2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-028 The University of Washington did not establish adequate internal controls to ensure payments to contractors and subrecipients for the Global AIDS program were allowable, properly supported and within the period of performance. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs / Cost Principles Period of Performance Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. To achieve the performance goals of the program, the Seattle headquarters of I-TECH (Seattle HQ) provides funding to subrecipients and contractors. Invoices submitted by contractors directly to Seattle HQ are reviewed and approved for payment by budget managers who have delegated authority from the Principal Investigator. Invoices submitted by subrecipients are reviewed and approved for payment by a Principal Investigator. Principal Investigators are also responsible for monitoring the subrecipient?s technical progress and performance. Seattle HQ also provides funding to country offices operating within the University?s global network. The country offices incur costs associated with furnishing supplies and equipment to address the HIV/AIDS epidemic, as well as staffing resources and acquiring goods and services from contractors to carry out the objectives of the program. Payments made by country offices are approved by Country Directors and Country Representatives as delegated by the University. Under the University?s policies, country offices are reimbursed for locally incurred expenses at least monthly. An invoice, accompanied by a schedule of expenses incurred, is submitted and approved by the Country Director and then by the Director of Finance at Seattle HQ, prior to payment. Country offices also responsible for obtaining and retaining supporting documentation for costs incurred and paid on each project. Monthly, Budget Managers review and approve a Budget Activity Report (BAR) that details the expenses charged to the project for the previous month to ensure accurate posting of already approved expenses. This review is also to determine whether the work performed during the billing period reconciles to costs claimed within the contractor?s invoice so that payment may be authorized. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls to ensure payments to contractors and subrecipients of the Global AIDS program were allowable properly supported and within the period of performance. Payments to country offices We used a statistical sampling method to randomly select and examine 58 out of 1,644 transactions for country offices. Of the 58 payments examined, we identified one payment (1.7 percent) that was not approved by the Country Director and the corresponding Budget Activity Report was not approved by the Director of Finance. Payments to contractors We used a statistical sampling method to randomly select and review 58 out of 3,040 payments to contractors. We found: ? Invoices for three payments (5 percent) were not approved by a Budget Manager ? Monthly Budget Activity Reports were not approved for 12 payments (20 percent) Subrecipient reimbursements We used a statistical sampling method to randomly select and review 55 out of 438 payments to subrecipients. We found the assigned Budget Manager did not review and approve the monthly Budget Activity Reports for 52 payments (94 percent). We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition Program management did not require supporting documentation for each payment to be forwarded to and reviewed by headquarters personnel prior to payment authorization. Management also did not monitor the submission of invoices and Budget Activity Reports to ensure they were approved by the responsible Budget Manager, as required. Effect of Condition Without establishing adequate internal controls, the University cannot reasonably ensure it is using federal funds for allowable purposes and that expenditures of federal funds are supported by adequate documentation. Recommendations We recommend the University: ? Improve its internal controls to ensure invoices are properly approved by Principal Investigators, as required ? Improve its internal controls to ensure Budget Mangers review and approve monthly Budget Activity Reports before authorizing payments for projects incurring reimbursement requests ? Ensure it retains supporting documentation sufficient to show costs incurred and paid by the program are allowable, and to demonstrate the required managerial reviews have occurred prior to issuing payment University?s Response In response to the findings for the Global Aids Program, we would like to clarify the following: General Clarification: The draft finding inaccurately represents the role of BARS approvals as part of the internal controls to ensure payments to country offices, contractors and subrecipients are allowable, properly supported and within the period of performance. This is not the role of the BARS review process. Compliance, Budget Manager and PI reviews are the controls that ensure allowability of payments and BARS approvals are after-the-fact validations of accurate posting of already approved expenditures. We provided edits to the Background section to reflect our process. We request in light of this that the description of condition, cause of condition and recommendation sections of this finding be updated accordingly. Payments to country offices I-TECH country offices are not contractors; the offices are an extension of the University of Washington. Your review identified one of fifty-eight samples (1.7%) did not meet the approval requirements set forth in I-TECH?s standard operating procedure. Based on the error percentage, we disagree with this finding. Payments to contractors Payments to contractors have multiple approvals. Upon receipt, individual invoices are approved by the program/budget manager either by signature or email. Invoices are then sent to the I-TECH Accounts Payable Administrator for input to the University?s procurement system, ARIBA, which requires compliance approval from the Accounts Payable Supervisor or other manager, as well as funding approval from the budget manager prior to payment. Approvals of Budget Activity Reports (BARS) are not approval of individual payments to contractors, they are reviews of the monthly expenses posted to the budget and the program manager?s concurrence that the expenses are as expected. The exceptions noted were payments made to country offices instead of contractors. The support for approvals were provided to the State Auditors on April 26, 2023, prior to the completion of fieldwork. We therefore disagree with this finding. We also request that the finding be adjusted to omit the 20% of missing BARS approvals as this is not related to the contractor payments. Subrecipient reimbursements Each subrecipient invoice is reviewed for reasonableness, allowability and allocability by the contracts manager and approved by both budget managers and principal investigators prior to being processed for payment in ARIBA. PI approvals were provided and verified for each subrecipient selection with no omissions noted by the auditors. Approvals of Budget Activity Reports (BARS) are not approval of individual payments to subrecipients, they are after-the-fact reviews of the monthly expenses posted to the budget, intended as documentation of the program manager?s concurrence that the expenses are posted as expected. We acknowledge the instances detailed in the finding where we were unable to produce related BARS approvals for 52 of the transactions; however, we request that the finding be adjusted as these BARS approvals are not related to subrecipient invoice review and approvals. Our record keeping process for BARS approvals was to save the emails in a folder within our Finance Team mailbox. We learned during this review that emails beyond a certain date are deleted but maintained in the MS360 file. We?ve searched for the missing BARS approvals but have not yet been able to locate them. We have since begun saving the approvals to our server to ensure we have access to the data going forward. Auditor?s Remarks The University?s I-TECH Global Operations Manual stipulates that BARs will be generated, reviewed and approved monthly by the Budget Manager and management team. This information was provided to our Office as part of the University?s overall design of internal controls over payments to contractors, subrecipients and country offices. The University responded to our Office on April 20, 2023 adding that ?BAR review is the University?s key post payment control designed to ensure charges are accurately processed, coded and allowable on the budget charged.? We interpret this response to indicate the BAR review process is a monitoring control, and the University asserted on multiple occasions this is a key internal control, which is why we tested it. On January 5, our Office notified University management in writing that the BAR review process would be tested as a key control over the cost principles and period of performance requirements for Global AIDS expenditures. We received no additional inquiry or concerns from University management regarding this internal control until the draft finding was issued on April 14. We provided the University with a final written summary of our fieldwork in this area on April 6, 2023, after fieldwork had concluded. On April 7, the Finance Director responded to our Office in writing confirming they had no further questions or concerns regarding our testing results. It was not until after the University received this finding that additional documentation supporting expenditures tested during the audit were ultimately given to our Office. The basis for this audit finding is the key internal control failure rate of BAR approvals that exceeds our established materiality threshold of five percent, and constitutes a material weakness in internal control, which under the Uniform Guidance is required to be reported as an audit finding in accordance with 2 CFR 200.516 ? Audit findings. We reaffirm our finding and will follow up on the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 02 ? Acceptance of Sponsored Program Awards and Fiscal Compliance on Sponsored Program Accounts (Budget Numbers), states in part: Responsibilities Principal Investigator ? Supervises expenditure of sponsored program funds and approves sub-recipient invoices (see GIM 8) to assure: o That funds are used only for purposes that directly relate to and benefit the activity supported in the award. o That expenditures are consistent with all special terms, conditions, or limitations that apply to expenditures under the particular grant or contract. o That expenditures do not exceed the total funds authorized for a given period under the grant or contract. GIM 07 ? Sponsored Program Subaward Administration, states in part: Principal Investigator ? Review and approve subaward invoices. GIM 08 ? Subrecipient Monitoring, states in part: Roles & Responsibilities PI / Department Responsibilities Project level monitoring of subrecipient including: o Reviews that expenses are necessary, reasonable, and allocable to the work completed and are aligned with technical progress. o Approve invoices for payment. Subrecipient Monitoring ? Project Level Subrecipient invoices are reviewed and approved in accordance with the requirements of GIM 2 in the manner and frequency stated in the subaward. The University of Washington I-TECH Global Operations Manual (GRef 2.3), Section 2, Finance, Accounting Policy and Procedure Requirements, states in part: In addition to the Fiscal Guidelines set forth in the I-TECH Field Operations Manual, these country specific policies are implemented at I-TECH. 10. Budget Management and Reporting f. Reports that show the variance between the budget plan and the activity for each region and activity code will be generated, reviewed and approved by the budget managers and the Management Team each month.
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-028 The University of Washington did not establish adequate internal controls to ensure payments to contractors and subrecipients for the Global AIDS program were allowable, properly supported and within the period of performance. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs / Cost Principles Period of Performance Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. To achieve the performance goals of the program, the Seattle headquarters of I-TECH (Seattle HQ) provides funding to subrecipients and contractors. Invoices submitted by contractors directly to Seattle HQ are reviewed and approved for payment by budget managers who have delegated authority from the Principal Investigator. Invoices submitted by subrecipients are reviewed and approved for payment by a Principal Investigator. Principal Investigators are also responsible for monitoring the subrecipient?s technical progress and performance. Seattle HQ also provides funding to country offices operating within the University?s global network. The country offices incur costs associated with furnishing supplies and equipment to address the HIV/AIDS epidemic, as well as staffing resources and acquiring goods and services from contractors to carry out the objectives of the program. Payments made by country offices are approved by Country Directors and Country Representatives as delegated by the University. Under the University?s policies, country offices are reimbursed for locally incurred expenses at least monthly. An invoice, accompanied by a schedule of expenses incurred, is submitted and approved by the Country Director and then by the Director of Finance at Seattle HQ, prior to payment. Country offices also responsible for obtaining and retaining supporting documentation for costs incurred and paid on each project. Monthly, Budget Managers review and approve a Budget Activity Report (BAR) that details the expenses charged to the project for the previous month to ensure accurate posting of already approved expenses. This review is also to determine whether the work performed during the billing period reconciles to costs claimed within the contractor?s invoice so that payment may be authorized. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls to ensure payments to contractors and subrecipients of the Global AIDS program were allowable properly supported and within the period of performance. Payments to country offices We used a statistical sampling method to randomly select and examine 58 out of 1,644 transactions for country offices. Of the 58 payments examined, we identified one payment (1.7 percent) that was not approved by the Country Director and the corresponding Budget Activity Report was not approved by the Director of Finance. Payments to contractors We used a statistical sampling method to randomly select and review 58 out of 3,040 payments to contractors. We found: ? Invoices for three payments (5 percent) were not approved by a Budget Manager ? Monthly Budget Activity Reports were not approved for 12 payments (20 percent) Subrecipient reimbursements We used a statistical sampling method to randomly select and review 55 out of 438 payments to subrecipients. We found the assigned Budget Manager did not review and approve the monthly Budget Activity Reports for 52 payments (94 percent). We consider these internal control deficiencies to be a material weakness. This issue was not reported as a finding in the prior audit. Cause of Condition Program management did not require supporting documentation for each payment to be forwarded to and reviewed by headquarters personnel prior to payment authorization. Management also did not monitor the submission of invoices and Budget Activity Reports to ensure they were approved by the responsible Budget Manager, as required. Effect of Condition Without establishing adequate internal controls, the University cannot reasonably ensure it is using federal funds for allowable purposes and that expenditures of federal funds are supported by adequate documentation. Recommendations We recommend the University: ? Improve its internal controls to ensure invoices are properly approved by Principal Investigators, as required ? Improve its internal controls to ensure Budget Mangers review and approve monthly Budget Activity Reports before authorizing payments for projects incurring reimbursement requests ? Ensure it retains supporting documentation sufficient to show costs incurred and paid by the program are allowable, and to demonstrate the required managerial reviews have occurred prior to issuing payment University?s Response In response to the findings for the Global Aids Program, we would like to clarify the following: General Clarification: The draft finding inaccurately represents the role of BARS approvals as part of the internal controls to ensure payments to country offices, contractors and subrecipients are allowable, properly supported and within the period of performance. This is not the role of the BARS review process. Compliance, Budget Manager and PI reviews are the controls that ensure allowability of payments and BARS approvals are after-the-fact validations of accurate posting of already approved expenditures. We provided edits to the Background section to reflect our process. We request in light of this that the description of condition, cause of condition and recommendation sections of this finding be updated accordingly. Payments to country offices I-TECH country offices are not contractors; the offices are an extension of the University of Washington. Your review identified one of fifty-eight samples (1.7%) did not meet the approval requirements set forth in I-TECH?s standard operating procedure. Based on the error percentage, we disagree with this finding. Payments to contractors Payments to contractors have multiple approvals. Upon receipt, individual invoices are approved by the program/budget manager either by signature or email. Invoices are then sent to the I-TECH Accounts Payable Administrator for input to the University?s procurement system, ARIBA, which requires compliance approval from the Accounts Payable Supervisor or other manager, as well as funding approval from the budget manager prior to payment. Approvals of Budget Activity Reports (BARS) are not approval of individual payments to contractors, they are reviews of the monthly expenses posted to the budget and the program manager?s concurrence that the expenses are as expected. The exceptions noted were payments made to country offices instead of contractors. The support for approvals were provided to the State Auditors on April 26, 2023, prior to the completion of fieldwork. We therefore disagree with this finding. We also request that the finding be adjusted to omit the 20% of missing BARS approvals as this is not related to the contractor payments. Subrecipient reimbursements Each subrecipient invoice is reviewed for reasonableness, allowability and allocability by the contracts manager and approved by both budget managers and principal investigators prior to being processed for payment in ARIBA. PI approvals were provided and verified for each subrecipient selection with no omissions noted by the auditors. Approvals of Budget Activity Reports (BARS) are not approval of individual payments to subrecipients, they are after-the-fact reviews of the monthly expenses posted to the budget, intended as documentation of the program manager?s concurrence that the expenses are posted as expected. We acknowledge the instances detailed in the finding where we were unable to produce related BARS approvals for 52 of the transactions; however, we request that the finding be adjusted as these BARS approvals are not related to subrecipient invoice review and approvals. Our record keeping process for BARS approvals was to save the emails in a folder within our Finance Team mailbox. We learned during this review that emails beyond a certain date are deleted but maintained in the MS360 file. We?ve searched for the missing BARS approvals but have not yet been able to locate them. We have since begun saving the approvals to our server to ensure we have access to the data going forward. Auditor?s Remarks The University?s I-TECH Global Operations Manual stipulates that BARs will be generated, reviewed and approved monthly by the Budget Manager and management team. This information was provided to our Office as part of the University?s overall design of internal controls over payments to contractors, subrecipients and country offices. The University responded to our Office on April 20, 2023 adding that ?BAR review is the University?s key post payment control designed to ensure charges are accurately processed, coded and allowable on the budget charged.? We interpret this response to indicate the BAR review process is a monitoring control, and the University asserted on multiple occasions this is a key internal control, which is why we tested it. On January 5, our Office notified University management in writing that the BAR review process would be tested as a key control over the cost principles and period of performance requirements for Global AIDS expenditures. We received no additional inquiry or concerns from University management regarding this internal control until the draft finding was issued on April 14. We provided the University with a final written summary of our fieldwork in this area on April 6, 2023, after fieldwork had concluded. On April 7, the Finance Director responded to our Office in writing confirming they had no further questions or concerns regarding our testing results. It was not until after the University received this finding that additional documentation supporting expenditures tested during the audit were ultimately given to our Office. The basis for this audit finding is the key internal control failure rate of BAR approvals that exceeds our established materiality threshold of five percent, and constitutes a material weakness in internal control, which under the Uniform Guidance is required to be reported as an audit finding in accordance with 2 CFR 200.516 ? Audit findings. We reaffirm our finding and will follow up on the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 02 ? Acceptance of Sponsored Program Awards and Fiscal Compliance on Sponsored Program Accounts (Budget Numbers), states in part: Responsibilities Principal Investigator ? Supervises expenditure of sponsored program funds and approves sub-recipient invoices (see GIM 8) to assure: o That funds are used only for purposes that directly relate to and benefit the activity supported in the award. o That expenditures are consistent with all special terms, conditions, or limitations that apply to expenditures under the particular grant or contract. o That expenditures do not exceed the total funds authorized for a given period under the grant or contract. GIM 07 ? Sponsored Program Subaward Administration, states in part: Principal Investigator ? Review and approve subaward invoices. GIM 08 ? Subrecipient Monitoring, states in part: Roles & Responsibilities PI / Department Responsibilities Project level monitoring of subrecipient including: o Reviews that expenses are necessary, reasonable, and allocable to the work completed and are aligned with technical progress. o Approve invoices for payment. Subrecipient Monitoring ? Project Level Subrecipient invoices are reviewed and approved in accordance with the requirements of GIM 2 in the manner and frequency stated in the subaward. The University of Washington I-TECH Global Operations Manual (GRef 2.3), Section 2, Finance, Accounting Policy and Procedure Requirements, states in part: In addition to the Fiscal Guidelines set forth in the I-TECH Field Operations Manual, these country specific policies are implemented at I-TECH. 10. Budget Management and Reporting f. Reports that show the variance between the budget plan and the activity for each region and activity code will be generated, reviewed and approved by the budget managers and the Management Team each month.
