, the Agency performed 11 cash draws on a random basis throughout the year. Department of Finance and Management ? Finance is the responsible State agency for submission of the CMIA Annual Report. The interest liability for the Unemployment Insurance program was calculated incorrectly and since the Agency of Education failed to request funds timely in accordance with the Treasury-State Agreement, a federal interest liability should not have been calculated for the Title I Grants to Local Education Agencies program nor for the Special Education Cluster. The following specific federal interest liability calculation errors were noted on the FY 2022 CMIA Annual Report: o $448 for Unemployment Insurance should have been calculated as $120. o $17,067 for Title I Grants to Local Educational Agencies should have been $0. o $12,706 for the Special Education Cluster should have been $0. Cause: The Agency?s and Department?s procedures were not sufficient to ensure that cash draws were performed timely per the terms of the Treasury-State Agreement. Internal controls did not detect or prevent these errors. Finance prepares the CMA Annual Report using data provided by the Agency and the Department. Finance?s CMIA Annual Report procedures were not sufficient to ensure that it calculated federal interest liabilities for these programs only when the State was entitled to this interest. Internal controls did not detect these errors prior to submission of the CMIA Annual Report. Effect: The Cash Management Improvement Act is intended to minimize the time between the transfer of federal funds to States and the payout of those funds for program purposes. When the Agency and Department do not draw down federal funds timely per the funding techniques included in the Treasury-State Agreement, it causes the State to advance its own funds for federal program purposes, negatively impacting the State?s cash flow. Improperly calculating Federal interest liabilities could potentially allow the State to receive interest payments to which it is not entitled per 2 CFR section 200.514. Questioned costs: Federal interest liabilities improperly calculated and included on the Annual Report: ? $328 for Unemployment Insurance, the difference between the $448 claimed and the allowable $120. ? $17,067 for Title I Grants to Local Educational Agencies ? $12,706 for the Special Education Cluster Recommendation: We recommend the Agency and the Department review and enhance their internal controls and procedures over cash management to ensure that cash draws are performed timely and in accordance with the funding techniques included in the State?s Treasury-State Agreement. We further recommend that Finance enhance its procedures and internal controls to ensure that federal interest liabilities are properly calculated in accordance with 2 CFR section 200.514. Views of responsible officials: Management agrees with the finding.
Federal Agency: U.S. Department of Agriculture Federal Program Name: SNAP Employment and Training Program Assistance Listing Number: 10.537 Pass-Through Agency: State of New Mexico Human Services Department Pass-Through Number: 21-630-9000-0054 Type of Finding: Significant Deficiency in Internal Control over Compliance Condition/Context During our testing, for the month of October 2021, the reimbursement request was not submitted timely within 30 days after the last day of the following month as required by the grant agreement. Criteria In accordance with the Compliance Supplement, Part 7 ? Internal Control, 2 CFR Section 200.514(d)(3) requires that nonfederal entities receiving federal awards establish and maintain internal control over the federal awards that provides reasonable assurance that the nonfederal entity is managing the federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards. In accordance with the Governmental services Agreement between the State of New Mexico Human Services Department and HELP-New Mexico, Inc. monthly invoices must be submitted by the contractor no later than the last day of the following month. Cause Clerical oversight due to employee transitions. Effect Noncompliance with the Governmental Services Agreement. Repeat Finding - No Questioned Cost - None Recommendation We recommend that management improve internal control monitoring activities and provide training to staff regarding timely reimbursement requests. View of Responsible Officials There is no disagreement with the audit finding.