2022-030 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: NU2GGH001430; NU2GGH001968; NU2GGH002038; NU2GGH002116; NU2GGH002242; NUGGH002360; NU2GGH002157; NU2GGH002298; NU2GGH002374 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President?s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University?s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2022, the University spent more than $66 million in federal program funds, about $44 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 21 subrecipients. We found the University did not adequately monitor one subrecipient (14 percent) to ensure it received a required single or program-specific audit. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Staff in the University?s Office of Sponsored Programs (OSP) used a spreadsheet to track subrecipient certifications and responses, and reviewed annual certifications from the subrecipient to monitor its audit status. However, OSP did not correctly interpret the subrecipient?s response and, therefore, did not require it to provide documentation of a single or program-specific audit. Additionally, management did not review the subrecipient?s federal assistance expenditures to detect that it required an audit and, therefore, also failed to adequately follow up to ensure any reported findings were resolved with appropriate corrective action, if required. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: ? Follow policies and procedures to ensure subrecipients receive required single or program-specific audits ? Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations ? Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations ? Issue a written management decision for all applicable audit findings, if necessary University?s Response The University of Washington has established internal controls to carry out a risk assessment per Uniform Guidance, 2 CFR ? 200.332, Requirements for pass-through entities, and our UW Grants Information Memorandum (GIM) 8. This involves using various factors to assess risk. Part of our process to obtain the information needed from each subrecipient is through a certification process. The certification was obtained from the subrecipient, along with additional documentation from the subrecipient, such as an audited financial statement. We made a risk assessment using our standard risk criteria. We did misinterpret the response provided from the subrecipient regarding whether it expended $750,000 or more in federal awards during a fiscal year in order to obtain a single or program-specific audit from this subrecipient. While this was not obtained and reviewed, a risk assessment using our standard criteria was performed with the subrecipient rated as a medium risk, and subject to monitoring throughout the project, per GIM 8. The monitoring at the program level occurred during the period in question. We will be improving our required communications with subrecipients to have clear questions and responses regarding whether the subrecipient expended $750,000 or more in federal awards during the fiscal year in order to obtain a single or program-specific audit, follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations, and issue a written management decision for all applicable audit findings, if necessary. Auditor?s Remarks We thank the University for its cooperation and assistance during the audit. Whether the University performed a risk assessment for the subrecipient is not being questioned. The University did not adequately monitor the subrecipient to ensure it detected whether the subrecipient was required to receive a single audit, or program-specific audit in accordance with 2 CFR ?200.332(f). There is no other mechanism for the Federal government to monitor subrecipients of the University and, because a single audit of the subrecipient was not performed, neither the federal grantor nor the University had reasonable assurance of the subrecipient?s compliance with federal award requirements. We reaffirm our finding and will follow up on the status of the University?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c). The University of Washington?s Policies, Procedures and Guidance (UW Research), GIM 8 ? Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients? risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW?s subrecipient monitoring requirements are comprised, at a minimum, of the following: ? Completion of the UW?s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring ? Entity Level Entity level monitoring consists of a combination of the following: ? Initial Subrecipient Certification Form completion and assurance by subrecipient?s authorized official ? Annual audit assurance through an annual audit certification form ? Maintenance of a subrecipient profile list, which includes information on the entity?s past audit information and certifications ? Risk assessment carried out at each annual renewal of a subaward
2022-031 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program. Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements 93.268 COVID-19 Immunization Cooperative Agreements Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 5 NH23IP922619-03-00; 6 NH23IP922619-03-01; 6 NH23IP922619-03-02; 6 NH23IP922619-02-01; 6 NH23IP922619-02-02; 6 NH23IP922619-02-03; 6 NH23IP922619-02-04; 6 NH23IP922619-02-06 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs / Cost Principles Period of Performance Known Questioned Cost Amount: $4,287,159 Background The Department of Health administers the Immunization Cooperative Agreements program, which aims to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for underimmunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2022, the Department spent more than $44.2 million in federal program funds, about $14.2 million of which it disbursed to subrecipients. The Department also received more than $94.5 million in non-cash assistance from the federal grantor in the form of vaccines. To help carry out the program?s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs. Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories: ? Salaries and benefits ? Equipment ($5,000 or more) ? Materials, supplies, and other ? Travel (in-state and out-of-state) ? Contracts and sub-subrecipients ? Administrative/indirect costs The Department?s Fiscal Monitoring Unit (FMU) also conducts fiscal reviews of each subrecipient to review source documentation to ensure payments are for allowable activities and within the period of performance. During the audit period, subrecipients submitted invoices to the Department?s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles, and were within the program?s period of performance. Department program staff used the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance, and included required supporting documentation. However, program staff did not document their review or approval, so we were unable to determine if the proper reviews occurred. During the audit period, the FMU conducted a fiscal monitoring review for four subrecipients that received program funds. We reviewed the fiscal monitoring activity for all four subrecipients and determined none of the four reviews included a detailed transaction review of program payments to ensure they had adequate supporting documentation. We used a statistical sampling method to randomly select and review 55 out of 432 provider payments. Additionally, we judgmentally reviewed two individually significant payments that exceeded $1.2 million each. In total, we examined more than $9.3 million in provider payments as part of the audit. Of the 57 payments examined, we identified 27 payments that did not have the required supporting documentation for the subrecipients? assigned risk level. This included one of the individually significant payments. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department?s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the grant?s period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures. In addition, management had not established guidance for how many transactions a fiscal reviewer needed to review to source documentation in order to have assurance the program funds were spent in accordance with grant requirements. Management also did not ensure transactions selected for review by the FMU represented all subawards issued to the subrecipient. Effect of Condition and Questioned Costs Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward?s terms and conditions. The 27 payments for which the Department did not have required supporting documentation from subrecipients totaled $4,287,159 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $5,503,611. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them ? Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities and within the period of performance prior to payment ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response We appreciate the State Auditor?s Office (SAO) audit of the Immunization Cooperative Agreement. The Department is committed to ensuring our programs comply with federal regulations and understand that it is SAO?s point of view that we did not have adequate controls over provider payments to ensure allowability in meeting cost principles and meeting period of performance. The Department partially agrees with SAO?s findings. The Department does agree and has already taken steps to improve internal controls over ensuring payments to providers contain support in line with our A-19 matrix and risk assessed of our subrecipients. Immunization staff who review invoices have been provided additional training and tracking sheets have been developed which enables staff to record details from backup documentation reviews. This ensures the proper level of review is completed and aligns with the agency?s A-19 documentation matrix. We will also be addressing the control weakness identified with the consolidated contract payment process and documenting our review and approval by program staff to ensure allowability and that funds were spent within the period of performance. It should be noted that the current process over provider payments at the Department of Health has been in place for well over a decade and has been through several annual audits by the State Auditor?s Office and separate federal reviews by our federal funders without issue. The defined process of consolidated contract payments was in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs. We would also note that for the exceptions identified with the Fiscal Monitoring Unit (FMU) visits, for all four reviews the totality of costs charged to Immunizations during the scope of those reviews were for staffing costs. FMU test staffing as a centralized function to determine if appropriate internal controls are being utilized to ensure costs are reasonable, necessary, allowable, and allocable. During review of these agencies, FMU did not find any instances of unallowable salary costs for time keeping samples that were tested. We would respectfully disagree with the number of exceptions and questioned costs identified. While the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments: ? Program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted. ? The immunization program refers to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures. This information is available to all subrecipients. ? FMU provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding. ? Program staff provide technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance as it relates to programmatic processes. As a compensating control, each subrecipient of federal funds receive a monitoring visit from our Fiscal Monitoring Unit (FMU) once every two years. During the course of these visits monitoring staff perform walk-throughs and assessments of the internal controls surrounding the A19 payment process. They select the most recent three A19?s submitted for funding and review all charges to appropriate source documentation to ensure allowability using cost principles as a basis. Auditor?s Remarks Department management has implemented procedures to ensure adequate documentation is reviewed to support reimbursement requests from subrecipients receiving federal funds. Our testing was based on these documentation requirements, but we do not agree that these requirements are higher than the Uniform Guidance requires. We found that payments were made without the required level of support to ensure they were allowable and met cost principles. The Department asserts that the fiscal monitoring performed every two years compensates for the lack of adequate documentation. However, we found the fiscal monitoring transaction level review for payroll and vendor reimbursement requests did not include a review of any Immunization program payments and therefore gave no assurance that grant funds were spent on allowable activities and were adequately supported. We reaffirm our finding and will follow up on the status of the Department?s corrective action during our next audit period. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Washington State Department of Health A-19 Documentation Matrix Approved by FMU 11/30/20 This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category. Expenditure Category Low-Risk Moderate-Risk High-Risk Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked Note: Salaries and benefits must be broken out as separate line items. A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked Note: Salaries and benefits must be broken out as separate line items. A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked AND ? Time Sheets for all staff direct charging to the award Note: Salaries and benefits must be broken out as separate line items. Equipment ($5,000 or more) A-19 and a detailed GL expenditure report that provides vendor name and amount Note: Pre-approval documentation must be provided A-19 and a detailed GL expenditure report that provides vendor name, amount AND ? Item Description Note: Pre-approval documentation must be provided A-19 and a detailed GL expenditure report that provides vendor name, amount, item description AND ? Invoice ? Supporting documentation reflecting authorizing official?s approval. Materials, Supplies, and Other A-19 and a detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and a detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item AND Invoices for transactions over $1,000 Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item AND Invoices for transactions over $200. Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation Travel A-19 and a detailed GL expenditure report that provides: ? Employee name Note: Pre-approval documentation from DOH for any out of state travel must be provided. A-19 and a detailed GL expenditure report that provides: ? Employee name AND ? Travel expense form* ? All itemized receipts * Travel expense form should include employee signature, supervisor approval and purpose. Note: Pre-approval documentation from DOH for any out of state travel must be provided. A-19 and a detailed GL expenditure report that provides: ? Employee name ? Travel expense form* ? All itemized receipts AND Pre-approval required for any flights and overnight stays. *Travel expense form should include employee signature, supervisor approval and purpose. Note: Pre-approval documentation from DOH for any out of state travel must be provided. Contracts and Sub-Subrecipients A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name AND ? Invoices for individual transactions over $1,000.00 A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name AND ? Invoices for individual transactions over $200.00. NOTE: Indirect costs included on A19s must include verification of the following: ? Indirect plan is current and on file with DOH ? Indirect rate is being applied accurately to allowable expenditures ? If the indirect cost rate plan has expired, no indirect costs can be charged
2022-031 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program. Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements 93.268 COVID-19 Immunization Cooperative Agreements Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 5 NH23IP922619-03-00; 6 NH23IP922619-03-01; 6 NH23IP922619-03-02; 6 NH23IP922619-02-01; 6 NH23IP922619-02-02; 6 NH23IP922619-02-03; 6 NH23IP922619-02-04; 6 NH23IP922619-02-06 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs / Cost Principles Period of Performance Known Questioned Cost Amount: $4,287,159 Background The Department of Health administers the Immunization Cooperative Agreements program, which aims to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for underimmunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2022, the Department spent more than $44.2 million in federal program funds, about $14.2 million of which it disbursed to subrecipients. The Department also received more than $94.5 million in non-cash assistance from the federal grantor in the form of vaccines. To help carry out the program?s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs. Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories: ? Salaries and benefits ? Equipment ($5,000 or more) ? Materials, supplies, and other ? Travel (in-state and out-of-state) ? Contracts and sub-subrecipients ? Administrative/indirect costs The Department?s Fiscal Monitoring Unit (FMU) also conducts fiscal reviews of each subrecipient to review source documentation to ensure payments are for allowable activities and within the period of performance. During the audit period, subrecipients submitted invoices to the Department?s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles, and were within the program?s period of performance. Department program staff used the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance, and included required supporting documentation. However, program staff did not document their review or approval, so we were unable to determine if the proper reviews occurred. During the audit period, the FMU conducted a fiscal monitoring review for four subrecipients that received program funds. We reviewed the fiscal monitoring activity for all four subrecipients and determined none of the four reviews included a detailed transaction review of program payments to ensure they had adequate supporting documentation. We used a statistical sampling method to randomly select and review 55 out of 432 provider payments. Additionally, we judgmentally reviewed two individually significant payments that exceeded $1.2 million each. In total, we examined more than $9.3 million in provider payments as part of the audit. Of the 57 payments examined, we identified 27 payments that did not have the required supporting documentation for the subrecipients? assigned risk level. This included one of the individually significant payments. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department?s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the grant?s period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures. In addition, management had not established guidance for how many transactions a fiscal reviewer needed to review to source documentation in order to have assurance the program funds were spent in accordance with grant requirements. Management also did not ensure transactions selected for review by the FMU represented all subawards issued to the subrecipient. Effect of Condition and Questioned Costs Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward?s terms and conditions. The 27 payments for which the Department did not have required supporting documentation from subrecipients totaled $4,287,159 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $5,503,611. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them ? Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities and within the period of performance prior to payment ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response We appreciate the State Auditor?s Office (SAO) audit of the Immunization Cooperative Agreement. The Department is committed to ensuring our programs comply with federal regulations and understand that it is SAO?s point of view that we did not have adequate controls over provider payments to ensure allowability in meeting cost principles and meeting period of performance. The Department partially agrees with SAO?s findings. The Department does agree and has already taken steps to improve internal controls over ensuring payments to providers contain support in line with our A-19 matrix and risk assessed of our subrecipients. Immunization staff who review invoices have been provided additional training and tracking sheets have been developed which enables staff to record details from backup documentation reviews. This ensures the proper level of review is completed and aligns with the agency?s A-19 documentation matrix. We will also be addressing the control weakness identified with the consolidated contract payment process and documenting our review and approval by program staff to ensure allowability and that funds were spent within the period of performance. It should be noted that the current process over provider payments at the Department of Health has been in place for well over a decade and has been through several annual audits by the State Auditor?s Office and separate federal reviews by our federal funders without issue. The defined process of consolidated contract payments was in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs. We would also note that for the exceptions identified with the Fiscal Monitoring Unit (FMU) visits, for all four reviews the totality of costs charged to Immunizations during the scope of those reviews were for staffing costs. FMU test staffing as a centralized function to determine if appropriate internal controls are being utilized to ensure costs are reasonable, necessary, allowable, and allocable. During review of these agencies, FMU did not find any instances of unallowable salary costs for time keeping samples that were tested. We would respectfully disagree with the number of exceptions and questioned costs identified. While the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments: ? Program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted. ? The immunization program refers to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures. This information is available to all subrecipients. ? FMU provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding. ? Program staff provide technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance as it relates to programmatic processes. As a compensating control, each subrecipient of federal funds receive a monitoring visit from our Fiscal Monitoring Unit (FMU) once every two years. During the course of these visits monitoring staff perform walk-throughs and assessments of the internal controls surrounding the A19 payment process. They select the most recent three A19?s submitted for funding and review all charges to appropriate source documentation to ensure allowability using cost principles as a basis. Auditor?s Remarks Department management has implemented procedures to ensure adequate documentation is reviewed to support reimbursement requests from subrecipients receiving federal funds. Our testing was based on these documentation requirements, but we do not agree that these requirements are higher than the Uniform Guidance requires. We found that payments were made without the required level of support to ensure they were allowable and met cost principles. The Department asserts that the fiscal monitoring performed every two years compensates for the lack of adequate documentation. However, we found the fiscal monitoring transaction level review for payroll and vendor reimbursement requests did not include a review of any Immunization program payments and therefore gave no assurance that grant funds were spent on allowable activities and were adequately supported. We reaffirm our finding and will follow up on the status of the Department?s corrective action during our next audit period. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Washington State Department of Health A-19 Documentation Matrix Approved by FMU 11/30/20 This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category. Expenditure Category Low-Risk Moderate-Risk High-Risk Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked Note: Salaries and benefits must be broken out as separate line items. A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked Note: Salaries and benefits must be broken out as separate line items. A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked AND ? Time Sheets for all staff direct charging to the award Note: Salaries and benefits must be broken out as separate line items. Equipment ($5,000 or more) A-19 and a detailed GL expenditure report that provides vendor name and amount Note: Pre-approval documentation must be provided A-19 and a detailed GL expenditure report that provides vendor name, amount AND ? Item Description Note: Pre-approval documentation must be provided A-19 and a detailed GL expenditure report that provides vendor name, amount, item description AND ? Invoice ? Supporting documentation reflecting authorizing official?s approval. Materials, Supplies, and Other A-19 and a detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and a detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item AND Invoices for transactions over $1,000 Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item AND Invoices for transactions over $200. Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation Travel A-19 and a detailed GL expenditure report that provides: ? Employee name Note: Pre-approval documentation from DOH for any out of state travel must be provided. A-19 and a detailed GL expenditure report that provides: ? Employee name AND ? Travel expense form* ? All itemized receipts * Travel expense form should include employee signature, supervisor approval and purpose. Note: Pre-approval documentation from DOH for any out of state travel must be provided. A-19 and a detailed GL expenditure report that provides: ? Employee name ? Travel expense form* ? All itemized receipts AND Pre-approval required for any flights and overnight stays. *Travel expense form should include employee signature, supervisor approval and purpose. Note: Pre-approval documentation from DOH for any out of state travel must be provided. Contracts and Sub-Subrecipients A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name AND ? Invoices for individual transactions over $1,000.00 A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name AND ? Invoices for individual transactions over $200.00. NOTE: Indirect costs included on A19s must include verification of the following: ? Indirect plan is current and on file with DOH ? Indirect rate is being applied accurately to allowable expenditures ? If the indirect cost rate plan has expired, no indirect costs can be charged
2022-031 The Department of Health did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles, and were within the period of performance for the Immunization Cooperative Agreements program. Assistance Listing Number and Title: 93.268 Immunization Cooperative Agreements 93.268 COVID-19 Immunization Cooperative Agreements Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 5 NH23IP922619-03-00; 6 NH23IP922619-03-01; 6 NH23IP922619-03-02; 6 NH23IP922619-02-01; 6 NH23IP922619-02-02; 6 NH23IP922619-02-03; 6 NH23IP922619-02-04; 6 NH23IP922619-02-06 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs / Cost Principles Period of Performance Known Questioned Cost Amount: $4,287,159 Background The Department of Health administers the Immunization Cooperative Agreements program, which aims to reduce and ultimately eliminate vaccine-preventable diseases by increasing and maintaining high immunization coverage. Emphasis is placed on populations at highest risk for underimmunization and disease, including children eligible under the Vaccines for Children program. In fiscal year 2022, the Department spent more than $44.2 million in federal program funds, about $14.2 million of which it disbursed to subrecipients. The Department also received more than $94.5 million in non-cash assistance from the federal grantor in the form of vaccines. To help carry out the program?s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs. Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories: ? Salaries and benefits ? Equipment ($5,000 or more) ? Materials, supplies, and other ? Travel (in-state and out-of-state) ? Contracts and sub-subrecipients ? Administrative/indirect costs The Department?s Fiscal Monitoring Unit (FMU) also conducts fiscal reviews of each subrecipient to review source documentation to ensure payments are for allowable activities and within the period of performance. During the audit period, subrecipients submitted invoices to the Department?s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable and within the period of performance. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable, met cost principles, and were within the program?s period of performance. Department program staff used the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, were within the period of performance, and included required supporting documentation. However, program staff did not document their review or approval, so we were unable to determine if the proper reviews occurred. During the audit period, the FMU conducted a fiscal monitoring review for four subrecipients that received program funds. We reviewed the fiscal monitoring activity for all four subrecipients and determined none of the four reviews included a detailed transaction review of program payments to ensure they had adequate supporting documentation. We used a statistical sampling method to randomly select and review 55 out of 432 provider payments. Additionally, we judgmentally reviewed two individually significant payments that exceeded $1.2 million each. In total, we examined more than $9.3 million in provider payments as part of the audit. Of the 57 payments examined, we identified 27 payments that did not have the required supporting documentation for the subrecipients? assigned risk level. This included one of the individually significant payments. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department?s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable, within the grant?s period of performance, and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures. In addition, management had not established guidance for how many transactions a fiscal reviewer needed to review to source documentation in order to have assurance the program funds were spent in accordance with grant requirements. Management also did not ensure transactions selected for review by the FMU represented all subawards issued to the subrecipient. Effect of Condition and Questioned Costs Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward?s terms and conditions. The 27 payments for which the Department did not have required supporting documentation from subrecipients totaled $4,287,159 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $5,503,611. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them ? Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities and within the period of performance prior to payment ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response We appreciate the State Auditor?s Office (SAO) audit of the Immunization Cooperative Agreement. The Department is committed to ensuring our programs comply with federal regulations and understand that it is SAO?s point of view that we did not have adequate controls over provider payments to ensure allowability in meeting cost principles and meeting period of performance. The Department partially agrees with SAO?s findings. The Department does agree and has already taken steps to improve internal controls over ensuring payments to providers contain support in line with our A-19 matrix and risk assessed of our subrecipients. Immunization staff who review invoices have been provided additional training and tracking sheets have been developed which enables staff to record details from backup documentation reviews. This ensures the proper level of review is completed and aligns with the agency?s A-19 documentation matrix. We will also be addressing the control weakness identified with the consolidated contract payment process and documenting our review and approval by program staff to ensure allowability and that funds were spent within the period of performance. It should be noted that the current process over provider payments at the Department of Health has been in place for well over a decade and has been through several annual audits by the State Auditor?s Office and separate federal reviews by our federal funders without issue. The defined process of consolidated contract payments was in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs. We would also note that for the exceptions identified with the Fiscal Monitoring Unit (FMU) visits, for all four reviews the totality of costs charged to Immunizations during the scope of those reviews were for staffing costs. FMU test staffing as a centralized function to determine if appropriate internal controls are being utilized to ensure costs are reasonable, necessary, allowable, and allocable. During review of these agencies, FMU did not find any instances of unallowable salary costs for time keeping samples that were tested. We would respectfully disagree with the number of exceptions and questioned costs identified. While the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments: ? Program staff maintain detailed budget information for each subrecipient by project area, and as A-19s are submitted, program and accounting staff update budget spreadsheets. When reviewing the support provided by the subrecipient, they ensure amounts submitted by project are reasonable and are in alignment with expectations for the budget period submitted. ? The immunization program refers to the federal Immunization Program Operations Manual (IPOM) to determine allowable costs, purchase, and procurement procedures. This information is available to all subrecipients. ? FMU provides technical assistance and training, not only to program staff, but to the subrecipients while onsite and at the request of the entities receiving funding. ? Program staff provide technical assistance, policies, and training to Immunization subrecipients related to both allowability and compliance as it relates to programmatic processes. As a compensating control, each subrecipient of federal funds receive a monitoring visit from our Fiscal Monitoring Unit (FMU) once every two years. During the course of these visits monitoring staff perform walk-throughs and assessments of the internal controls surrounding the A19 payment process. They select the most recent three A19?s submitted for funding and review all charges to appropriate source documentation to ensure allowability using cost principles as a basis. Auditor?s Remarks Department management has implemented procedures to ensure adequate documentation is reviewed to support reimbursement requests from subrecipients receiving federal funds. Our testing was based on these documentation requirements, but we do not agree that these requirements are higher than the Uniform Guidance requires. We found that payments were made without the required level of support to ensure they were allowable and met cost principles. The Department asserts that the fiscal monitoring performed every two years compensates for the lack of adequate documentation. However, we found the fiscal monitoring transaction level review for payroll and vendor reimbursement requests did not include a review of any Immunization program payments and therefore gave no assurance that grant funds were spent on allowable activities and were adequately supported. We reaffirm our finding and will follow up on the status of the Department?s corrective action during our next audit period. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Washington State Department of Health A-19 Documentation Matrix Approved by FMU 11/30/20 This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category. Expenditure Category Low-Risk Moderate-Risk High-Risk Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked Note: Salaries and benefits must be broken out as separate line items. A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked Note: Salaries and benefits must be broken out as separate line items. A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked AND ? Time Sheets for all staff direct charging to the award Note: Salaries and benefits must be broken out as separate line items. Equipment ($5,000 or more) A-19 and a detailed GL expenditure report that provides vendor name and amount Note: Pre-approval documentation must be provided A-19 and a detailed GL expenditure report that provides vendor name, amount AND ? Item Description Note: Pre-approval documentation must be provided A-19 and a detailed GL expenditure report that provides vendor name, amount, item description AND ? Invoice ? Supporting documentation reflecting authorizing official?s approval. Materials, Supplies, and Other A-19 and a detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and a detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item AND Invoices for transactions over $1,000 Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item AND Invoices for transactions over $200. Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation Travel A-19 and a detailed GL expenditure report that provides: ? Employee name Note: Pre-approval documentation from DOH for any out of state travel must be provided. A-19 and a detailed GL expenditure report that provides: ? Employee name AND ? Travel expense form* ? All itemized receipts * Travel expense form should include employee signature, supervisor approval and purpose. Note: Pre-approval documentation from DOH for any out of state travel must be provided. A-19 and a detailed GL expenditure report that provides: ? Employee name ? Travel expense form* ? All itemized receipts AND Pre-approval required for any flights and overnight stays. *Travel expense form should include employee signature, supervisor approval and purpose. Note: Pre-approval documentation from DOH for any out of state travel must be provided. Contracts and Sub-Subrecipients A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name AND ? Invoices for individual transactions over $1,000.00 A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name AND ? Invoices for individual transactions over $200.00. NOTE: Indirect costs included on A19s must include verification of the following: ? Indirect plan is current and on file with DOH ? Indirect rate is being applied accurately to allowable expenditures ? If the indirect cost rate plan has expired, no indirect costs can be charged
2022-033 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program only used funds for allowable activities and met cost principles. Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases 93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: NU50CK000515-01-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-01-09; NU50CK000515-02-00; NU50CK000515-02-01; NU50CK000515-02-03; NU50CK000515-02-04; NU50CK000515-02-06; NU50CK000515-02-07; NU50CK000515-02-09; NU50CK000515-03-00; NU50CK000515-03-01; NU50CK000515-03-03 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs / Cost Principles Subrecipient Monitoring Known Questioned Cost Amount: $1,644,873 Background The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories? public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects and provides special appropriations in response to infectious disease emergencies. The Department spent almost $330 million in federal grant funds in fiscal year 2022, about $103 million of which it disbursed to subrecipients. To help carry out the program?s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs. Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories: ? Salaries and benefits ? Equipment ($5,000 or more) ? Materials, supplies, and other ? Travel (in-state and out-of-state) ? Contracts and sub-subrecipients ? Administrative/indirect costs The Department?s Fiscal Monitoring Unit (FMU) also conducts fiscal reviews of each subrecipient every two years to review source documentation to ensure payments are for allowable activities. A fiscal reviewer completes a standardized template to document what federal programs and reimbursement payment samples are reviewed. The fiscal reviewer judgmentally determines how many samples to test. During the audit period, subrecipients submitted invoices to the Department?s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and met cost principles. Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, and included required supporting documentation. However, program staff did not document their review or approval to the accounting unit that issues payment, so we were unable to determine if the proper reviews occurred. We used a statistical sampling method to randomly select and review 57 out of 880 provider payments. Additionally, we judgmentally reviewed three individually significant payments that exceeded $5.5 million each. In total, we examined more than $75.4 million in provider payments as part of the audit. Of the 57 randomly selected payments examined, we identified four payments (7 percent) that did not have the required supporting documentation for the subrecipients? assigned risk level. For fiscal monitoring, we used a nonstatistical sampling method to randomly select and examine five out of a total of eight subrecipients that received a review during the audit period. We found that none of the detailed transactions reviewed were noted as being for the ELC program. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department?s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures. In addition, management had not established guidance for how many transactions a fiscal reviewer needed to review to source documentation in order to have assurance the program funds were spent in accordance with grant requirements. Management also decided that all pandemic-related programs would be documented as ?COVID? on the detailed testing section of the standardized template. Therefore, it was not possible to determine if any ELC transactions were reviewed. Effect of Condition and Questioned Costs Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward?s terms and conditions. Allowing staff to select samples without adequate guidance from management does not provide the Department with reasonable assurance that subrecipients spent program funds in accordance with grant requirements and federal regulations. Additionally, because the reviewers do not document which specific pandemic-related federal program is being covered in the transaction-level testing, management cannot perform sufficient oversight to ensure the Department has met federal requirements. The four payments for which the Department did not have required supporting documentation from subrecipients totaled $1,644,873 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $2,905,694. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount (if applicable). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them ? Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities prior to payment ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response We appreciate the State Auditor?s Office (SAO) audit of the Epidemiology and Laboratory Capacity (ELC) for Infectious Diseases program. The Department of Health (DOH) is committed to ensuring our programs comply with federal regulations and would like to thank SAO for their work over the activities allowed and subrecipient monitoring requirements on the audit. The Department partially agrees with the finding. DOH would like to note that during the timeframe of this audit the Department and ELC program was in full COVID pandemic response mode. DOH was the leading agency charged with implementing a statewide response to an unprecedented pandemic. During this audit period, DOH?s ELC Grants, and fiscal teams managed 27 newly awarded ELC grants totaling close to one billion dollars, which included applications, planning, restructuring, and monitoring. There were many emergency declarations that were also in place as well, creating new processes that staff were not familiar with, which created an environment where many of the normal day-to-day operations were pushed to their limits as well as the staff performing them. The COVID pandemic has shown us where we may have gaps in our processes, and we are diligently working to not only fill those gaps but to be better prepared for the next emergency response. The Department does agree and is taking steps to improve internal controls over ensuring payments to providers contain support in line with our A19 matrix and risk assessed of our subrecipients. ELC staff who review invoices will be provided additional training and tracking sheets have been developed which enables staff to record details from backup documentation reviews. This ensures the proper level of review is completed and aligns with the agency?s A-19 documentation matrix. Moving forward we?ve updated our A19 matrix to be more in line with federal guidance and the identified risk levels. The Department partially agrees with SAO?s assessment of a material weakness in internal controls over Subrecipient Monitoring. DOH agrees that the detailed transactions reviewed identified as being for ?COVID? should have been specified to the specific revenue source and will do so in future monitoring visits. However, the Department would disagree that this is a material weakness over the subrecipient monitoring process. While the specific revenue source was not identified in testing allowability, monitoring staff document key control systems such as payroll and disbursements when conducting a fiscal monitoring site visit. When testing, this ensures those controls are operating effectively and provide assurance that amounts reported for reimbursement are allowable and accurate. Thus, not all transactions for that period may be tested. The Department respectfully disagrees with SAO?s assessment of a material weakness in internal controls over the consolidated contract provider payment process to ensure allowability in meeting cost principles with our ELC program. When accounting staff send the A19 consolidated contract invoices to the applicable programs ELC program staff review invoice support for allowability and period of performance and keep a spreadsheet with a breakdown of the total payment requested for ELC. If the payment has no issues or concerns, the total payment is logged in the spreadsheet and staff save the spreadsheet to denote no issues and evidence of review and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup documentation or an error, program ELC staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question. It should be noted that the current process over provider payments at the Department of Health has been in place for well over a decade and has been through several annual audits by the State Auditor?s Office and separate federal reviews by our federal funders without issue. The defined process of consolidated contract payments was in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs. We would also respectfully disagree with the number of exceptions and questioned costs identified. While the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments: ? Detailed ELC budgets were originally submitted by the subrecipient, reviewed and approved by Program staff so that they can ensure costs will be reasonable and are in alignment with expectations for the budget period submitted over time. No payment is made to an entity without that approved budget. ? The ELC program has allowable cost guidance documents that are provided to the subrecipients initially, on their SOWs, and after any changes. ? The ELC program/contract managers meet with subrecipients routinely (monthly or bi-monthly) to monitor progress of the work, resources, capacity, and budget management are discussed as well. ? Program staff provide technical assistance and policies to subrecipients related to both allowability and compliance as it relates to programmatic processes. Auditor?s Remarks Department management has implemented procedures to ensure adequate documentation is reviewed to support reimbursement requests from subrecipients receiving federal funds. Our testing was based on these documentation requirements, but we do not agree that these requirements are higher than the Uniform Guidance requires. We found that payments were made without the required level of support to ensure they were allowable and met cost principles. The Department asserts that the fiscal monitoring performed every two years compensates for the lack of adequate documentation. However, we found the fiscal monitoring transaction level review for payroll and vendor reimbursement requests did not specifically include a review of any ELC payments and therefore gave no assurance that grant funds were spent on allowable activities and were adequately supported. We reaffirm our finding and will follow up on the status of the Department?s corrective action during our next audit period. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Washington State Department of Health A-19 Documentation Matrix Approved by FMU 11/30/20 This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category. Expenditure Category Low-Risk Moderate-Risk High-Risk Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked Note: Salaries and benefits must be broken out as separate line items. A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked Note: Salaries and benefits must be broken out as separate line items. A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked AND ? Time Sheets for all staff direct charging to the award Note: Salaries and benefits must be broken out as separate line items. Equipment ($5,000 or more) A-19 and a detailed GL expenditure report that provides vendor name and amount Note: Pre-approval documentation must be provided A-19 and a detailed GL expenditure report that provides vendor name, amount AND ? Item Description Note: Pre-approval documentation must be provided A-19 and a detailed GL expenditure report that provides vendor name, amount, item description AND ? Invoice ? Supporting documentation reflecting authorizing official?s approval. Materials, Supplies, and Other A-19 and a detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and a detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item AND Invoices for transactions over $1,000 Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item AND Invoices for transactions over $200. Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation Travel A-19 and a detailed GL expenditure report that provides: ? Employee name Note: Pre-approval documentation from DOH for any out of state travel must be provided. A-19 and a detailed GL expenditure report that provides: ? Employee name AND ? Travel expense form* ? All itemized receipts * Travel expense form should include employee signature, supervisor approval and purpose. Note: Pre-approval documentation from DOH for any out of state travel must be provided. A-19 and a detailed GL expenditure report that provides: ? Employee name ? Travel expense form* ? All itemized receipts AND Pre-approval required for any flights and overnight stays. *Travel expense form should include employee signature, supervisor approval and purpose. Note: Pre-approval documentation from DOH for any out of state travel must be provided. Contracts and Sub-Subrecipients A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name AND ? Invoices for individual transactions over $1,000.00 A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name AND ? Invoices for individual transactions over $200.00. NOTE: Indirect costs included on A19s must include verification of the following: ? Indirect plan is current and on file with DOH ? Indirect rate is being applied accurately to allowable expenditures ? If the indirect cost rate plan has expired, no indirect costs can be charged
2022-033 The Department of Health did not have adequate internal controls over and did not comply with fiscal monitoring requirements to ensure subrecipients of the Epidemiology and Laboratory Capacity for Infectious Diseases program only used funds for allowable activities and met cost principles. Assistance Listing Number and Title: 93.323 Epidemiology and Laboratory Capacity for Infectious Diseases 93.323 COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: NU50CK000515-01-00; NU50CK000515-01-06; NU50CK000515-01-07; NU50CK000515-01-08; NU50CK000515-01-09; NU50CK000515-02-00; NU50CK000515-02-01; NU50CK000515-02-03; NU50CK000515-02-04; NU50CK000515-02-06; NU50CK000515-02-07; NU50CK000515-02-09; NU50CK000515-03-00; NU50CK000515-03-01; NU50CK000515-03-03 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs / Cost Principles Subrecipient Monitoring Known Questioned Cost Amount: $1,644,873 Background The Department of Health administers the Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) program. The goal of the program is to support state, local, and territories? public health efforts to reduce morbidity and associated deaths caused by a wide range of infectious disease threats. ELC provides annual funding, strategic direction, and technical assistance to domestic jurisdictions for strengthening core capacities in epidemiology, laboratory, and health information systems activities. In addition to strengthening core infectious disease capacities nationwide, the program also supports several specific infectious disease programs and projects and provides special appropriations in response to infectious disease emergencies. The Department spent almost $330 million in federal grant funds in fiscal year 2022, about $103 million of which it disbursed to subrecipients. To help carry out the program?s objectives, the Department issues consolidated contracts to Local Health Jurisdictions that are classified as subrecipients. A consolidated contract is for one subrecipient that combines funding for multiple federal programs. Subrecipients are awarded federal funds on a reimbursement basis only. The Department assigns each subrecipient a risk level based on standardized criteria, and it maintains a matrix that specifies the documentation that subrecipients at each risk level are required to submit with every reimbursement. There are varying requirements among low, moderate and high-risk subrecipients for each of the following expense categories: ? Salaries and benefits ? Equipment ($5,000 or more) ? Materials, supplies, and other ? Travel (in-state and out-of-state) ? Contracts and sub-subrecipients ? Administrative/indirect costs The Department?s Fiscal Monitoring Unit (FMU) also conducts fiscal reviews of each subrecipient every two years to review source documentation to ensure payments are for allowable activities. A fiscal reviewer completes a standardized template to document what federal programs and reimbursement payment samples are reviewed. The fiscal reviewer judgmentally determines how many samples to test. During the audit period, subrecipients submitted invoices to the Department?s accounting unit where staff, on a weekly basis, compiled a list of all consolidated contract invoices into one email. The emails were sent to Department program staff requesting review to ensure the payment was allowable. The emails consisted of 30 to 50 invoice requests with hundreds of pages of supporting documentation. Each invoice listed in the email would be considered approved if program staff did not respond. To address concerns about an invoice, program staff were required to email the accounting unit within 10 business days to withhold payment until the items in question were resolved. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments to providers were allowable and met cost principles. Department program staff were required to use the documentation matrix when reviewing subrecipient payments to ensure they were for allowable activities, met cost principles, and included required supporting documentation. However, program staff did not document their review or approval to the accounting unit that issues payment, so we were unable to determine if the proper reviews occurred. We used a statistical sampling method to randomly select and review 57 out of 880 provider payments. Additionally, we judgmentally reviewed three individually significant payments that exceeded $5.5 million each. In total, we examined more than $75.4 million in provider payments as part of the audit. Of the 57 randomly selected payments examined, we identified four payments (7 percent) that did not have the required supporting documentation for the subrecipients? assigned risk level. For fiscal monitoring, we used a nonstatistical sampling method to randomly select and examine five out of a total of eight subrecipients that received a review during the audit period. We found that none of the detailed transactions reviewed were noted as being for the ELC program. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Department?s established procedures allowed for paying providers without ensuring program staff reviewed and determined the payment was allowable and adequately supported. Furthermore, program management did not ensure staff followed the existing review procedures. In addition, management had not established guidance for how many transactions a fiscal reviewer needed to review to source documentation in order to have assurance the program funds were spent in accordance with grant requirements. Management also decided that all pandemic-related programs would be documented as ?COVID? on the detailed testing section of the standardized template. Therefore, it was not possible to determine if any ELC transactions were reviewed. Effect of Condition and Questioned Costs Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes. By not ensuring subrecipients submitted required supporting documentation, staff could not adequately verify the reimbursement claims, and the Department could not ensure its subrecipients complied with the subaward?s terms and conditions. Allowing staff to select samples without adequate guidance from management does not provide the Department with reasonable assurance that subrecipients spent program funds in accordance with grant requirements and federal regulations. Additionally, because the reviewers do not document which specific pandemic-related federal program is being covered in the transaction-level testing, management cannot perform sufficient oversight to ensure the Department has met federal requirements. The four payments for which the Department did not have required supporting documentation from subrecipients totaled $1,644,873 in known questioned costs. Based on these results, we estimate that the total amount of likely improper payments using federal funds to be $2,905,694. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount (if applicable). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Improve internal controls to ensure that it obtains adequate supporting documentation from subrecipients before reimbursing them ? Improve internal controls to ensure program staff review and approve expenditures to verify they are for allowable activities prior to payment ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response We appreciate the State Auditor?s Office (SAO) audit of the Epidemiology and Laboratory Capacity (ELC) for Infectious Diseases program. The Department of Health (DOH) is committed to ensuring our programs comply with federal regulations and would like to thank SAO for their work over the activities allowed and subrecipient monitoring requirements on the audit. The Department partially agrees with the finding. DOH would like to note that during the timeframe of this audit the Department and ELC program was in full COVID pandemic response mode. DOH was the leading agency charged with implementing a statewide response to an unprecedented pandemic. During this audit period, DOH?s ELC Grants, and fiscal teams managed 27 newly awarded ELC grants totaling close to one billion dollars, which included applications, planning, restructuring, and monitoring. There were many emergency declarations that were also in place as well, creating new processes that staff were not familiar with, which created an environment where many of the normal day-to-day operations were pushed to their limits as well as the staff performing them. The COVID pandemic has shown us where we may have gaps in our processes, and we are diligently working to not only fill those gaps but to be better prepared for the next emergency response. The Department does agree and is taking steps to improve internal controls over ensuring payments to providers contain support in line with our A19 matrix and risk assessed of our subrecipients. ELC staff who review invoices will be provided additional training and tracking sheets have been developed which enables staff to record details from backup documentation reviews. This ensures the proper level of review is completed and aligns with the agency?s A-19 documentation matrix. Moving forward we?ve updated our A19 matrix to be more in line with federal guidance and the identified risk levels. The Department partially agrees with SAO?s assessment of a material weakness in internal controls over Subrecipient Monitoring. DOH agrees that the detailed transactions reviewed identified as being for ?COVID? should have been specified to the specific revenue source and will do so in future monitoring visits. However, the Department would disagree that this is a material weakness over the subrecipient monitoring process. While the specific revenue source was not identified in testing allowability, monitoring staff document key control systems such as payroll and disbursements when conducting a fiscal monitoring site visit. When testing, this ensures those controls are operating effectively and provide assurance that amounts reported for reimbursement are allowable and accurate. Thus, not all transactions for that period may be tested. The Department respectfully disagrees with SAO?s assessment of a material weakness in internal controls over the consolidated contract provider payment process to ensure allowability in meeting cost principles with our ELC program. When accounting staff send the A19 consolidated contract invoices to the applicable programs ELC program staff review invoice support for allowability and period of performance and keep a spreadsheet with a breakdown of the total payment requested for ELC. If the payment has no issues or concerns, the total payment is logged in the spreadsheet and staff save the spreadsheet to denote no issues and evidence of review and that full payment can be made. If there is a question on allowable cost, period of performance, a need for additional backup documentation or an error, program ELC staff will update spreadsheet with the amounts in question and communicate with the Local Health Jurisdiction, document the correspondence, and contact the accounting consolidated contract payment desk to withhold the specific amount of payment until the issue is resolved. Once resolved staff update the spreadsheet to denote the issue has been resolved and email accounting to release the payment amount in question. It should be noted that the current process over provider payments at the Department of Health has been in place for well over a decade and has been through several annual audits by the State Auditor?s Office and separate federal reviews by our federal funders without issue. The defined process of consolidated contract payments was in response to issues arising with timely payment of funds to our local government partners. The consolidated contracts are an essential tool in providing such funding on a large scale. This process balances many needs in tracking payments, providing documentation to the programs for review as well as allowing for timely distribution of funding to the local health jurisdictions (LHJs) for state and federal programs in order to serve the residents of the State of Washington. It also simplifies the invoicing and payment process as well as reconciliation between DOH and the LHJs. We would also respectfully disagree with the number of exceptions and questioned costs identified. While the level of support did not meet our internal policies, which are held to a higher standard than federal requirements, the level of documentation received from the subrecipient accounting system gave us assurance that the transactions/costs questioned met federal cost principles for allowability and period of performance. This, along with the following additional overall internal monitoring and policy processes support our overall assurance of the allowability of payments: ? Detailed ELC budgets were originally submitted by the subrecipient, reviewed and approved by Program staff so that they can ensure costs will be reasonable and are in alignment with expectations for the budget period submitted over time. No payment is made to an entity without that approved budget. ? The ELC program has allowable cost guidance documents that are provided to the subrecipients initially, on their SOWs, and after any changes. ? The ELC program/contract managers meet with subrecipients routinely (monthly or bi-monthly) to monitor progress of the work, resources, capacity, and budget management are discussed as well. ? Program staff provide technical assistance and policies to subrecipients related to both allowability and compliance as it relates to programmatic processes. Auditor?s Remarks Department management has implemented procedures to ensure adequate documentation is reviewed to support reimbursement requests from subrecipients receiving federal funds. Our testing was based on these documentation requirements, but we do not agree that these requirements are higher than the Uniform Guidance requires. We found that payments were made without the required level of support to ensure they were allowable and met cost principles. The Department asserts that the fiscal monitoring performed every two years compensates for the lack of adequate documentation. However, we found the fiscal monitoring transaction level review for payroll and vendor reimbursement requests did not specifically include a review of any ELC payments and therefore gave no assurance that grant funds were spent on allowable activities and were adequately supported. We reaffirm our finding and will follow up on the status of the Department?s corrective action during our next audit period. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Washington State Department of Health A-19 Documentation Matrix Approved by FMU 11/30/20 This is the backup documentation required based on the determined risk level. Please ensure the detailed GL expenditure report clearly aligns with the A19 form. More supporting documentation may be requested by programs at any time due to programmatic requirements regardless of risk category. Expenditure Category Low-Risk Moderate-Risk High-Risk Salaries and Benefits A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked Note: Salaries and benefits must be broken out as separate line items. A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked Note: Salaries and benefits must be broken out as separate line items. A-19 and a detailed GL expenditure report for all employees who are charged to the grant for the period with the following information: ? Salaries & Wages ? Employee name ? Employee rates of pay ? Hours worked AND ? Time Sheets for all staff direct charging to the award Note: Salaries and benefits must be broken out as separate line items. Equipment ($5,000 or more) A-19 and a detailed GL expenditure report that provides vendor name and amount Note: Pre-approval documentation must be provided A-19 and a detailed GL expenditure report that provides vendor name, amount AND ? Item Description Note: Pre-approval documentation must be provided A-19 and a detailed GL expenditure report that provides vendor name, amount, item description AND ? Invoice ? Supporting documentation reflecting authorizing official?s approval. Materials, Supplies, and Other A-19 and a detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and a detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item AND Invoices for transactions over $1,000 Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation. A-19 and detailed GL expenditure report that provides: ? Vendor Name ? Item description ? Cost of item AND Invoices for transactions over $200. Note: If the entity has a petty cash fund, they must supply 100% of the supporting documentation Travel A-19 and a detailed GL expenditure report that provides: ? Employee name Note: Pre-approval documentation from DOH for any out of state travel must be provided. A-19 and a detailed GL expenditure report that provides: ? Employee name AND ? Travel expense form* ? All itemized receipts * Travel expense form should include employee signature, supervisor approval and purpose. Note: Pre-approval documentation from DOH for any out of state travel must be provided. A-19 and a detailed GL expenditure report that provides: ? Employee name ? Travel expense form* ? All itemized receipts AND Pre-approval required for any flights and overnight stays. *Travel expense form should include employee signature, supervisor approval and purpose. Note: Pre-approval documentation from DOH for any out of state travel must be provided. Contracts and Sub-Subrecipients A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name AND ? Invoices for individual transactions over $1,000.00 A-19 and a detailed GL expenditure report that provides: ? Contractor/ Subrecipient Name AND ? Invoices for individual transactions over $200.00. NOTE: Indirect costs included on A19s must include verification of the following: ? Indirect plan is current and on file with DOH ? Indirect rate is being applied accurately to allowable expenditures ? If the indirect cost rate plan has expired, no indirect costs can be charged
2022-036 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds. Assistance Listing Number and Title: 93.558, Temporary Assistance for Needy Families 93.575, Child Care and Development Block Grant 93.575, COVID-19 Child Care and Development Block Grant 93.596, Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2003WACCDF; 2103WACCDF; 2203WACCDF; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2103WACCDD; 2203WACCDD; 2101WATANF; 2201WATANF Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Eligibility Known Questioned Cost Amount: Temporary Assistance for Needy Families ? $5,689 Child Care and Development Fund ? $5,078 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2022, the Department spent $668.6 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program?s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients? child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment. In fiscal year 2022, the Department spent more than $260.5 million in CCDF and $67.7 million in TANF federal grant funds on child care subsidy payments to providers. Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department. For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must: ? Reside in Washington and be a citizen or legal resident of the United States; ? Be younger than 13 years, or if for verified special needs, be younger than 19 years; ? Reside with a parent(s) or guardian whose countable income does not exceed 200 percent of the federal poverty level at application or 220 percent at reapplication for July, August and September 2021 but in October 2021 changed to 60 percent of the state median income at application or 65 percent of the state median income at reapplication; ? Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services. State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition. Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 85 percent of the state?s median income The Department requires that clients self-report such income changes. A written notice communicates the recipients? reporting requirement and the specific dollar threshold applicable to the household?s annual income. Once the client?s income exceeds this cutoff level, the Department terminates services. The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount. The Department also uses household income to determine the amount families must contribute for their monthly copay to providers. Beginning July 1, 2021, monthly copayments were calculated using an updated schedule described in Washington Administrative Code 110-15-0075. Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the past 10 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013-017 and 2012-30. Description of Condition The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF. During the audit period the Department determined 69,815 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In four instances (6.8 percent), we found the Department made eligibility determinations improperly, did not obtain required documentation, incorrectly assessed copayment, or did not verify information before authorizing services. Specifically, we found: ? Two cases (3.4 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination. ? One case (1.7 percent) where the Department did not follow procedure for verifying employment, which led to an incorrect household income calculation. ? One case (1.7 percent) where the copay was incorrectly assessed, which resulted in an underpayment due to a system error. Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations. Further, the incorrect copay calculation was due to system error. Effect of Condition and Questioned Costs By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible. Of the four client eligibility determinations that had errors, three resulted in $10,767 of federal overpayments to providers. The Department used $5,078 in CCDF grant funds and $5,689 in TANF grant funds for these payments. Because we used a statistical sampling method to randomly select the payments examined in the audit, we estimate the amount of likely improper payments to be $6,008,693 for the CCDF grant and $6,731,953 for the TANF grant. Although we identified known and likely questioned costs, we do not have reasonable assurance that the payments in question are appropriately represented in the Department?s accounting records because of the grant management practice issue reported in findings 2022-035 and 2022-041. Additionally, the payments in question are duplicative of the costs already questioned in the aforementioned provider payment findings. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department improve its internal controls over determining client eligibility to ensure it: ? Reviews eligibility determinations sufficiently to detect improper eligibility determinations ? Reviews sufficient support for clients? income and household composition information for accuracy We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department`s Response The Department appreciates, acknowledges, and supports SAO?s mission, which is to hold state and local government accountable for the use of public resources. Further, we appreciate SAO?s work with us over the past year to strengthen the auditing process. Due to recent changes to CCSP directed by the Legislature, the Department anticipates continued reduction in eligibility determination errors. The Fair Start for Kids Act (FSKA) required the Department to make several changes that expanded eligibility during SFY 2022. The FSKA increased the State Median Income (SMI) threshold, allowing more two parent households to be eligible for child care subsidy. The FSKA also capped copayments to $115 for applicants and $215 for reapplicants, greatly reducing the copay amounts for typical two parent households. These changes are disincentives for fraud as struggling families receive needed benefits and are more likely to provide accurate and complete information. This is supported by the overall reduction in investigation requests submitted to the Office of Fraud and Accountability. In the federal fiscal year prior to the implementation of the FSKA, the Department submitted 1,405 requests for investigations. The year following FSKA implementation requests for investigations fell to 912. The Department continues to explore ways to remove the possibility for improper use of CCDF funds. The Department agrees with the SAO that there is a need to review household composition at application and reapplication to improve reliability of eligibility decisions. The Department accesses data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Eighty-six percent of households receiving child care subsidies are headed by single parents. Supporting these families with child care is essential for their continued participation in work, education, and other social service programs. The Department provides training for eligibility in the specific areas of household composition and income determination and improvements to training are ongoing. The Department recently made changes to the professional development and training process to improve staff skills and accuracy. Staff training is in a continuous improvement cycle and evolves with staff needs and changes in rule. The Department will continue to improve processes and internal controls and create and deliver staff training based on current data trends and patterns. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. Washington Administrative Code (WAC) 110-15-0015 ? Determining family size, states in part: (1) DCYF determines a consumer?s family size as follows: (a) For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer?s children; (b) For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household; (c) Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household; (d) For married parents, DCYF counts both parents and all of their children living in the household; (e) For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005; (f) For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix ?great,? such as a ?great-nephew,? or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children?s income is counted; (g) For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children; (h) For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply; (i) For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply; (j) An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and (k) For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household. (2) When the household consists of the consumer?s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer. WAC 110-15-0065 ? Calculation of income, states in part: DSHS uses a consumer?s countable income when determining income eligibility and copayment. A consumer?s countable income is the sum of all income listed in WAC 110-15-0060 minus any child support paid out through a court order, division of child support administrative order, or tribal government order. (1) To determine a consumer?s income, DSHS either: (a) Calculates an average monthly income by: (i) Determining the number of months, weeks or pay periods it took the consumer?s WCCC household to earn the income; and dividing the income by the same number of months, weeks or pay periods. (ii) If the past wages are no longer reflective of the current income, DSHS may accept the employer?s statement of current, anticipated wages for future income determination. (b) When the consumer begins new employment and has less than three months of wages, DSHS uses the best available estimate of the consumer?s WCCC household?s current income: (i) As verified by the consumer?s employer; or (ii) As provided by the consumer through a verbal or written statement documenting the new employment at the time of application, reapplication or change reporting, and wage verification within sixty days of DSHS request. (2) If a consumer receives a lump sum payment (such as money from the sale of property or back child support payment) in the month of application or during the consumer?s WCCC eligibility: (a) DSHS calculates a monthly amount by dividing the lump sum payment by twelve; (b) DSHS adds the monthly amount to the consumer?s expected average monthly income: (i) For the month it was received; and (ii) For the remaining months of the current eligibility period; and (c) To remain eligible for WCCC the consumer must meet WCCC income guidelines after the lump sum payment is applied. WAC 110-15-0075 ? Determining income eligibility and copayment amounts, states (effective prior to October 1, 2021): (1) DCYF takes the following steps to determine a consumer?s eligibility and copayment, whether care is provided under a WCCC voucher or contract: (a) Determine the consumer?s family size (under WAC 110-15-0015); (b) Determine the consumer?s countable income (under WAC 110-15-0065). (2) DCYF calculates the consumer?s copayment as follows: If a consumer?s income is: Then the consumer?s copayment is: (a) At or below 82% of the federal poverty guidelines (FPG). $15 (b) Above 82% of the FPG up to 137.5% of the FPG. $65 (c) Above 137.5% of the FPG through 200% of the FPG. The dollar amount equal to subtracting 137.5% of the FPG from countable income, multiplying by 50%, then adding $65, up to a maximum of $115. (3) DCYF does not prorate the copayment when a consumer uses care for part of a month. (4) The FPG is updated every year. The WCCC eligibility level is updated at the same time every year to remain current with the FPG. WAC 110-15-0075 ? Determining income eligibility and copayment amounts, states (effective beginning October 1, 2021): (1) DCYF takes the following steps to determine consumers? eligibility and copayments, when care is provided under a WCCC voucher or contract: (a) Determine their family size as described in WAC 110-15-0015; and (b) Determine their countable income as described in WAC 110-15-0065. (2) DCYF calculates consumers? copayments as follows: If the household?s income is: Then the household?s maximum monthly copayment is: At or below 20 percent of the SMI Waived Above 20 percent and at or below 36 percent of the SMI $65 Above 36 percent and at or below 50 percent of the SMI $90 Above 50 percent and at or below 60 percent of the SMI $115 At reapplication, above 60 percent and at or below 65 percent of the SMI $215 (3) DCYF does not prorate copayments when consumers use care for only part of a month. (4) For parents age 21 years or younger who attend high school or are working towards completing a high school equivalency certificate, copayments are not required.
2022-036 The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with client eligibility requirements for child care services paid with the Child Care and Development Fund and Temporary Assistance for Needy Families funds. Assistance Listing Number and Title: 93.558, Temporary Assistance for Needy Families 93.575, Child Care and Development Block Grant 93.575, COVID-19 Child Care and Development Block Grant 93.596, Child Care Mandatory and Matching Funds of the Child Care and Development Fund Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2003WACCDF; 2103WACCDF; 2203WACCDF; 2003WACCC3; 2103WACDC6; 2103WACSC6; 2103WACCC5; 2103WACCDD; 2203WACCDD; 2101WATANF; 2201WATANF Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Eligibility Known Questioned Cost Amount: Temporary Assistance for Needy Families ? $5,689 Child Care and Development Fund ? $5,078 Background The Department of Children, Youth, and Families administers the federal Child Care and Development Fund (CCDF) grant to help eligible working families pay for child care. In fiscal year 2022, the Department spent $668.6 million in CCDF federal funding. The Department of Social and Health Services (DSHS) administers the Temporary Assistance for Needy Families (TANF) grant. To meet one of the program?s primary purposes of helping clients obtain employment, TANF grant funds may be used to pay clients? child care costs. If a client obtains employment and is no longer eligible for the program, TANF funds may still be used to pay child care costs to help the client maintain employment. In fiscal year 2022, the Department spent more than $260.5 million in CCDF and $67.7 million in TANF federal grant funds on child care subsidy payments to providers. Some payments made for child care are paid for by both the CCDF and TANF grants. While the two federal programs are separate, the requirements and policies in Washington for child care payments are consolidated under the Working Connections Child Care program. As of July 1, 2019, the responsibility for making and documenting child care eligibility determinations under the CCDF and TANF grants was transferred from DSHS to the Department. For a family to be eligible for child care assistance, state and federal rules require that at the time of application or reapplication, children must: ? Reside in Washington and be a citizen or legal resident of the United States; ? Be younger than 13 years, or if for verified special needs, be younger than 19 years; ? Reside with a parent(s) or guardian whose countable income does not exceed 200 percent of the federal poverty level at application or 220 percent at reapplication for July, August and September 2021 but in October 2021 changed to 60 percent of the state median income at application or 65 percent of the state median income at reapplication; ? Reside with a parent(s) or guardian who works or attends a job-training or education program, or needs to be receiving protective services. State rules describe the information clients must provide to the Department to verify their eligibility. The information must be accurate, complete, consistent and from a reliable source. This information includes, but is not limited to, employer and hourly wage information, proof of an approved activity under TANF, and family household size and composition. Once determined to be eligible for the program, a client is eligible for one year unless a change in income causes the client to exceed 85 percent of the state?s median income The Department requires that clients self-report such income changes. A written notice communicates the recipients? reporting requirement and the specific dollar threshold applicable to the household?s annual income. Once the client?s income exceeds this cutoff level, the Department terminates services. The Department has access to systems that contain wage and household benefit and composition data for some, but not all, child care recipients. The Department uses this information in part to determine program eligibility, benefit level, including client copayment, and the amount of child care the family is eligible to receive. If an ineligible client receives assistance, the payment made to the child care provider is not allowable and the client must repay the ineligible amount. The Department also uses household income to determine the amount families must contribute for their monthly copay to providers. Beginning July 1, 2021, monthly copayments were calculated using an updated schedule described in Washington Administrative Code 110-15-0075. Federal regulations require the Department to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the past 10 audits, we reported findings related to eligibility for the Working Connections Child Care program. In these prior audits, we reported the Department did not have adequate internal controls over the eligibility process for child care subsidy recipients. These were reported as finding numbers 2021-035, 2020-039, 2019-032, 2018-030, 2017-026, 2016-023, 2015-026, 2014-026, 2013-017 and 2012-30. Description of Condition The Department did not have adequate internal controls over and did not comply with client eligibility requirements for CCDF and TANF. During the audit period the Department determined 69,815 children were eligible for child care. We used a statistical sampling method to randomly select and examine 59 of these determinations. In four instances (6.8 percent), we found the Department made eligibility determinations improperly, did not obtain required documentation, incorrectly assessed copayment, or did not verify information before authorizing services. Specifically, we found: ? Two cases (3.4 percent) where the Department had incorrectly determined household composition and did not obtain sufficient data for all parents in the household to make an accurate eligibility determination. ? One case (1.7 percent) where the Department did not follow procedure for verifying employment, which led to an incorrect household income calculation. ? One case (1.7 percent) where the copay was incorrectly assessed, which resulted in an underpayment due to a system error. Though the Department has established internal controls, they were insufficient for ensuring material compliance with client eligibility requirements. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Department staff made eligibility determinations without obtaining sufficient supporting documentation to ensure households were eligible to receive assistance. This deviated from the standard policies and procedures the Department has established, and management did not monitor sufficiently to ensure staff made proper eligibility determinations. Further, the incorrect copay calculation was due to system error. Effect of Condition and Questioned Costs By not implementing adequate internal controls, the Department is at higher risk of paying providers for child care services when clients are ineligible. Of the four client eligibility determinations that had errors, three resulted in $10,767 of federal overpayments to providers. The Department used $5,078 in CCDF grant funds and $5,689 in TANF grant funds for these payments. Because we used a statistical sampling method to randomly select the payments examined in the audit, we estimate the amount of likely improper payments to be $6,008,693 for the CCDF grant and $6,731,953 for the TANF grant. Although we identified known and likely questioned costs, we do not have reasonable assurance that the payments in question are appropriately represented in the Department?s accounting records because of the grant management practice issue reported in findings 2022-035 and 2022-041. Additionally, the payments in question are duplicative of the costs already questioned in the aforementioned provider payment findings. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department improve its internal controls over determining client eligibility to ensure it: ? Reviews eligibility determinations sufficiently to detect improper eligibility determinations ? Reviews sufficient support for clients? income and household composition information for accuracy We also recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department`s Response The Department appreciates, acknowledges, and supports SAO?s mission, which is to hold state and local government accountable for the use of public resources. Further, we appreciate SAO?s work with us over the past year to strengthen the auditing process. Due to recent changes to CCSP directed by the Legislature, the Department anticipates continued reduction in eligibility determination errors. The Fair Start for Kids Act (FSKA) required the Department to make several changes that expanded eligibility during SFY 2022. The FSKA increased the State Median Income (SMI) threshold, allowing more two parent households to be eligible for child care subsidy. The FSKA also capped copayments to $115 for applicants and $215 for reapplicants, greatly reducing the copay amounts for typical two parent households. These changes are disincentives for fraud as struggling families receive needed benefits and are more likely to provide accurate and complete information. This is supported by the overall reduction in investigation requests submitted to the Office of Fraud and Accountability. In the federal fiscal year prior to the implementation of the FSKA, the Department submitted 1,405 requests for investigations. The year following FSKA implementation requests for investigations fell to 912. The Department continues to explore ways to remove the possibility for improper use of CCDF funds. The Department agrees with the SAO that there is a need to review household composition at application and reapplication to improve reliability of eligibility decisions. The Department accesses data across available state systems to confirm information, including household composition provided by clients. Unfortunately, there is no household composition verification system, and information provided to other state agencies is often provided by client self-attestation. The Department continues to balance verification requirements with providing timely benefit decisions to support family access to high quality child care. Eighty-six percent of households receiving child care subsidies are headed by single parents. Supporting these families with child care is essential for their continued participation in work, education, and other social service programs. The Department provides training for eligibility in the specific areas of household composition and income determination and improvements to training are ongoing. The Department recently made changes to the professional development and training process to improve staff skills and accuracy. Staff training is in a continuous improvement cycle and evolves with staff needs and changes in rule. The Department will continue to improve processes and internal controls and create and deliver staff training based on current data trends and patterns. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. Washington Administrative Code (WAC) 110-15-0015 ? Determining family size, states in part: (1) DCYF determines a consumer?s family size as follows: (a) For a single parent, including a minor parent living independently, DCYF counts the consumer and the consumer?s children; (b) For unmarried parents who have at least one mutual child, DCYF counts both parents and all of their children living in the household; (c) Unmarried parents who have no mutual children are counted as separate WCCC households, the unmarried parents and their respective children living in the household; (d) For married parents, DCYF counts both parents and all of their children living in the household; (e) For parents who are undocumented aliens as defined in WAC 388-424-0001, DCYF counts the parents and children, documented and undocumented, and all other family rules in this section apply. Children needing care must meet citizenship requirements described in WAC 110-15-0005; (f) For a legal guardian verified by a legal or court document, adult sibling or step-sibling, nephew, niece, aunt, uncle, grandparent, any of these relatives with the prefix ?great,? such as a ?great-nephew,? or an in loco parentis custodian who is not related to the child as described in WAC 110-15-0005, DCYF counts only the children and only the children?s income is counted; (g) For a parent who is out of the household because of employer requirements, such as training or military service, and expected to return to the household, DCYF counts the consumer, the absent parent, and the children; (h) For a parent who is voluntarily out of the household for reasons other than requirements of the employer, such as unapproved schooling and visiting family members, and is expected to return to the household, DCYF counts the consumer, the absent parent, and the children. WAC 110-15-0020 and all other family and household rules in this section apply; (i) For a parent who is out of the country and waiting for legal reentry in to the United States, DCYF counts only the consumer and children residing in the United States and all other family and household rules in this section apply; (j) An incarcerated parent is not part of the household count for determining income and eligibility. DCYF counts the remaining household members using all other family rules in this section; and (k) For a parent incarcerated at a Washington state correctional facility whose child lives with them at the facility, DCYF counts the parent and child as their own household. (2) When the household consists of the consumer?s own child and another child identified in subsection (1)(f) of this section, the household may be combined into one household or kept as distinct households for the benefit of the consumer. WAC 110-15-0065 ? Calculation of income, states in part: DSHS uses a consumer?s countable income when determining income eligibility and copayment. A consumer?s countable income is the sum of all income listed in WAC 110-15-0060 minus any child support paid out through a court order, division of child support administrative order, or tribal government order. (1) To determine a consumer?s income, DSHS either: (a) Calculates an average monthly income by: (i) Determining the number of months, weeks or pay periods it took the consumer?s WCCC household to earn the income; and dividing the income by the same number of months, weeks or pay periods. (ii) If the past wages are no longer reflective of the current income, DSHS may accept the employer?s statement of current, anticipated wages for future income determination. (b) When the consumer begins new employment and has less than three months of wages, DSHS uses the best available estimate of the consumer?s WCCC household?s current income: (i) As verified by the consumer?s employer; or (ii) As provided by the consumer through a verbal or written statement documenting the new employment at the time of application, reapplication or change reporting, and wage verification within sixty days of DSHS request. (2) If a consumer receives a lump sum payment (such as money from the sale of property or back child support payment) in the month of application or during the consumer?s WCCC eligibility: (a) DSHS calculates a monthly amount by dividing the lump sum payment by twelve; (b) DSHS adds the monthly amount to the consumer?s expected average monthly income: (i) For the month it was received; and (ii) For the remaining months of the current eligibility period; and (c) To remain eligible for WCCC the consumer must meet WCCC income guidelines after the lump sum payment is applied. WAC 110-15-0075 ? Determining income eligibility and copayment amounts, states (effective prior to October 1, 2021): (1) DCYF takes the following steps to determine a consumer?s eligibility and copayment, whether care is provided under a WCCC voucher or contract: (a) Determine the consumer?s family size (under WAC 110-15-0015); (b) Determine the consumer?s countable income (under WAC 110-15-0065). (2) DCYF calculates the consumer?s copayment as follows: If a consumer?s income is: Then the consumer?s copayment is: (a) At or below 82% of the federal poverty guidelines (FPG). $15 (b) Above 82% of the FPG up to 137.5% of the FPG. $65 (c) Above 137.5% of the FPG through 200% of the FPG. The dollar amount equal to subtracting 137.5% of the FPG from countable income, multiplying by 50%, then adding $65, up to a maximum of $115. (3) DCYF does not prorate the copayment when a consumer uses care for part of a month. (4) The FPG is updated every year. The WCCC eligibility level is updated at the same time every year to remain current with the FPG. WAC 110-15-0075 ? Determining income eligibility and copayment amounts, states (effective beginning October 1, 2021): (1) DCYF takes the following steps to determine consumers? eligibility and copayments, when care is provided under a WCCC voucher or contract: (a) Determine their family size as described in WAC 110-15-0015; and (b) Determine their countable income as described in WAC 110-15-0065. (2) DCYF calculates consumers? copayments as follows: If the household?s income is: Then the household?s maximum monthly copayment is: At or below 20 percent of the SMI Waived Above 20 percent and at or below 36 percent of the SMI $65 Above 36 percent and at or below 50 percent of the SMI $90 Above 50 percent and at or below 60 percent of the SMI $115 At reapplication, above 60 percent and at or below 65 percent of the SMI $215 (3) DCYF does not prorate copayments when consumers use care for only part of a month. (4) For parents age 21 years or younger who attend high school or are working towards completing a high school equivalency certificate, copayments are not required.