Reference Number: 2022-024 Prior Year Finding: No Federal Agency: U.S. Department of Labor U.S. Department of Education State Agency: Department of Labor Agency of Education Department of Finance and Management Federal Program: Unemployment Insurance Title I Grants to Local Educational Agencies Special Education Cluster Assistance Listing Number: 17.225, 84.010, 84.027 and 84.173 Award Number and Year: UI340892055A50 (10/1/2019 ? 12/31/2022) UI356792155A50 (10/1/2020 ? 12/31/2023) UI372542255A50 (10/1/2021 ? 12/31/2024) S010A200045 (7/1/2020 ? 9/30/2021), S01A210045 (7/1/2021-9/30/2022) H027A200098 (7/1/2020 ? 9/30/2021), H173A200106 (7/1/2020 ? 9/30/2021), H027A210098 (7/1/2021 ? 9/30/2022), H173A210106 (7/1/2021 ? 9/30/2022) Compliance Requirement: Cash Management Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: US Department of the Treasury (Treasury) regulations at 31 CFR Part 205 implement the Cash Management Improvement Act of 1990 (CMIA), as amended (Pub. L. No. 101-453; 31 USC 6501 et seq.). Subpart A of those regulations requires state recipients to enter into Treasury-State Agreements that prescribe specific methods of drawing down federal funds (funding techniques) for federal programs listed in the Assistance Listing (Catalog of federal Domestic Assistance) that meet the funding threshold for a major federal assistance program under the CMIA. Treasury-State Agreements also specify the terms and conditions under which an interest liability would be incurred. Programs not covered by a Treasury-State Agreement are subject to procedures prescribed by Treasury in Subpart B of 31 CFR Part 205 (Subpart B), which at 31 CFR section 205.33(a) include the requirement for a state to minimize the time between the drawdown of federal funds and their disbursement for federal program purposes. Per 2 CFR section 200.514(a)(5), if a State fails to request funds timely as set forth in 2 CFR section 205.29, or otherwise fails to apply a funding technique properly, we may deny any resulting Federal interest liability, notwithstanding any other provision of this section. Annual Reports are submitted electronically by December 31 of each year. The Annual Report includes Federal interest liabilities, State interest liabilities, and State direct cost claims. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Labor (Department) and the Agency of Education (Agency) were not in compliance with the funding techniques included in the State? CMIA Treasury-State Agreement. Federal interest liabilities were improperly calculated on the CMIA Annual Report by the Department of Finance and Management (Finance) for Unemployment Insurance, Title I Grants to Local Educational Agencies, and the Special Education Cluster. Context: The following exceptions were noted when testing compliance with Cash Management: Department of Labor ? The Department was not in compliance with the Prior Month Actual funding technique included in the State?s Treasury-State Agreement. The funding technique requires cash draws to occur on a monthly basis, however, the Department performed multiple cash draws during certain months and other cash draws were performed inconsistently with this funding technique. We noted that the Department did not perform cash draws early, therefore, there is no State interest liability for these exceptions. Agency of Education ? The Agency was not in compliance with the funding techniques included in the State?s Treasury-State Agreement for the Title I Grants to Local Educational Agencies program and for the Special Education Cluster. The funding techniques for these programs required cash draws occur on a bi-weekly basis, or 26 times during the fiscal year. Instead, the Agency performed 11 cash draws on a random basis throughout the year. Department of Finance and Management ? Finance is the responsible State agency for submission of the CMIA Annual Report. The interest liability for the Unemployment Insurance program was calculated incorrectly and since the Agency of Education failed to request funds timely in accordance with the Treasury-State Agreement, a federal interest liability should not have been calculated for the Title I Grants to Local Education Agencies program nor for the Special Education Cluster. The following specific federal interest liability calculation errors were noted on the FY 2022 CMIA Annual Report: o $448 for Unemployment Insurance should have been calculated as $120. o $17,067 for Title I Grants to Local Educational Agencies should have been $0. o $12,706 for the Special Education Cluster should have been $0. Cause: The Agency?s and Department?s procedures were not sufficient to ensure that cash draws were performed timely per the terms of the Treasury-State Agreement. Internal controls did not detect or prevent these errors. Finance prepares the CMA Annual Report using data provided by the Agency and the Department. Finance?s CMIA Annual Report procedures were not sufficient to ensure that it calculated federal interest liabilities for these programs only when the State was entitled to this interest. Internal controls did not detect these errors prior to submission of the CMIA Annual Report. Effect: The Cash Management Improvement Act is intended to minimize the time between the transfer of federal funds to States and the payout of those funds for program purposes. When the Agency and Department do not draw down federal funds timely per the funding techniques included in the Treasury-State Agreement, it causes the State to advance its own funds for federal program purposes, negatively impacting the State?s cash flow. Improperly calculating Federal interest liabilities could potentially allow the State to receive interest payments to which it is not entitled per 2 CFR section 200.514. Questioned costs: Federal interest liabilities improperly calculated and included on the Annual Report: ? $328 for Unemployment Insurance, the difference between the $448 claimed and the allowable $120. ? $17,067 for Title I Grants to Local Educational Agencies ? $12,706 for the Special Education Cluster Recommendation: We recommend the Agency and the Department review and enhance their internal controls and procedures over cash management to ensure that cash draws are performed timely and in accordance with the funding techniques included in the State?s Treasury-State Agreement. We further recommend that Finance enhance its procedures and internal controls to ensure that federal interest liabilities are properly calculated in accordance with 2 CFR section 200.514. Views of responsible officials: Management agrees with the finding.