2022-040 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to subrecipients of the Low-Income Home Energy Assistance Program. Assistance Listing Number and Title: 93.568, Low-Income Home Energy Assistance Program 93.568, COVID-19 Low-Income Home Energy Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2201WALIEA; 2101WALIEA; 2201WALIEI; 2101WALWC5; 2101WEA5C6; 2102WALWC6 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Department of Commerce (Department) administers the Low-Income Home Energy Assistance Program, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2022, the Department spent more than $102 million in federal program funds, approximately $98 million of which it paid to subrecipients. Federal regulations require the Department to monitor its subrecipients? activities. This includes verifying that subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes on to subrecipients, the Department must follow up and ensure its subrecipients take timely and appropriate corrective action on all deficiencies identified through audits, onsite reviews and other means. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of acceptance of the audit report by Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reasons for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to the program?s subrecipients. The Department had a process in place to monitor that program subrecipients received single audits. However, for the first half of the audit period, it did not have a process in place to issue, communicate and follow up on management decisions to its subrecipients when program findings were issued. During the audit period, the Department had 26 subrecipients that were required to submit a single audit. One subrecipient received a finding for which the Department was required to issue a management decision. We found the Department did not issue a management decision for this subrecipient. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Management did not establish sufficient internal controls or monitoring procedures to ensure the Department issued the required management decisions. The Department also lacks written policies over issuing management decisions to its federal program subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitor them for effectiveness, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Department: ? Establish effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the program ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Department?s Response The Department of Commerce concurs with the finding. The Department hired an Internal Control Officer in November 2021 assigned to complete the required verification of Federal Audit Clearinghouse (FAC) submissions. This process was completed for all recipients who expended $750,000 or more in federal funds passed through the Department. One subrecipients submission selected for testing was verified, however, a formal management decision was not issued. The audit report submitted to the FAC included various errors which included no identification of the pass through entity (the Department of Commerce) as part of the finding and the Schedule of Expenditure of Federal Awards (SEFA) reported the wrong state agency?s acronym. The Department of Corrections was listed, not Commerce as required. The accurate reporting of the pass through entity in the audit report is imperative for Commerce to identify who they are required to issue a management decision for. A comprehensive spreadsheet of the Department?s management decision was maintained, however, the subrecipient selected for testing was omitted. The Department currently has a robust and comprehensive process to identify required reporters, verify their submission to the FAC, document late or non-reporters, and document communication requests for information related to submissions. The Department has also created a method to formally communicate the management decision to our subrecipients who have received Commerce funded audit findings. Our prior process included verbally discussing the finding, corrective action plans and Commerce requests with the subrecipient. Internal controls for the monitoring of federal reporting and issuing of management decisions have been in place since March 2022. Commerce management will continue to monitor the process and implement efficiencies to ensure continued compliance with all respects of the code of federal regulations. We appreciate the State Auditor?s Office thorough review of this process and recommendations. We anticipate all future audits will find the Department has employed strong internal controls supporting compliance with all requirements. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-040 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to subrecipients of the Low-Income Home Energy Assistance Program. Assistance Listing Number and Title: 93.568, Low-Income Home Energy Assistance Program 93.568, COVID-19 Low-Income Home Energy Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2201WALIEA; 2101WALIEA; 2201WALIEI; 2101WALWC5; 2101WEA5C6; 2102WALWC6 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Department of Commerce (Department) administers the Low-Income Home Energy Assistance Program, which provides financial assistance to low-income households to meet their home energy needs. The Department makes subawards to community-based organizations to provide this assistance. In fiscal year 2022, the Department spent more than $102 million in federal program funds, approximately $98 million of which it paid to subrecipients. Federal regulations require the Department to monitor its subrecipients? activities. This includes verifying that subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes on to subrecipients, the Department must follow up and ensure its subrecipients take timely and appropriate corrective action on all deficiencies identified through audits, onsite reviews and other means. When a subrecipient receives an audit finding for a Department-funded program, federal law requires the Department to issue a management decision to the subrecipient within six months of acceptance of the audit report by Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reasons for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to issue management decisions for audit findings to the program?s subrecipients. The Department had a process in place to monitor that program subrecipients received single audits. However, for the first half of the audit period, it did not have a process in place to issue, communicate and follow up on management decisions to its subrecipients when program findings were issued. During the audit period, the Department had 26 subrecipients that were required to submit a single audit. One subrecipient received a finding for which the Department was required to issue a management decision. We found the Department did not issue a management decision for this subrecipient. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Management did not establish sufficient internal controls or monitoring procedures to ensure the Department issued the required management decisions. The Department also lacks written policies over issuing management decisions to its federal program subrecipients. Effect of Condition Without establishing adequate internal controls, the Department cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitor them for effectiveness, the Department cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Department: ? Establish effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the program ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Department?s Response The Department of Commerce concurs with the finding. The Department hired an Internal Control Officer in November 2021 assigned to complete the required verification of Federal Audit Clearinghouse (FAC) submissions. This process was completed for all recipients who expended $750,000 or more in federal funds passed through the Department. One subrecipients submission selected for testing was verified, however, a formal management decision was not issued. The audit report submitted to the FAC included various errors which included no identification of the pass through entity (the Department of Commerce) as part of the finding and the Schedule of Expenditure of Federal Awards (SEFA) reported the wrong state agency?s acronym. The Department of Corrections was listed, not Commerce as required. The accurate reporting of the pass through entity in the audit report is imperative for Commerce to identify who they are required to issue a management decision for. A comprehensive spreadsheet of the Department?s management decision was maintained, however, the subrecipient selected for testing was omitted. The Department currently has a robust and comprehensive process to identify required reporters, verify their submission to the FAC, document late or non-reporters, and document communication requests for information related to submissions. The Department has also created a method to formally communicate the management decision to our subrecipients who have received Commerce funded audit findings. Our prior process included verbally discussing the finding, corrective action plans and Commerce requests with the subrecipient. Internal controls for the monitoring of federal reporting and issuing of management decisions have been in place since March 2022. Commerce management will continue to monitor the process and implement efficiencies to ensure continued compliance with all respects of the code of federal regulations. We appreciate the State Auditor?s Office thorough review of this process and recommendations. We anticipate all future audits will find the Department has employed strong internal controls supporting compliance with all requirements. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance) establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity's fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-053 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure clients were eligible for the Children?s Health Insurance Program. Assistance Listing Number and Title: 93.767 Children?s Health Insurance Program 93.767 COVID-19 Children?s Health Insurance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2005WA5021; 1905WA5021; 2105WA5021; 2205WA5021; Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Eligibility Known Questioned Cost Amount: $3,036,657 Background The Health Care Authority administers the Children?s Health Insurance Program (CHIP). CHIP is a jointly funded state and federal partnership providing insurance coverage for almost 90,000 children and pregnant people in families with incomes too high to qualify for Medicaid. Federal CHIP financing is capped, and each state operates under an allotment. During fiscal year 2022, the Authority spent more than $229 million in state and federal funds to administer CHIP. To determine initial eligibility for CHIP, families must complete an application in the Washington Health Benefit Exchange, known as Washington Healthplanfinder, or through a streamlined paper application. Once families complete their applications, electronic verification sources confirm their income, immigration status and Social Security numbers (SSNs). The Authority automatically reviews applicants? eligibility first for Medicaid and then for CHIP if they are ineligible for Medicaid. Children in low-income families who are ineligible for Medicaid are enrolled in CHIP under the state CHIP plan. Washington has also elected to cover the prenatal period of some low-income pregnant people under the state CHIP plan. CHIP clients must be either U.S. citizens or lawfully present qualified noncitizens, and their eligibility is based on self-attested income in their applications; therefore, clients with verified citizenship and SSNs would be determined eligible if their reported income was between 210 percent and 312 percent of the federal poverty level. Once the Authority determines clients? initial eligibility, their start date is recorded as the first of the month in which their application was submitted, thus allowing for payments prior to approval to be processed after the fact. Children found eligible for medical assistance remain continuously eligible for a full 12 months, regardless of any changes in their household income or third-party liability. Households must report financial and nonfinancial changes, but these will not render them ineligible during the continuous eligibility period. However, if recipients? household income decreases, the Authority can move children to a more favorable program, such as Medicaid, to eliminate the premium payment requirements. Termination during the continuous eligibility period is acceptable only for the following reasons: ? Changes in residency (permanent move out of state) ? Death ? Fraud (unless it is going to prosecution) ? Failure to pay the premium for more than three months ? The child turns 19 years old (remains eligible through the end of their birth month) ? After the end of the month in which the postpartum period ends for pregnant people ? When a client requests to be removed from the program In response to the COVID-19 pandemic, the Centers for Medicare and Medicaid Services (CMS) approved waivers and disaster relief state plan amendments (SPA), effective March 1, 2020, through the end of the public health emergency declaration, allowing flexibilities to ensure the continuity of coverage through the public health emergency. The waivers and SPA allowed the Authority to implement flexibilities, including the following: ? Allow self-attestations for all eligibility requirements, excluding citizenship and immigration status, on a case-by-case basis ? Extend the redetermination timeline for current CHIP enrollees in the state to maintain continuity of coverage as permissible From the start of the pandemic, CMS kept an ongoing Frequently Asked Questions (FAQs) document to aid state Medicaid and CHIP agencies in their response to COVID-19, including guidance on eligibility, benefits and financing regarding the pandemic. This document was finalized on January 6, 2021. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Authority did not have adequate internal controls to ensure clients were eligible for CHIP. The prior finding number was 2021-046. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure clients were eligible for CHIP. We used a statistically valid sampling method to randomly select and examine 59 out of a total population of 93,793 clients who had a federally verified SSN. We also used a statistically valid sampling method to randomly select and examine 59 out of a total population of 10,933 clients who did not have a federally verified SSN. For the sample of clients who had a verified SSN, we identified: ? One instance where the client aged out of services and was not referred to Washington Healthplanfinder to be redetermined eligible for Medicaid during the COVID-19 pandemic, as required. ? One instance where the Authority continued CHIP coverage for a client after the allowable postpartum period. For the sample of clients who did not have a federally verified SSN, we identified: ? Seventeen instances where the Authority continued CHIP coverage for clients after the allowable postpartum period. We also used computer-assisted audit techniques to analyze the entire client population. We found 3,416 clients who were over the age of 19 that were still receiving CHIP services during fiscal year 2022. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition The Authority chose not to remove clients from CHIP even when they aged out of coverage or their postpartum period ended. Effect of Condition and Questioned Costs By not having adequate internal controls, the Authority is at risk of not detecting or preventing ineligible payments of federal CHIP funds on behalf of recipients. We determined the following questioned costs: Audit Area Known Questions Costs (state and federal) Known questioned costs ? Federal portion only Likely improper payments (state and federal) Likely improper payments ? federal portion only Verified SSNs $ 2,117 $ 1,468 $ 3,365,166 $ 2,333,411 Non-Verified SSNs $14,760 $ 10,236 $ 2,735,142 $ 1,896,870 Over 19 years old $ 4,353,425 $ 3,024,953 $ 0 $ 0 Totals $ 4,370,302 $ 3,036,657 $ 6,100,308 $ 4,230,281 Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Authority: ? Implement internal controls to ensure all clients meet CHIP eligibility requirements ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Authority?s Response The Authority does not concur with any of the results cited by the auditor related to CHIP program eligibility. The agency has worked with the Governor?s Office and the Office of Financial Management to continue equity of state funded coverage for all individuals during the public health emergency, including CHIPRA pregnancy coverage. The postpartum period in CHIPRA coverage is state-funded. The State Auditor?s Office did not allow the Authority enough time to obtain the journal vouchers from our accounting partners that show the use of state funds for these expenditures. Regarding the clients receiving CHIP benefits who were aged 19 and over, the agency has pursued, and been notified of approval for, an 1115 disaster waiver from the Centers for Medicare & Medicaid Services. The waiver approves funding for CHIP clients aged 19 and over during the public health emergency and is retroactive to March 18, 2020. Once the approval letter is received by the Authority, the associated federal expenditures identified by the auditor will be valid. The agency was provided very little time and flexibility to respond to the audit results during a time when the agency and its federal counterparts are inundated and backlogged with unwinding the public health emergency. Auditor?s Remarks We provided the Authority with preliminary exceptions on February 27, 2023 and on March 15th, the Authority provided additional information that cleared some of the exceptions. The draft finding was provided to the Authority on April 17, 2023. It was not until April 18th, after audit work was concluded, that the Authority asserted the postpartum exceptions we identified were transferred from federal funding to state funding with journal vouchers. Despite not conveying this information to us timely, we requested copies of the journal vouchers to attempt to confirm the Authority?s assertion. On April 25, 2023, the Authority informed us that staff were not able to pull the journal vouchers and we therefore could not determine whether any of the federally funded payments were subsequently transferred to state funding. For the clients aged 19 and over, there was no formal approval from CMS in place during the audit period or currently. Therefore, we conducted our audit in accordance with codified eligibility rules. We reaffirm our finding and will follow up on the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. Title 42 CFR, Public Health Part 435 Subpart J, Eligibility in the States and District of Columbia, establishes the following applicable requirements: Section 435.926 Continuous eligibility for children, states in part: (b) Eligibility. The agency may provide continuous eligibility for the period specified in paragraph (c) of this section for an individual who is: (1) Under age 19 or under a younger age specified by the agency in its State plan; and (2) Eligible and enrolled for mandatory or optional coverage under the State plan in accordance with subpart B or C of this part. (c) Continuous eligibility period. (1) The agency must specify in the State plan the length of the continuous eligibility period, not to exceed 12 months. (2) A continuous eligibility period begins on the effective date of the individual?s eligibility under ? 435.915 or most recent redetermination or renewal of eligibility under ? 435.916 and ends after the period specified by the agency under paragraph (c)(1) of this section. (d) Applicability. A child?s eligibility may not be terminated during a continuous eligibility period, regardless of any changes in circumstances, unless: (1) The child attains the maximum age specified in accordance with paragraph (b)(1) of this section; (2) The child or child?s representative requests a voluntary termination of eligibility; (3) The child ceases to be a resident of the State; (4) The agency determines that eligibility was erroneously granted at the most recent determination, redetermination or renewal of eligibility because of agency error or fraud, abuse, or perjury attributed to the child or the child?s representative; or (5) The child dies. Title 42 CFR, Public Health, Part 457 establishes the following applicable requirements: Section 457.342 Continuous eligibility for children, states in part: (a) A State may provide continuous eligibility for children under a separate CHIP in accordance with the terms of ? 435.926 of this chapter, and subject to a child remaining ineligible for Medicaid, as required by section 2110(b)(1) of the Act and ? 457.310 (related to the definition and standards for being a targeted low-income child) and the requirements of section 2102(b)(3) of the Act and ? 457.350 (related to eligibility screening and enrollment). Section 457.380 Eligibility verification. (a) General requirements. Except where law requires other procedures (such as for citizenship and immigration status information), the State may accept attestation of information needed to determine the eligibility of an individual for CHIP (either self-attestation by the individual or attestation by an adult who is in the applicant?s household, as defined in ? 435.603(f) of this subchapter, or family, as defined in section 36B(d)(1) of the Internal Revenue Code, an authorized representative, or if the individual is a minor or incapacitated, someone acting responsibly for the individual) without requiring further information (including documentation) from the individual. (b) Status as a citizen, national or a non-citizen. (1) Except for newborns identified in ? 435.406(a)(1)(iii)(E) of this chapter, who are exempt from any requirement to verify citizenship, the agency must ? (i) Verify citizenship or immigration status in accordance with ? 435.956(a) of this chapter, except that the reference to ? 435.945(k) is read as a reference to paragraph (i) of this section; and (ii) Provide a reasonable opportunity period to verify such status in accordance with ? 435.956(a)(5) and (b) of this chapter and provide benefits during such reasonable opportunity period to individuals determined to be otherwise eligible for CHIP. (2) [Reserved] (c) State residents. If the State does not accept self-attestation of residency, the State must verify residency in accordance with ? 435.956(c) of this chapter. (d) Income. If the State does not accept self-attestation of income, the State must verify the income of an individual by using the data sources and following standards and procedures for verification of financial eligibility consistent with ? 435.945(a), ? 435.948 and ? 435.952 of this chapter. (e) Verification of other factors of eligibility. For eligibility requirements not described in paragraphs (c) or (d) of this section, a State may adopt reasonable verification procedures, consistent with the requirements in ? 435.952 of this chapter, except that the State must accept self-attestation of pregnancy unless the State has information that is not reasonably compatible with such attestation. (f) Requesting information. The terms of ? 435.952 of this chapter apply equally to the State in administering a separate CHIP. (g) Electronic service. Except to the extent permitted under paragraph (i) of this section, to the extent that information sought under this section is available through the electronic service described in ? 435.949 of this chapter, the State must obtain the information through that service. (h) Interaction with program integrity requirements. Nothing in this section should be construed as limiting the State?s program integrity measures or affecting the State's obligation to ensure that only eligible individuals receive benefits or its obligation to provide for methods of administration that are in the best interest of applicants and enrollees and are necessary for the proper and efficient operation of the plan. (i) Flexibility in information collection and verification. Subject to approval by the Secretary, the State may modify the methods to be used for collection of information and verification of information as set forth in this section, provided that such alternative source will reduce the administrative costs and burdens on individuals and States while maximizing accuracy, minimizing delay, meeting applicable requirements relating to the confidentiality, disclosure, maintenance, or use of information, and promoting coordination with other insurance affordability programs. (j) Verification plan. The State must develop, and update as modified, and submit to the Secretary, upon request, a verification plan describing the verification policies and procedures adopted by the State to implement the provisions set forth in this section in a format and manner prescribed by the Secretary. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Plan Amendment Approval Letter from CMS dated July 15, 2020 states in part: This letter is to inform you that your title XXI Children?s Health Insurance Program (CHIP) state plan amendment (SPA), WA-20-0001, submitted on May 4, 2020, has been approved. This SPA has an effective date of March 1, 2020. This amendment, as it applies to the COVID-19 public health emergency (PHE), makes the following changes beginning March 18, 2020, unless otherwise noted, through the duration of the Federally-declared PHE: ? Delay acting on changes in circumstances for CHIP beneficiaries other than the required changes in circumstances described in 42 CFR 457.342(a) cross-referencing 42 CFR 435.926(d); COVID-19 Frequently Asked Questions (FAQs) for State Medicaid and Children?s Health Insurance Program (CHIP) Agencies (Last Updated January 6, 2021) Section J. Children?s Health Insurance Program (CHIP) states in part: 4. Can states continue coverage for the duration of the Public Health Emergency for individuals in a separate CHIP who are aging out of eligibility or ending their postpartum period? No. The requirement in section 6008(b)(3) of the FFCRA to maintain coverage in Medicaid in order to receive the temporary increase in the Medicaid federal medical assistance percentage does not apply to separate CHIPs. Therefore, states may not continue to provide separate CHIP coverage to young adults aging out or women ending their postpartum period. If the state determines that the individual is eligible for Medicaid, they may be transitioned to the appropriate Medicaid eligibility group. States may not transition individuals to Medicaid without first determining them eligible in accordance with 42 C.F.R ? 457.350(b). States are required to transfer the accounts of individuals losing CHIP eligibility who are determined to be ineligible for Medicaid to the Exchange, in accordance with 42 C.F.R ? 457.350(b)(3) and (i).