Reference Number: 2022-024 Prior Year Finding: No Federal Agency: U.S. Department of Labor U.S. Department of Education State Agency: Department of Labor Agency of Education Department of Finance and Management Federal Program: Unemployment Insurance Title I Grants to Local Educational Agencies Special Education Cluster Assistance Listing Number: 17.225, 84.010, 84.027 and 84.173 Award Number and Year: UI340892055A50 (10/1/2019 ? 12/31/2022) UI356792155A50 (10/1/2020 ? 12/31/2023) UI372542255A50 (10/1/2021 ? 12/31/2024) S010A200045 (7/1/2020 ? 9/30/2021), S01A210045 (7/1/2021-9/30/2022) H027A200098 (7/1/2020 ? 9/30/2021), H173A200106 (7/1/2020 ? 9/30/2021), H027A210098 (7/1/2021 ? 9/30/2022), H173A210106 (7/1/2021 ? 9/30/2022) Compliance Requirement: Cash Management Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: US Department of the Treasury (Treasury) regulations at 31 CFR Part 205 implement the Cash Management Improvement Act of 1990 (CMIA), as amended (Pub. L. No. 101-453; 31 USC 6501 et seq.). Subpart A of those regulations requires state recipients to enter into Treasury-State Agreements that prescribe specific methods of drawing down federal funds (funding techniques) for federal programs listed in the Assistance Listing (Catalog of federal Domestic Assistance) that meet the funding threshold for a major federal assistance program under the CMIA. Treasury-State Agreements also specify the terms and conditions under which an interest liability would be incurred. Programs not covered by a Treasury-State Agreement are subject to procedures prescribed by Treasury in Subpart B of 31 CFR Part 205 (Subpart B), which at 31 CFR section 205.33(a) include the requirement for a state to minimize the time between the drawdown of federal funds and their disbursement for federal program purposes. Per 2 CFR section 200.514(a)(5), if a State fails to request funds timely as set forth in 2 CFR section 205.29, or otherwise fails to apply a funding technique properly, we may deny any resulting Federal interest liability, notwithstanding any other provision of this section. Annual Reports are submitted electronically by December 31 of each year. The Annual Report includes Federal interest liabilities, State interest liabilities, and State direct cost claims. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework?, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Labor (Department) and the Agency of Education (Agency) were not in compliance with the funding techniques included in the State? CMIA Treasury-State Agreement. Federal interest liabilities were improperly calculated on the CMIA Annual Report by the Department of Finance and Management (Finance) for Unemployment Insurance, Title I Grants to Local Educational Agencies, and the Special Education Cluster. Context: The following exceptions were noted when testing compliance with Cash Management: Department of Labor ? The Department was not in compliance with the Prior Month Actual funding technique included in the State?s Treasury-State Agreement. The funding technique requires cash draws to occur on a monthly basis, however, the Department performed multiple cash draws during certain months and other cash draws were performed inconsistently with this funding technique. We noted that the Department did not perform cash draws early, therefore, there is no State interest liability for these exceptions. Agency of Education ? The Agency was not in compliance with the funding techniques included in the State?s Treasury-State Agreement for the Title I Grants to Local Educational Agencies program and for the Special Education Cluster. The funding techniques for these programs required cash draws occur on a bi-weekly basis, or 26 times during the fiscal year. Instead, the Agency performed 11 cash draws on a random basis throughout the year. Department of Finance and Management ? Finance is the responsible State agency for submission of the CMIA Annual Report. The interest liability for the Unemployment Insurance program was calculated incorrectly and since the Agency of Education failed to request funds timely in accordance with the Treasury-State Agreement, a federal interest liability should not have been calculated for the Title I Grants to Local Education Agencies program nor for the Special Education Cluster. The following specific federal interest liability calculation errors were noted on the FY 2022 CMIA Annual Report: o $448 for Unemployment Insurance should have been calculated as $120. o $17,067 for Title I Grants to Local Educational Agencies should have been $0. o $12,706 for the Special Education Cluster should have been $0. Cause: The Agency?s and Department?s procedures were not sufficient to ensure that cash draws were performed timely per the terms of the Treasury-State Agreement. Internal controls did not detect or prevent these errors. Finance prepares the CMA Annual Report using data provided by the Agency and the Department. Finance?s CMIA Annual Report procedures were not sufficient to ensure that it calculated federal interest liabilities for these programs only when the State was entitled to this interest. Internal controls did not detect these errors prior to submission of the CMIA Annual Report. Effect: The Cash Management Improvement Act is intended to minimize the time between the transfer of federal funds to States and the payout of those funds for program purposes. When the Agency and Department do not draw down federal funds timely per the funding techniques included in the Treasury-State Agreement, it causes the State to advance its own funds for federal program purposes, negatively impacting the State?s cash flow. Improperly calculating Federal interest liabilities could potentially allow the State to receive interest payments to which it is not entitled per 2 CFR section 200.514. Questioned costs: Federal interest liabilities improperly calculated and included on the Annual Report: ? $328 for Unemployment Insurance, the difference between the $448 claimed and the allowable $120. ? $17,067 for Title I Grants to Local Educational Agencies ? $12,706 for the Special Education Cluster Recommendation: We recommend the Agency and the Department review and enhance their internal controls and procedures over cash management to ensure that cash draws are performed timely and in accordance with the funding techniques included in the State?s Treasury-State Agreement. We further recommend that Finance enhance its procedures and internal controls to ensure that federal interest liabilities are properly calculated in accordance with 2 CFR section 200.514. Views of responsible officials: Management agrees with the finding.
Noncompliance and Material Weakness 2 CFR ? 400.1 gives regulatory effect for the U. S. Department of Agriculture to the Office of Management and Budget guidance in subparts A through F of 2 CFR part 200, as supplemented by this part, as USDA policies and procedures for uniform administrative requirements, cost principles, and audit requirement for Federal awards. 2 CFR ? 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain effective internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR ? 200.514(c) requires auditors to obtain an understanding of the non-Federal entity?s internal control over Federal programs sufficient to plan the audit to support a low assessed level of control risk of noncompliance for major programs, and, unless internal control is likely to be ineffective in preventing or detecting noncompliance, plan the testing of internal control over compliance for major programs to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each major program and perform testing of internal control as planned. 7 CFR ? 210.7(c) states, in part, to be entitled to reimbursement under this part, each school food authority shall ensure that the Claims for Reimbursement . . . accurately reflects the number of lunches and meal supplements served to eligible children, and the school food authority shall, at a minimum: (iii) Base Claims for Reimbursement on lunch counts, taken daily at the point of service, which correctly identify the number of free, reduced price and paid lunches served to eligible children; (iv) Correctly record, consolidate and report those lunch and supplement counts on the Claim for Reimbursement; and (v) Ensure that Claims for Reimbursement do not request payment for any excess lunches produced, as prohibited in ? 210.10(a)(2), or non-Program lunches (i.e., a la carte or adult lunches) or for more than one meal supplement per child per day. 7 CFR ? 210.8(c) states the Claim for Reimbursement shall include data in sufficient detail to justify the reimbursement claimed and to enable the State agency to provide the Report of School Program Operations required under ?210.5(d) of this part. Such data shall include, at a minimum, the number of free, reduced price and paid lunches and meal supplements served to eligible children. The claim shall be signed by a school food authority official. Six out of twenty (30%) site claim forms submitted by the District to the Ohio Department of Education were inaccurate, since the District claimed more meals served than what was actually distributed. These errors occurred due to a weakness in internal controls, which failed to ensure site claim forms for reimbursable meals served at each building and submitted by the District to the Ohio Department of Education were entered correctly. Failure to properly report the number of eligible meals resulted in the District receiving unsubstantiated reimbursements totaling $4,823. The District should implement policies and procedures to help ensure that monthly site claim forms for all District buildings are reviewed and submitted to reflect actual counts for reimbursable meals served.