2022-055 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children?s Health Insurance Program. Assistance Listing Number and Title: 93.767 Children?s Health Insurance Program 93.767 COVID-19 Children?s Health Insurance Program 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers 93.778 Medical Assistance Program 93.778 COVID-19 Medical Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2005WA5021; 2105WAINCT; 2105WAIMPL; 2105WA5MAP; 2105WA5ADM; 1905WA5021; 2105WA5021; 2205WA5021; 2205WA5MAP; 2205WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions ? Provider Eligibility (Screening and Enrollment) Known Questioned Cost Amount: $612,277 Background The Health Care Authority administers both Medicaid and the Children?s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington?s largest public assistance program and usually accounts for about one third of the state?s federal expenditures. CHIP provides health coverage for almost 90,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2022, the Medicaid program spent more than $17.6 billion in federal and state funds, and CHIP spent more than $229 million in federal and state funds. The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 127,000 participating providers in fiscal year 2022. During that time, the Authority paid more than $6.6 billion to providers for direct client services under the programs. The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider. The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the provider?s screening risk level. A provider can be designated as one of three risk levels: limited, moderate or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types: ? Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination ? Conduct license verifications, including for licenses in states other than where the provider is enrolling ? Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the National Plan and Provider Enumeration System, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File index. If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018. The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims. To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments. In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider applications, as well as the postponement of all revalidation actions until November 1, 2020. Also in response to the COVID-19 pandemic, the Authority?s Chief Medical Officer approved a blanket waiver for the backdating of all providers effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows providers to submit claims for services provided before their enrollment and revalidation applications are approved. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035. Description of Condition The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs. During the audit period, the Authority processed 10,959 new provider enrollments and was required to perform ongoing eligibility determinations for 114,427 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found seven instances for six providers (5 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found: ? Staff enrolled three providers without a valid CPA on file. Because the providers were not covered by a CPA, they were improperly enrolled. ? Staff did not conduct a proper license check for three providers. A proper license check for these providers would have led staff to identify that their license was either expired or did not cover the enrollment period, and, therefore, were ineligible. ? Staff did not properly screen one provider based on a moderate risk level. The improper screening checklist was used and the risk level was not properly addressed. To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer-assisted audit techniques to analyze the entire population of 2,049 providers that should have been revalidated or deactivated during the fiscal year. We found the Authority?s internal controls were insufficient and resulted in none of the 2,049 providers (100 percent) being revalidated before the due date. We determined 648 providers were subsequently revalidated, and the Authority backdated them. We also determined 1,242 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 159 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them. Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks. The Authority did review the results of the check once during the fiscal year, in July of 2021. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place. Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority?s automated system is designed to notify providers of their revalidations one day after the due date. Due to this inadequate system design, all provider revalidations were completed after their due dates. Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers? identity and exclusion status. Effect of Condition and Questioned Costs By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified the following payments made to ineligible providers: Audit Area Known questioned costs (state and federal) Known questioned costs (federal portion only) Likely improper payments (state and federal) Likely improper payments (federal portion only) New Providers $7,092 $3,985 $1,317,224 $740,280 Deactivated Providers $302,372 $292,051 $399,999 $351,698 Not Revalidated or Deactivated $509,702 $316,241 Total $819,166 $612,277 $1,717,223 $1,091,978 In addition to the questioned costs in the table above, we also identified $26,148,599 in costs at risk for those providers whose revalidations were backdated. If the providers had not been revalidated, these costs would also be considered questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Authority: ? Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services ? Implement internal controls designed to bring it into material compliance with the provider revalidation process Authority?s Response The Authority partially concurs with the finding. The Authority agrees that ProviderOne sends revalidation notifications one day after the due date rather than before the due date to allow time for the revalidation process. A system revision is in process, and we expect this issue to be resolved by the beginning of 2024. The Authority does not concur with the remainder of the auditor?s findings. The auditor provided the final exceptions and this finding at the close of the audit. The document with the final exceptions did not contain enough information for the Authority to adequately review the results of the auditor?s testing or the methodology used to calculate questioned costs. The time allotted to the Authority to review the testing results, seek clarification, and provide an agency response was not sufficient to analyze the results and provide an informed response. Due to the lack of complete information and time provided, the Authority is unable to agree or disagree with the results of the audit. Finally, on March 19, 2020, the Centers for Medicare & Medicaid Services (CMS) approved Washington?s request for an 1135 COVID-19 Emergency Declaration Blanket Waiver for Health Care Providers, effective through the end of the federal Public Health Emergency. This waiver temporarily suspended provider enrollment and revalidation requirements. Should the Authority agree with any or all of the results from the audit, it would not concur that questioned costs be returned because provider enrollment and revalidations requirements were temporarily suspended by CMS. Auditor?s Remarks We provided the Authority with preliminary exceptions on December 20, 2022 for ?Not Revalidated or Deactivated Providers? and on December 30, 2022 for ?New Providers?, ?Active Providers?, and ?Deactivated Providers?. The Authority provided additional information on January 31, 2023 that cleared some of the exceptions. We provided final exceptions on March 3, 2023 which included the unique transaction identifier for each exception. The Authority requested that we perform additional testing for the ?Deactivated Providers? on March 15th. The draft finding was provided to the Authority on April 14, 2023 and the Authority provided their response on May 3rd. Despite several years of the known system weaknesses, the Authority has not updated the system or implemented compensating processes to ensure providers are eligible to provide Medicaid and Chip services. Regarding the 1135 COVID-19 Emergency Declaration Blanket Waiver, the Authority informed us that beginning October 1, 2020, Authority management had reinstated the majority of provider eligibility requirements that had been waived. We reaffirm our finding with questioned costs and will follow up on the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 42 CFR Part 433, State Fiscal Administration, Subpart F ? Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments. Title 42 CFR section 438 subpart H ? Additional Program Integrity Safeguards, states in part: Section 438.602 State responsibilities. (a) Monitoring contractor compliance. Consistent with ? 438.66, the State must monitor the MCO?s, PIHP?s, PAHP?s, PCCM?s or PCCM entity?s compliance, as applicable, with ?? 438.604, 438.606, 438.608, 438.610, 438.230, and 438.808. (b) Screening and enrollment and revalidation of providers. (1) The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PIHPs, and PAHPs, in accordance with the requirements of part 455, subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries. This provision does not require the network provider to render services to FFS beneficiaries. (2) MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees. (c) Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM or PCCM entity, and any subcontractors as required in ? 438.608(c). (d) Federal database checks. Consistent with the requirements at ? 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of the MCO, PIHP, PAHP, PCCM or PCCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration?s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with ? 438.610(c). Title 42 CFR section 455 Subpart B ? Disclosure of Information by Providers and Fiscal Agents, states in part: Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control. (a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities. (b) What disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: (1) (i) The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. (ii) Date of birth and Social Security Number (in the case of an individual). (iii) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. (2) Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. (3) The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. (4) The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). (c) When the disclosures must be provided ? (1) Disclosures from providers or disclosing entities. Disclosure from any provider or disclosing entity is due at any of the following times: (i) Upon the provider or disclosing entity submitting the provider application. (ii) Upon the provider or disclosing entity executing the provider agreement. (iii) Upon request of the Medicaid agency during the re-validation of enrollment process under ? 455.414. (iv) Within 35 days after any change in ownership of the disclosing entity. (2) Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times: (i) Upon the fiscal agent submitting the proposal in accordance with the State?s procurement process. (ii) Upon the fiscal agent executing the contract with the State. (iii) Upon renewal or extension of the contract. (iv) Within 35 days after any change in ownership of the fiscal agent. (3) Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times: (i) Upon the managed care entity submitting the proposal in accordance with the State?s procurement process. (ii) Upon the managed care entity executing the contract with the State. (iii) Upon renewal or extension of the contract. (iv) Within 35 days after any change in ownership of the managed care entity. (4) Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section. (d) To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency. (e) Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section. Title 42 CFR section 455 Subpart E ? Provider Screening and Enrollment, states in part: Section 455.410 Enrollment and screening of providers (a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart. (b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. (c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following: (1) Medicare contractors. (2) Medicaid agencies or Children?s Health Insurance Programs of other States. Section 455.412 Verification of provider licenses The State Medicaid agency must ? (a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. (b) Confirm that the provider?s license has not expired and that there are no current limitations on the provider?s license. Section 455.414 Revalidation of enrollment The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years. Section 455.436 Federal database checks The State Medicaid agency must do all of the following: (a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. (b) Check the Social Security Administration?s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. (c) (1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and (2) Check the LEIE and EPLS no less frequently than monthly. Section 455.450 Screening levels for Medicaid providers. A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. (a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following: (1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination. (2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with ? 455.412. (3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with ? 455.436. (b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a ?moderate? categorical risk, a State Medicaid agency must do both of the following: (1) Perform the ?limited? screening requirements described in paragraph (a) of this section. (2) Conduct on-site visits in accordance with ? 455.432. (c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a ?high? categorical risk, a State Medicaid agency must do both of the following: (1) Perform the ?limited? and ?moderate? screening requirements described in paragraphs (a) and (b) of this section. (2) (i) Conduct a criminal background check; and (ii) Require the submission of a set of fingerprints in accordance with ? 455.434. (d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its - (1) Application denied under ? 455.434; or (2) Enrollment terminated under ? 455.416. (e) Adjustment of risk level. The State agency must adjust the categorical risk level from ?limited? or ?moderate? to ?high? when any of the following occurs: (1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State?s Medicaid program within the previous 10 years. (2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted. Medicaid Provider Enrollment Compendium (MPEC) B. Enrolled Provider?s Payment Eligibility for Retroactive Dates of Service The practice of ?backdating? enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the prov
2022-053 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure clients were eligible for the Children?s Health Insurance Program. Assistance Listing Number and Title: 93.767 Children?s Health Insurance Program 93.767 COVID-19 Children?s Health Insurance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2005WA5021; 1905WA5021; 2105WA5021; 2205WA5021; Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Eligibility Known Questioned Cost Amount: $3,036,657 Background The Health Care Authority administers the Children?s Health Insurance Program (CHIP). CHIP is a jointly funded state and federal partnership providing insurance coverage for almost 90,000 children and pregnant people in families with incomes too high to qualify for Medicaid. Federal CHIP financing is capped, and each state operates under an allotment. During fiscal year 2022, the Authority spent more than $229 million in state and federal funds to administer CHIP. To determine initial eligibility for CHIP, families must complete an application in the Washington Health Benefit Exchange, known as Washington Healthplanfinder, or through a streamlined paper application. Once families complete their applications, electronic verification sources confirm their income, immigration status and Social Security numbers (SSNs). The Authority automatically reviews applicants? eligibility first for Medicaid and then for CHIP if they are ineligible for Medicaid. Children in low-income families who are ineligible for Medicaid are enrolled in CHIP under the state CHIP plan. Washington has also elected to cover the prenatal period of some low-income pregnant people under the state CHIP plan. CHIP clients must be either U.S. citizens or lawfully present qualified noncitizens, and their eligibility is based on self-attested income in their applications; therefore, clients with verified citizenship and SSNs would be determined eligible if their reported income was between 210 percent and 312 percent of the federal poverty level. Once the Authority determines clients? initial eligibility, their start date is recorded as the first of the month in which their application was submitted, thus allowing for payments prior to approval to be processed after the fact. Children found eligible for medical assistance remain continuously eligible for a full 12 months, regardless of any changes in their household income or third-party liability. Households must report financial and nonfinancial changes, but these will not render them ineligible during the continuous eligibility period. However, if recipients? household income decreases, the Authority can move children to a more favorable program, such as Medicaid, to eliminate the premium payment requirements. Termination during the continuous eligibility period is acceptable only for the following reasons: ? Changes in residency (permanent move out of state) ? Death ? Fraud (unless it is going to prosecution) ? Failure to pay the premium for more than three months ? The child turns 19 years old (remains eligible through the end of their birth month) ? After the end of the month in which the postpartum period ends for pregnant people ? When a client requests to be removed from the program In response to the COVID-19 pandemic, the Centers for Medicare and Medicaid Services (CMS) approved waivers and disaster relief state plan amendments (SPA), effective March 1, 2020, through the end of the public health emergency declaration, allowing flexibilities to ensure the continuity of coverage through the public health emergency. The waivers and SPA allowed the Authority to implement flexibilities, including the following: ? Allow self-attestations for all eligibility requirements, excluding citizenship and immigration status, on a case-by-case basis ? Extend the redetermination timeline for current CHIP enrollees in the state to maintain continuity of coverage as permissible From the start of the pandemic, CMS kept an ongoing Frequently Asked Questions (FAQs) document to aid state Medicaid and CHIP agencies in their response to COVID-19, including guidance on eligibility, benefits and financing regarding the pandemic. This document was finalized on January 6, 2021. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Authority did not have adequate internal controls to ensure clients were eligible for CHIP. The prior finding number was 2021-046. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure clients were eligible for CHIP. We used a statistically valid sampling method to randomly select and examine 59 out of a total population of 93,793 clients who had a federally verified SSN. We also used a statistically valid sampling method to randomly select and examine 59 out of a total population of 10,933 clients who did not have a federally verified SSN. For the sample of clients who had a verified SSN, we identified: ? One instance where the client aged out of services and was not referred to Washington Healthplanfinder to be redetermined eligible for Medicaid during the COVID-19 pandemic, as required. ? One instance where the Authority continued CHIP coverage for a client after the allowable postpartum period. For the sample of clients who did not have a federally verified SSN, we identified: ? Seventeen instances where the Authority continued CHIP coverage for clients after the allowable postpartum period. We also used computer-assisted audit techniques to analyze the entire client population. We found 3,416 clients who were over the age of 19 that were still receiving CHIP services during fiscal year 2022. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition The Authority chose not to remove clients from CHIP even when they aged out of coverage or their postpartum period ended. Effect of Condition and Questioned Costs By not having adequate internal controls, the Authority is at risk of not detecting or preventing ineligible payments of federal CHIP funds on behalf of recipients. We determined the following questioned costs: Audit Area Known Questions Costs (state and federal) Known questioned costs ? Federal portion only Likely improper payments (state and federal) Likely improper payments ? federal portion only Verified SSNs $ 2,117 $ 1,468 $ 3,365,166 $ 2,333,411 Non-Verified SSNs $14,760 $ 10,236 $ 2,735,142 $ 1,896,870 Over 19 years old $ 4,353,425 $ 3,024,953 $ 0 $ 0 Totals $ 4,370,302 $ 3,036,657 $ 6,100,308 $ 4,230,281 Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Authority: ? Implement internal controls to ensure all clients meet CHIP eligibility requirements ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Authority?s Response The Authority does not concur with any of the results cited by the auditor related to CHIP program eligibility. The agency has worked with the Governor?s Office and the Office of Financial Management to continue equity of state funded coverage for all individuals during the public health emergency, including CHIPRA pregnancy coverage. The postpartum period in CHIPRA coverage is state-funded. The State Auditor?s Office did not allow the Authority enough time to obtain the journal vouchers from our accounting partners that show the use of state funds for these expenditures. Regarding the clients receiving CHIP benefits who were aged 19 and over, the agency has pursued, and been notified of approval for, an 1115 disaster waiver from the Centers for Medicare & Medicaid Services. The waiver approves funding for CHIP clients aged 19 and over during the public health emergency and is retroactive to March 18, 2020. Once the approval letter is received by the Authority, the associated federal expenditures identified by the auditor will be valid. The agency was provided very little time and flexibility to respond to the audit results during a time when the agency and its federal counterparts are inundated and backlogged with unwinding the public health emergency. Auditor?s Remarks We provided the Authority with preliminary exceptions on February 27, 2023 and on March 15th, the Authority provided additional information that cleared some of the exceptions. The draft finding was provided to the Authority on April 17, 2023. It was not until April 18th, after audit work was concluded, that the Authority asserted the postpartum exceptions we identified were transferred from federal funding to state funding with journal vouchers. Despite not conveying this information to us timely, we requested copies of the journal vouchers to attempt to confirm the Authority?s assertion. On April 25, 2023, the Authority informed us that staff were not able to pull the journal vouchers and we therefore could not determine whether any of the federally funded payments were subsequently transferred to state funding. For the clients aged 19 and over, there was no formal approval from CMS in place during the audit period or currently. Therefore, we conducted our audit in accordance with codified eligibility rules. We reaffirm our finding and will follow up on the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. Title 42 CFR, Public Health Part 435 Subpart J, Eligibility in the States and District of Columbia, establishes the following applicable requirements: Section 435.926 Continuous eligibility for children, states in part: (b) Eligibility. The agency may provide continuous eligibility for the period specified in paragraph (c) of this section for an individual who is: (1) Under age 19 or under a younger age specified by the agency in its State plan; and (2) Eligible and enrolled for mandatory or optional coverage under the State plan in accordance with subpart B or C of this part. (c) Continuous eligibility period. (1) The agency must specify in the State plan the length of the continuous eligibility period, not to exceed 12 months. (2) A continuous eligibility period begins on the effective date of the individual?s eligibility under ? 435.915 or most recent redetermination or renewal of eligibility under ? 435.916 and ends after the period specified by the agency under paragraph (c)(1) of this section. (d) Applicability. A child?s eligibility may not be terminated during a continuous eligibility period, regardless of any changes in circumstances, unless: (1) The child attains the maximum age specified in accordance with paragraph (b)(1) of this section; (2) The child or child?s representative requests a voluntary termination of eligibility; (3) The child ceases to be a resident of the State; (4) The agency determines that eligibility was erroneously granted at the most recent determination, redetermination or renewal of eligibility because of agency error or fraud, abuse, or perjury attributed to the child or the child?s representative; or (5) The child dies. Title 42 CFR, Public Health, Part 457 establishes the following applicable requirements: Section 457.342 Continuous eligibility for children, states in part: (a) A State may provide continuous eligibility for children under a separate CHIP in accordance with the terms of ? 435.926 of this chapter, and subject to a child remaining ineligible for Medicaid, as required by section 2110(b)(1) of the Act and ? 457.310 (related to the definition and standards for being a targeted low-income child) and the requirements of section 2102(b)(3) of the Act and ? 