Noncompliance and Material Weakness 2 CFR ? 400.1 gives regulatory effect for the U. S. Department of Agriculture to the Office of Management and Budget guidance in subparts A through F of 2 CFR part 200, as supplemented by this part, as USDA policies and procedures for uniform administrative requirements, cost principles, and audit requirement for Federal awards. 2 CFR ? 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain effective internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR ? 200.514(c) requires auditors to obtain an understanding of the non-Federal entity?s internal control over Federal programs sufficient to plan the audit to support a low assessed level of control risk of noncompliance for major programs, and, unless internal control is likely to be ineffective in preventing or detecting noncompliance, plan the testing of internal control over compliance for major programs to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each major program and perform testing of internal control as planned. 7 CFR ? 210.7(c) states, in part, to be entitled to reimbursement under this part, each school food authority shall ensure that the Claims for Reimbursement . . . accurately reflects the number of lunches and meal supplements served to eligible children, and the school food authority shall, at a minimum: (iii) Base Claims for Reimbursement on lunch counts, taken daily at the point of service, which correctly identify the number of free, reduced price and paid lunches served to eligible children; (iv) Correctly record, consolidate and report those lunch and supplement counts on the Claim for Reimbursement; and (v) Ensure that Claims for Reimbursement do not request payment for any excess lunches produced, as prohibited in ? 210.10(a)(2), or non-Program lunches (i.e., a la carte or adult lunches) or for more than one meal supplement per child per day. 7 CFR ? 210.8(c) states the Claim for Reimbursement shall include data in sufficient detail to justify the reimbursement claimed and to enable the State agency to provide the Report of School Program Operations required under ?210.5(d) of this part. Such data shall include, at a minimum, the number of free, reduced price and paid lunches and meal supplements served to eligible children. The claim shall be signed by a school food authority official. Six out of twenty (30%) site claim forms submitted by the District to the Ohio Department of Education were inaccurate, since the District claimed more meals served than what was actually distributed. These errors occurred due to a weakness in internal controls, which failed to ensure site claim forms for reimbursable meals served at each building and submitted by the District to the Ohio Department of Education were entered correctly. Failure to properly report the number of eligible meals resulted in the District receiving unsubstantiated reimbursements totaling $4,823. The District should implement policies and procedures to help ensure that monthly site claim forms for all District buildings are reviewed and submitted to reflect actual counts for reimbursable meals served.
Noncompliance and Material Weakness 2 CFR ? 400.1 gives regulatory effect for the U. S. Department of Agriculture to the Office of Management and Budget guidance in subparts A through F of 2 CFR part 200, as supplemented by this part, as USDA policies and procedures for uniform administrative requirements, cost principles, and audit requirement for Federal awards. 2 CFR ? 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain effective internal control designed to reasonably ensure compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR ? 200.514(c) requires auditors to obtain an understanding of the non-Federal entity?s internal control over Federal programs sufficient to plan the audit to support a low assessed level of control risk of noncompliance for major programs, and, unless internal control is likely to be ineffective in preventing or detecting noncompliance, plan the testing of internal control over compliance for major programs to support a low assessed level of control risk for the assertions relevant to the compliance requirements for each major program and perform testing of internal control as planned. 7 CFR ? 210.7(c) states, in part, to be entitled to reimbursement under this part, each school food authority shall ensure that the Claims for Reimbursement . . . accurately reflects the number of lunches and meal supplements served to eligible children, and the school food authority shall, at a minimum: (iii) Base Claims for Reimbursement on lunch counts, taken daily at the point of service, which correctly identify the number of free, reduced price and paid lunches served to eligible children; (iv) Correctly record, consolidate and report those lunch and supplement counts on the Claim for Reimbursement; and (v) Ensure that Claims for Reimbursement do not request payment for any excess lunches produced, as prohibited in ? 210.10(a)(2), or non-Program lunches (i.e., a la carte or adult lunches) or for more than one meal supplement per child per day. 7 CFR ? 210.8(c) states the Claim for Reimbursement shall include data in sufficient detail to justify the reimbursement claimed and to enable the State agency to provide the Report of School Program Operations required under ?210.5(d) of this part. Such data shall include, at a minimum, the number of free, reduced price and paid lunches and meal supplements served to eligible children. The claim shall be signed by a school food authority official. Six out of twenty (30%) site claim forms submitted by the District to the Ohio Department of Education were inaccurate, since the District claimed more meals served than what was actually distributed. These errors occurred due to a weakness in internal controls, which failed to ensure site claim forms for reimbursable meals served at each building and submitted by the District to the Ohio Department of Education were entered correctly. Failure to properly report the number of eligible meals resulted in the District receiving unsubstantiated reimbursements totaling $4,823. The District should implement policies and procedures to help ensure that monthly site claim forms for all District buildings are reviewed and submitted to reflect actual counts for reimbursable meals served.