457.350 (related to eligibility screening and enrollment). Section 457.380 Eligibility verification. (a) General requirements. Except where law requires other procedures (such as for citizenship and immigration status information), the State may accept attestation of information needed to determine the eligibility of an individual for CHIP (either self-attestation by the individual or attestation by an adult who is in the applicant?s household, as defined in ? 435.603(f) of this subchapter, or family, as defined in section 36B(d)(1) of the Internal Revenue Code, an authorized representative, or if the individual is a minor or incapacitated, someone acting responsibly for the individual) without requiring further information (including documentation) from the individual. (b) Status as a citizen, national or a non-citizen. (1) Except for newborns identified in ? 435.406(a)(1)(iii)(E) of this chapter, who are exempt from any requirement to verify citizenship, the agency must ? (i) Verify citizenship or immigration status in accordance with ? 435.956(a) of this chapter, except that the reference to ? 435.945(k) is read as a reference to paragraph (i) of this section; and (ii) Provide a reasonable opportunity period to verify such status in accordance with ? 435.956(a)(5) and (b) of this chapter and provide benefits during such reasonable opportunity period to individuals determined to be otherwise eligible for CHIP. (2) [Reserved] (c) State residents. If the State does not accept self-attestation of residency, the State must verify residency in accordance with ? 435.956(c) of this chapter. (d) Income. If the State does not accept self-attestation of income, the State must verify the income of an individual by using the data sources and following standards and procedures for verification of financial eligibility consistent with ? 435.945(a), ? 435.948 and ? 435.952 of this chapter. (e) Verification of other factors of eligibility. For eligibility requirements not described in paragraphs (c) or (d) of this section, a State may adopt reasonable verification procedures, consistent with the requirements in ? 435.952 of this chapter, except that the State must accept self-attestation of pregnancy unless the State has information that is not reasonably compatible with such attestation. (f) Requesting information. The terms of ? 435.952 of this chapter apply equally to the State in administering a separate CHIP. (g) Electronic service. Except to the extent permitted under paragraph (i) of this section, to the extent that information sought under this section is available through the electronic service described in ? 435.949 of this chapter, the State must obtain the information through that service. (h) Interaction with program integrity requirements. Nothing in this section should be construed as limiting the State?s program integrity measures or affecting the State's obligation to ensure that only eligible individuals receive benefits or its obligation to provide for methods of administration that are in the best interest of applicants and enrollees and are necessary for the proper and efficient operation of the plan. (i) Flexibility in information collection and verification. Subject to approval by the Secretary, the State may modify the methods to be used for collection of information and verification of information as set forth in this section, provided that such alternative source will reduce the administrative costs and burdens on individuals and States while maximizing accuracy, minimizing delay, meeting applicable requirements relating to the confidentiality, disclosure, maintenance, or use of information, and promoting coordination with other insurance affordability programs. (j) Verification plan. The State must develop, and update as modified, and submit to the Secretary, upon request, a verification plan describing the verification policies and procedures adopted by the State to implement the provisions set forth in this section in a format and manner prescribed by the Secretary. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Plan Amendment Approval Letter from CMS dated July 15, 2020 states in part: This letter is to inform you that your title XXI Children?s Health Insurance Program (CHIP) state plan amendment (SPA), WA-20-0001, submitted on May 4, 2020, has been approved. This SPA has an effective date of March 1, 2020. This amendment, as it applies to the COVID-19 public health emergency (PHE), makes the following changes beginning March 18, 2020, unless otherwise noted, through the duration of the Federally-declared PHE: ? Delay acting on changes in circumstances for CHIP beneficiaries other than the required changes in circumstances described in 42 CFR 457.342(a) cross-referencing 42 CFR 435.926(d); COVID-19 Frequently Asked Questions (FAQs) for State Medicaid and Children?s Health Insurance Program (CHIP) Agencies (Last Updated January 6, 2021) Section J. Children?s Health Insurance Program (CHIP) states in part: 4. Can states continue coverage for the duration of the Public Health Emergency for individuals in a separate CHIP who are aging out of eligibility or ending their postpartum period? No. The requirement in section 6008(b)(3) of the FFCRA to maintain coverage in Medicaid in order to receive the temporary increase in the Medicaid federal medical assistance percentage does not apply to separate CHIPs. Therefore, states may not continue to provide separate CHIP coverage to young adults aging out or women ending their postpartum period. If the state determines that the individual is eligible for Medicaid, they may be transitioned to the appropriate Medicaid eligibility group. States may not transition individuals to Medicaid without first determining them eligible in accordance with 42 C.F.R ? 457.350(b). States are required to transfer the accounts of individuals losing CHIP eligibility who are determined to be ineligible for Medicaid to the Exchange, in accordance with 42 C.F.R ? 457.350(b)(3) and (i).
2022-055 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children?s Health Insurance Program. Assistance Listing Number and Title: 93.767 Children?s Health Insurance Program 93.767 COVID-19 Children?s Health Insurance Program 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers 93.778 Medical Assistance Program 93.778 COVID-19 Medical Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2005WA5021; 2105WAINCT; 2105WAIMPL; 2105WA5MAP; 2105WA5ADM; 1905WA5021; 2105WA5021; 2205WA5021; 2205WA5MAP; 2205WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions ? Provider Eligibility (Screening and Enrollment) Known Questioned Cost Amount: $612,277 Background The Health Care Authority administers both Medicaid and the Children?s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington?s largest public assistance program and usually accounts for about one third of the state?s federal expenditures. CHIP provides health coverage for almost 90,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2022, the Medicaid program spent more than $17.6 billion in federal and state funds, and CHIP spent more than $229 million in federal and state funds. The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 127,000 participating providers in fiscal year 2022. During that time, the Authority paid more than $6.6 billion to providers for direct client services under the programs. The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider. The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the provider?s screening risk level. A provider can be designated as one of three risk levels: limited, moderate or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types: ? Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination ? Conduct license verifications, including for licenses in states other than where the provider is enrolling ? Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the National Plan and Provider Enumeration System, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File index. If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018. The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims. To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments. In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider applications, as well as the postponement of all revalidation actions until November 1, 2020. Also in response to the COVID-19 pandemic, the Authority?s Chief Medical Officer approved a blanket waiver for the backdating of all providers effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows providers to submit claims for services provided before their enrollment and revalidation applications are approved. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035. Description of Condition The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs. During the audit period, the Authority processed 10,959 new provider enrollments and was required to perform ongoing eligibility determinations for 114,427 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found seven instances for six providers (5 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found: ? Staff enrolled three providers without a valid CPA on file. Because the providers were not covered by a CPA, they were improperly enrolled. ? Staff did not conduct a proper license check for three providers. A proper license check for these providers would have led staff to identify that their license was either expired or did not cover the enrollment period, and, therefore, were ineligible. ? Staff did not properly screen one provider based on a moderate risk level. The improper screening checklist was used and the risk level was not properly addressed. To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer-assisted audit techniques to analyze the entire population of 2,049 providers that should have been revalidated or deactivated during the fiscal year. We found the Authority?s internal controls were insufficient and resulted in none of the 2,049 providers (100 percent) being revalidated before the due date. We determined 648 providers were subsequently revalidated, and the Authority backdated them. We also determined 1,242 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 159 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them. Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks. The Authority did review the results of the check once during the fiscal year, in July of 2021. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place. Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority?s automated system is designed to notify providers of their revalidations one day after the due date. Due to this inadequate system design, all provider revalidations were completed after their due dates. Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers? identity and exclusion status. Effect of Condition and Questioned Costs By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified the following payments made to ineligible providers: Audit Area Known questioned costs (state and federal) Known questioned costs (federal portion only) Likely improper payments (state and federal) Likely improper payments (federal portion only) New Providers $7,092 $3,985 $1,317,224 $740,280 Deactivated Providers $302,372 $292,051 $399,999 $351,698 Not Revalidated or Deactivated $509,702 $316,241 Total $819,166 $612,277 $1,717,223 $1,091,978 In addition to the questioned costs in the table above, we also identified $26,148,599 in costs at risk for those providers whose revalidations were backdated. If the providers had not been revalidated, these costs would also be considered questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Authority: ? Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services ? Implement internal controls designed to bring it into material compliance with the provider revalidation process Authority?s Response The Authority partially concurs with the finding. The Authority agrees that ProviderOne sends revalidation notifications one day after the due date rather than before the due date to allow time for the revalidation process. A system revision is in process, and we expect this issue to be resolved by the beginning of 2024. The Authority does not concur with the remainder of the auditor?s findings. The auditor provided the final exceptions and this finding at the close of the audit. The document with the final exceptions did not contain enough information for the Authority to adequately review the results of the auditor?s testing or the methodology used to calculate questioned costs. The time allotted to the Authority to review the testing results, seek clarification, and provide an agency response was not sufficient to analyze the results and provide an informed response. Due to the lack of complete information and time provided, the Authority is unable to agree or disagree with the results of the audit. Finally, on March 19, 2020, the Centers for Medicare & Medicaid Services (CMS) approved Washington?s request for an 1135 COVID-19 Emergency Declaration Blanket Waiver for Health Care Providers, effective through the end of the federal Public Health Emergency. This waiver temporarily suspended provider enrollment and revalidation requirements. Should the Authority agree with any or all of the results from the audit, it would not concur that questioned costs be returned because provider enrollment and revalidations requirements were temporarily suspended by CMS. Auditor?s Remarks We provided the Authority with preliminary exceptions on December 20, 2022 for ?Not Revalidated or Deactivated Providers? and on December 30, 2022 for ?New Providers?, ?Active Providers?, and ?Deactivated Providers?. The Authority provided additional information on January 31, 2023 that cleared some of the exceptions. We provided final exceptions on March 3, 2023 which included the unique transaction identifier for each exception. The Authority requested that we perform additional testing for the ?Deactivated Providers? on March 15th. The draft finding was provided to the Authority on April 14, 2023 and the Authority provided their response on May 3rd. Despite several years of the known system weaknesses, the Authority has not updated the system or implemented compensating processes to ensure providers are eligible to provide Medicaid and Chip services. Regarding the 1135 COVID-19 Emergency Declaration Blanket Waiver, the Authority informed us that beginning October 1, 2020, Authority management had reinstated the majority of provider eligibility requirements that had been waived. We reaffirm our finding with questioned costs and will follow up on the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 42 CFR Part 433, State Fiscal Administration, Subpart F ? Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments. Title 42 CFR section 438 subpart H ? Additional Program Integrity Safeguards, states in part: Section 438.602 State responsibilities. (a) Monitoring contractor compliance. Consistent with ? 438.66, the State must monitor the MCO?s, PIHP?s, PAHP?s, PCCM?s or PCCM entity?s compliance, as applicable, with ?? 438.604, 438.606, 438.608, 438.610, 438.230, and 438.808. (b) Screening and enrollment and revalidation of providers. (1) The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PIHPs, and PAHPs, in accordance with the requirements of part 455, subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries. This provision does not require the network provider to render services to FFS beneficiaries. (2) MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees. (c) Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM or PCCM entity, and any subcontractors as required in ? 438.608(c). (d) Federal database checks. Consistent with the requirements at ? 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of the MCO, PIHP, PAHP, PCCM or PCCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration?s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with ? 438.610(c). Title 42 CFR section 455 Subpart B ? Disclosure of Information by Providers and Fiscal Agents, states in part: Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control. (a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities. (b) What disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: (1) (i) The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. (ii) Date of birth and Social Security Number (in the case of an individual). (iii) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. (2) Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. (3) The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. (4) The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). (c) When the disclosures must be provided ? (1) Disclosures from providers or disclosing entities. Disclosure from any provider or disclosing entity is due at any of the following times: (i) Upon the provider or disclosing entity submitting the provider application. (ii) Upon the provider or disclosing entity executing the provider agreement. (iii) Upon request of the Medicaid agency during the re-validation of enrollment process under ? 455.414. (iv) Within 35 days after any change in ownership of the disclosing entity. (2) Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times: (i) Upon the fiscal agent submitting the proposal in accordance with the State?s procurement process. (ii) Upon the fiscal agent executing the contract with the State. (iii) Upon renewal or extension of the contract. (iv) Within 35 days after any change in ownership of the fiscal agent. (3) Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times: (i) Upon the managed care entity submitting the proposal in accordance with the State?s procurement process. (ii) Upon the managed care entity executing the contract with the State. (iii) Upon renewal or extension of the contract. (iv) Within 35 days after any change in ownership of the managed care entity. (4) Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section. (d) To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency. (e) Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section. Title 42 CFR section 455 Subpart E ? Provider Screening and Enrollment, states in part: Section 455.410 Enrollment and screening of providers (a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart. (b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. (c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following: (1) Medicare contractors. (2) Medicaid agencies or Children?s Health Insurance Programs of other States. Section 455.412 Verification of provider licenses The State Medicaid agency must ? (a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. (b) Confirm that the provider?s license has not expired and that there are no current limitations on the provider?s license. Section 455.414 Revalidation of enrollment The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years. Section 455.436 Federal database checks The State Medicaid agency must do all of the following: (a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. (b) Check the Social Security Administration?s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. (c) (1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and (2) Check the LEIE and EPLS no less frequently than monthly. Section 455.450 Screening levels for Medicaid providers. A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. (a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following: (1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination. (2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with ? 455.412. (3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with ? 455.436. (b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a ?moderate? categorical risk, a State Medicaid agency must do both of the following: (1) Perform the ?limited? screening requirements described in paragraph (a) of this section. (2) Conduct on-site visits in accordance with ? 455.432. (c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a ?high? categorical risk, a State Medicaid agency must do both of the following: (1) Perform the ?limited? and ?moderate? screening requirements described in paragraphs (a) and (b) of this section. (2) (i) Conduct a criminal background check; and (ii) Require the submission of a set of fingerprints in accordance with ? 455.434. (d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its - (1) Application denied under ? 455.434; or (2) Enrollment terminated under ? 455.416. (e) Adjustment of risk level. The State agency must adjust the categorical risk level from ?limited? or ?moderate? to ?high? when any of the following occurs: (1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State?s Medicaid program within the previous 10 years. (2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted. Medicaid Provider Enrollment Compendium (MPEC) B. Enrolled Provider?s Payment Eligibility for Retroactive Dates of Service The practice of ?backdating? enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the prov
2022-053 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure clients were eligible for the Children?s Health Insurance Program. Assistance Listing Number and Title: 93.767 Children?s Health Insurance Program 93.767 COVID-19 Children?s Health Insurance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2005WA5021; 1905WA5021; 2105WA5021; 2205WA5021; Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Eligibility Known Questioned Cost Amount: $3,036,657 Background The Health Care Authority administers the Children?s Health Insurance Program (CHIP). CHIP is a jointly funded state and federal partnership providing insurance coverage for almost 90,000 children and pregnant people in families with incomes too high to qualify for Medicaid. Federal CHIP financing is capped, and each state operates under an allotment. During fiscal year 2022, the Authority spent more than $229 million in state and federal funds to administer CHIP. To determine initial eligibility for CHIP, families must complete an application in the Washington Health Benefit Exchange, known as Washington Healthplanfinder, or through a streamlined paper application. Once families complete their applications, electronic verification sources confirm their income, immigration status and Social Security numbers (SSNs). The Authority automatically reviews applicants? eligibility first for Medicaid and then for CHIP if they are ineligible for Medicaid. Children in low-income families who are ineligible for Medicaid are enrolled in CHIP under the state CHIP plan. Washington has also elected to cover the prenatal period of some low-income pregnant people under the state CHIP plan. CHIP clients must be either U.S. citizens or lawfully present qualified noncitizens, and their eligibility is based on self-attested income in their applications; therefore, clients with verified citizenship and SSNs would be determined eligible if their reported income was between 210 percent and 312 percent of the federal poverty level. Once the Authority determines clients? initial eligibility, their start date is recorded as the first of the month in which their application was submitted, thus allowing for payments prior to approval to be processed after the fact. Children found eligible for medical assistance remain continuously eligible for a full 12 months, regardless of any changes in their household income or third-party liability. Households must report financial and nonfinancial changes, but these will not render them ineligible during the continuous eligibility period. However, if recipients? household income decreases, the Authority can move children to a more favorable program, such as Medicaid, to eliminate the premium payment requirements. Termination during the continuous eligibility period is acceptable only for the following reasons: ? Changes in residency (permanent move out of state) ? Death ? Fraud (unless it is going to prosecution) ? Failure to pay the premium for more than three months ? The child turns 19 years old (remains eligible through the end of their birth month) ? After the end of the month in which the postpartum period ends for pregnant people ? When a client requests to be removed from the program In response to the COVID-19 pandemic, the Centers for Medicare and Medicaid Services (CMS) approved waivers and disaster relief state plan amendments (SPA), effective March 1, 2020, through the end of the public health emergency declaration, allowing flexibilities to ensure the continuity of coverage through the public health emergency. The waivers and SPA allowed the Authority to implement flexibilities, including the following: ? Allow self-attestations for all eligibility requirements, excluding citizenship and immigration status, on a case-by-case basis ? Extend the redetermination timeline for current CHIP enrollees in the state to maintain continuity of coverage as permissible From the start of the pandemic, CMS kept an ongoing Frequently Asked Questions (FAQs) document to aid state Medicaid and CHIP agencies in their response to COVID-19, including guidance on eligibility, benefits and financing regarding the pandemic. This document was finalized on January 6, 2021. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Authority did not have adequate internal controls to ensure clients were eligible for CHIP. The prior finding number was 2021-046. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure clients were eligible for CHIP. We used a statistically valid sampling method to randomly select and examine 59 out of a total population of 93,793 clients who had a federally verified SSN. We also used a statistically valid sampling method to randomly select and examine 59 out of a total population of 10,933 clients who did not have a federally verified SSN. For the sample of clients who had a verified SSN, we identified: ? One instance where the client aged out of services and was not referred to Washington Healthplanfinder to be redetermined eligible for Medicaid during the COVID-19 pandemic, as required. ? One instance where the Authority continued CHIP coverage for a client after the allowable postpartum period. For the sample of clients who did not have a federally verified SSN, we identified: ? Seventeen instances where the Authority continued CHIP coverage for clients after the allowable postpartum period. We also used computer-assisted audit techniques to analyze the entire client population. We found 3,416 clients who were over the age of 19 that were still receiving CHIP services during fiscal year 2022. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition The Authority chose not to remove clients from CHIP even when they aged out of coverage or their postpartum period ended. Effect of Condition and Questioned Costs By not having adequate internal controls, the Authority is at risk of not detecting or preventing ineligible payments of federal CHIP funds on behalf of recipients. We determined the following questioned costs: Audit Area Known Questions Costs (state and federal) Known questioned costs ? Federal portion only Likely improper payments (state and federal) Likely improper payments ? federal portion only Verified SSNs $ 2,117 $ 1,468 $ 3,365,166 $ 2,333,411 Non-Verified SSNs $14,760 $ 10,236 $ 2,735,142 $ 1,896,870 Over 19 years old $ 4,353,425 $ 3,024,953 $ 0 $ 0 Totals $ 4,370,302 $ 3,036,657 $ 6,100,308 $ 4,230,281 Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Authority: ? Implement internal controls to ensure all clients meet CHIP eligibility requirements ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Authority?s Response The Authority does not concur with any of the results cited by the auditor related to CHIP program eligibility. The agency has worked with the Governor?s Office and the Office of Financial Management to continue equity of state funded coverage for all individuals during the public health emergency, including CHIPRA pregnancy coverage. The postpartum period in CHIPRA coverage is state-funded. The State Auditor?s Office did not allow the Authority enough time to obtain the journal vouchers from our accounting partners that show the use of state funds for these expenditures. Regarding the clients receiving CHIP benefits who were aged 19 and over, the agency has pursued, and been notified of approval for, an 1115 disaster waiver from the Centers for Medicare & Medicaid Services. The waiver approves funding for CHIP clients aged 19 and over during the public health emergency and is retroactive to March 18, 2020. Once the approval letter is received by the Authority, the associated federal expenditures identified by the auditor will be valid. The agency was provided very little time and flexibility to respond to the audit results during a time when the agency and its federal counterparts are inundated and backlogged with unwinding the public health emergency. Auditor?s Remarks We provided the Authority with preliminary exceptions on February 27, 2023 and on March 15th, the Authority provided additional information that cleared some of the exceptions. The draft finding was provided to the Authority on April 17, 2023. It was not until April 18th, after audit work was concluded, that the Authority asserted the postpartum exceptions we identified were transferred from federal funding to state funding with journal vouchers. Despite not conveying this information to us timely, we requested copies of the journal vouchers to attempt to confirm the Authority?s assertion. On April 25, 2023, the Authority informed us that staff were not able to pull the journal vouchers and we therefore could not determine whether any of the federally funded payments were subsequently transferred to state funding. For the clients aged 19 and over, there was no formal approval from CMS in place during the audit period or currently. Therefore, we conducted our audit in accordance with codified eligibility rules. We reaffirm our finding and will follow up on the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. Title 42 CFR, Public Health Part 435 Subpart J, Eligibility in the States and District of Columbia, establishes the following applicable requirements: Section 435.926 Continuous eligibility for children, states in part: (b) Eligibility. The agency may provide continuous eligibility for the period specified in paragraph (c) of this section for an individual who is: (1) Under age 19 or under a younger age specified by the agency in its State plan; and (2) Eligible and enrolled for mandatory or optional coverage under the State plan in accordance with subpart B or C of this part. (c) Continuous eligibility period. (1) The agency must specify in the State plan the length of the continuous eligibility period, not to exceed 12 months. (2) A continuous eligibility period begins on the effective date of the individual?s eligibility under ? 435.915 or most recent redetermination or renewal of eligibility under ? 435.916 and ends after the period specified by the agency under paragraph (c)(1) of this section. (d) Applicability. A child?s eligibility may not be terminated during a continuous eligibility period, regardless of any changes in circumstances, unless: (1) The child attains the maximum age specified in accordance with paragraph (b)(1) of this section; (2) The child or child?s representative requests a voluntary termination of eligibility; (3) The child ceases to be a resident of the State; (4) The agency determines that eligibility was erroneously granted at the most recent determination, redetermination or renewal of eligibility because of agency error or fraud, abuse, or perjury attributed to the child or the child?s representative; or (5) The child dies. Title 42 CFR, Public Health, Part 457 establishes the following applicable requirements: Section 457.342 Continuous eligibility for children, states in part: (a) A State may provide continuous eligibility for children under a separate CHIP in accordance with the terms of ? 435.926 of this chapter, and subject to a child remaining ineligible for Medicaid, as required by section 2110(b)(1) of the Act and ? 457.310 (related to the definition and standards for being a targeted low-income child) and the requirements of section 2102(b)(3) of the Act and ? 457.350 (related to eligibility screening and enrollment). Section 457.380 Eligibility verification. (a) General requirements. Except where law requires other procedures (such as for citizenship and immigration status information), the State may accept attestation of information needed to determine the eligibility of an individual for CHIP (either self-attestation by the individual or attestation by an adult who is in the applicant?s household, as defined in ? 435.603(f) of this subchapter, or family, as defined in section 36B(d)(1) of the Internal Revenue Code, an authorized representative, or if the individual is a minor or incapacitated, someone acting responsibly for the individual) without requiring further information (including documentation) from the individual. (b) Status as a citizen, national or a non-citizen. (1) Except for newborns identified in ? 435.406(a)(1)(iii)(E) of this chapter, who are exempt from any requirement to verify citizenship, the agency must ? (i) Verify citizenship or immigration status in accordance with ? 435.956(a) of this chapter, except that the reference to ? 435.945(k) is read as a reference to paragraph (i) of this section; and (ii) Provide a reasonable opportunity period to verify such status in accordance with ? 435.956(a)(5) and (b) of this chapter and provide benefits during such reasonable opportunity period to individuals determined to be otherwise eligible for CHIP. (2) [Reserved] (c) State residents. If the State does not accept self-attestation of residency, the State must verify residency in accordance with ? 435.956(c) of this chapter. (d) Income. If the State does not accept self-attestation of income, the State must verify the income of an individual by using the data sources and following standards and procedures for verification of financial eligibility consistent with ? 435.945(a), ? 435.948 and ? 435.952 of this chapter. (e) Verification of other factors of eligibility. For eligibility requirements not described in paragraphs (c) or (d) of this section, a State may adopt reasonable verification procedures, consistent with the requirements in ? 435.952 of this chapter, except that the State must accept self-attestation of pregnancy unless the State has information that is not reasonably compatible with such attestation. (f) Requesting information. The terms of ? 435.952 of this chapter apply equally to the State in administering a separate CHIP. (g) Electronic service. Except to the extent permitted under paragraph (i) of this section, to the extent that information sought under this section is available through the electronic service described in ? 435.949 of this chapter, the State must obtain the information through that service. (h) Interaction with program integrity requirements. Nothing in this section should be construed as limiting the State?s program integrity measures or affecting the State's obligation to ensure that only eligible individuals receive benefits or its obligation to provide for methods of administration that are in the best interest of applicants and enrollees and are necessary for the proper and efficient operation of the plan. (i) Flexibility in information collection and verification. Subject to approval by the Secretary, the State may modify the methods to be used for collection of information and verification of information as set forth in this section, provided that such alternative source will reduce the administrative costs and burdens on individuals and States while maximizing accuracy, minimizing delay, meeting applicable requirements relating to the confidentiality, disclosure, maintenance, or use of information, and promoting coordination with other insurance affordability programs. (j) Verification plan. The State must develop, and update as modified, and submit to the Secretary, upon request, a verification plan describing the verification policies and procedures adopted by the State to implement the provisions set forth in this section in a format and manner prescribed by the Secretary. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Plan Amendment Approval Letter from CMS dated July 15, 2020 states in part: This letter is to inform you that your title XXI Children?s Health Insurance Program (CHIP) state plan amendment (SPA), WA-20-0001, submitted on May 4, 2020, has been approved. This SPA has an effective date of March 1, 2020. This amendment, as it applies to the COVID-19 public health emergency (PHE), makes the following changes beginning March 18, 2020, unless otherwise noted, through the duration of the Federally-declared PHE: ? Delay acting on changes in circumstances for CHIP beneficiaries other than the required changes in circumstances described in 42 CFR 457.342(a) cross-referencing 42 CFR 435.926(d); COVID-19 Frequently Asked Questions (FAQs) for State Medicaid and Children?s Health Insurance Program (CHIP) Agencies (Last Updated January 6, 2021) Section J. Children?s Health Insurance Program (CHIP) states in part: 4. Can states continue coverage for the duration of the Public Health Emergency for individuals in a separate CHIP who are aging out of eligibility or ending their postpartum period? No. The requirement in section 6008(b)(3) of the FFCRA to maintain coverage in Medicaid in order to receive the temporary increase in the Medicaid federal medical assistance percentage does not apply to separate CHIPs. Therefore, states may not continue to provide separate CHIP coverage to young adults aging out or women ending their postpartum period. If the state determines that the individual is eligible for Medicaid, they may be transitioned to the appropriate Medicaid eligibility group. States may not transition individuals to Medicaid without first determining them eligible in accordance with 42 C.F.R ? 457.350(b). States are required to transfer the accounts of individuals losing CHIP eligibility who are determined to be ineligible for Medicaid to the Exchange, in accordance with 42 C.F.R ? 457.350(b)(3) and (i).
2022-055 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children?s Health Insurance Program. Assistance Listing Number and Title: 93.767 Children?s Health Insurance Program 93.767 COVID-19 Children?s Health Insurance Program 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers 93.778 Medical Assistance Program 93.778 COVID-19 Medical Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2005WA5021; 2105WAINCT; 2105WAIMPL; 2105WA5MAP; 2105WA5ADM; 1905WA5021; 2105WA5021; 2205WA5021; 2205WA5MAP; 2205WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions ? Provider Eligibility (Screening and Enrollment) Known Questioned Cost Amount: $612,277 Background The Health Care Authority administers both Medicaid and the Children?s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington?s largest public assistance program and usually accounts for about one third of the state?s federal expenditures. CHIP provides health coverage for almost 90,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2022, the Medicaid program spent more than $17.6 billion in federal and state funds, and CHIP spent more than $229 million in federal and state funds. The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 127,000 participating providers in fiscal year 2022. During that time, the Authority paid more than $6.6 billion to providers for direct client services under the programs. The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider. The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the provider?s screening risk level. A provider can be designated as one of three risk levels: limited, moderate or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types: ? Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination ? Conduct license verifications, including for licenses in states other than where the provider is enrolling ? Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the National Plan and Provider Enumeration System, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File index. If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018. The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims. To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments. In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider applications, as well as the postponement of all revalidation actions until November 1, 2020. Also in response to the COVID-19 pandemic, the Authority?s Chief Medical Officer approved a blanket waiver for the backdating of all providers effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows providers to submit claims for services provided before their enrollment and revalidation applications are approved. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035. Description of Condition The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs. During the audit period, the Authority processed 10,959 new provider enrollments and was required to perform ongoing eligibility determinations for 114,427 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found seven instances for six providers (5 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found: ? Staff enrolled three providers without a valid CPA on file. Because the providers were not covered by a CPA, they were improperly enrolled. ? Staff did not conduct a proper license check for three providers. A proper license check for these providers would have led staff to identify that their license was either expired or did not cover the enrollment period, and, therefore, were ineligible. ? Staff did not properly screen one provider based on a moderate risk level. The improper screening checklist was used and the risk level was not properly addressed. To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer-assisted audit techniques to analyze the entire population of 2,049 providers that should have been revalidated or deactivated during the fiscal year. We found the Authority?s internal controls were insufficient and resulted in none of the 2,049 providers (100 percent) being revalidated before the due date. We determined 648 providers were subsequently revalidated, and the Authority backdated them. We also determined 1,242 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 159 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them. Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks. The Authority did review the results of the check once during the fiscal year, in July of 2021. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place. Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority?s automated system is designed to notify providers of their revalidations one day after the due date. Due to this inadequate system design, all provider revalidations were completed after their due dates. Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers? identity and exclusion status. Effect of Condition and Questioned Costs By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified the following payments made to ineligible providers: Audit Area Known questioned costs (state and federal) Known questioned costs (federal portion only) Likely improper payments (state and federal) Likely improper payments (federal portion only) New Providers $7,092 $3,985 $1,317,224 $740,280 Deactivated Providers $302,372 $292,051 $399,999 $351,698 Not Revalidated or Deactivated $509,702 $316,241 Total $819,166 $612,277 $1,717,223 $1,091,978 In addition to the questioned costs in the table above, we also identified $26,148,599 in costs at risk for those providers whose revalidations were backdated. If the providers had not been revalidated, these costs would also be considered questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Authority: ? Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services ? Implement internal controls designed to bring it into material compliance with the provider revalidation process Authority?s Response The Authority partially concurs with the finding. The Authority agrees that ProviderOne sends revalidation notifications one day after the due date rather than before the due date to allow time for the revalidation process. A system revision is in process, and we expect this issue to be resolved by the beginning of 2024. The Authority does not concur with the remainder of the auditor?s findings. The auditor provided the final exceptions and this finding at the close of the audit. The document with the final exceptions did not contain enough information for the Authority to adequately review the results of the auditor?s testing or the methodology used to calculate questioned costs. The time allotted to the Authority to review the testing results, seek clarification, and provide an agency response was not sufficient to analyze the results and provide an informed response. Due to the lack of complete information and time provided, the Authority is unable to agree or disagree with the results of the audit. Finally, on March 19, 2020, the Centers for Medicare & Medicaid Services (CMS) approved Washington?s request for an 1135 COVID-19 Emergency Declaration Blanket Waiver for Health Care Providers, effective through the end of the federal Public Health Emergency. This waiver temporarily suspended provider enrollment and revalidation requirements. Should the Authority agree with any or all of the results from the audit, it would not concur that questioned costs be returned because provider enrollment and revalidations requirements were temporarily suspended by CMS. Auditor?s Remarks We provided the Authority with preliminary exceptions on December 20, 2022 for ?Not Revalidated or Deactivated Providers? and on December 30, 2022 for ?New Providers?, ?Active Providers?, and ?Deactivated Providers?. The Authority provided additional information on January 31, 2023 that cleared some of the exceptions. We provided final exceptions on March 3, 2023 which included the unique transaction identifier for each exception. The Authority requested that we perform additional testing for the ?Deactivated Providers? on March 15th. The draft finding was provided to the Authority on April 14, 2023 and the Authority provided their response on May 3rd. Despite several years of the known system weaknesses, the Authority has not updated the system or implemented compensating processes to ensure providers are eligible to provide Medicaid and Chip services. Regarding the 1135 COVID-19 Emergency Declaration Blanket Waiver, the Authority informed us that beginning October 1, 2020, Authority management had reinstated the majority of provider eligibility requirements that had been waived. We reaffirm our finding with questioned costs and will follow up on the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 42 CFR Part 433, State Fiscal Administration, Subpart F ? Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments. Title 42 CFR section 438 subpart H ? Additional Program Integrity Safeguards, states in part: Section 438.602 State responsibilities. (a) Monitoring contractor compliance. Consistent with ? 438.66, the State must monitor the MCO?s, PIHP?s, PAHP?s, PCCM?s or PCCM entity?s compliance, as applicable, with ?? 438.604, 438.606, 438.608, 438.610, 438.230, and 438.808. (b) Screening and enrollment and revalidation of providers. (1) The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PIHPs, and PAHPs, in accordance with the requirements of part 455, subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries. This provision does not require the network provider to render services to FFS beneficiaries. (2) MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees. (c) Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM or PCCM entity, and any subcontractors as required in ? 438.608(c). (d) Federal database checks. Consistent with the requirements at ? 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of the MCO, PIHP, PAHP, PCCM or PCCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration?s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with ? 438.610(c). Title 42 CFR section 455 Subpart B ? Disclosure of Information by Providers and Fiscal Agents, states in part: Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control. (a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities. (b) What disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: (1) (i) The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. (ii) Date of birth and Social Security Number (in the case of an individual). (iii) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. (2) Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. (3) The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. (4) The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). (c) When the disclosures must be provided ? (1) Disclosures from providers or disclosing entities. Disclosure from any provider or disclosing entity is due at any of the following times: (i) Upon the provider or disclosing entity submitting the provider application. (ii) Upon the provider or disclosing entity executing the provider agreement. (iii) Upon request of the Medicaid agency during the re-validation of enrollment process under ? 455.414. (iv) Within 35 days after any change in ownership of the disclosing entity. (2) Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times: (i) Upon the fiscal agent submitting the proposal in accordance with the State?s procurement process. (ii) Upon the fiscal agent executing the contract with the State. (iii) Upon renewal or extension of the contract. (iv) Within 35 days after any change in ownership of the fiscal agent. (3) Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times: (i) Upon the managed care entity submitting the proposal in accordance with the State?s procurement process. (ii) Upon the managed care entity executing the contract with the State. (iii) Upon renewal or extension of the contract. (iv) Within 35 days after any change in ownership of the managed care entity. (4) Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section. (d) To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency. (e) Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section. Title 42 CFR section 455 Subpart E ? Provider Screening and Enrollment, states in part: Section 455.410 Enrollment and screening of providers (a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart. (b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. (c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following: (1) Medicare contractors. (2) Medicaid agencies or Children?s Health Insurance Programs of other States. Section 455.412 Verification of provider licenses The State Medicaid agency must ? (a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. (b) Confirm that the provider?s license has not expired and that there are no current limitations on the provider?s license. Section 455.414 Revalidation of enrollment The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years. Section 455.436 Federal database checks The State Medicaid agency must do all of the following: (a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. (b) Check the Social Security Administration?s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. (c) (1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and (2) Check the LEIE and EPLS no less frequently than monthly. Section 455.450 Screening levels for Medicaid providers. A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. (a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following: (1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination. (2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with ? 455.412. (3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with ? 455.436. (b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a ?moderate? categorical risk, a State Medicaid agency must do both of the following: (1) Perform the ?limited? screening requirements described in paragraph (a) of this section. (2) Conduct on-site visits in accordance with ? 455.432. (c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a ?high? categorical risk, a State Medicaid agency must do both of the following: (1) Perform the ?limited? and ?moderate? screening requirements described in paragraphs (a) and (b) of this section. (2) (i) Conduct a criminal background check; and (ii) Require the submission of a set of fingerprints in accordance with ? 455.434. (d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its - (1) Application denied under ? 455.434; or (2) Enrollment terminated under ? 455.416. (e) Adjustment of risk level. The State agency must adjust the categorical risk level from ?limited? or ?moderate? to ?high? when any of the following occurs: (1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State?s Medicaid program within the previous 10 years. (2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted. Medicaid Provider Enrollment Compendium (MPEC) B. Enrolled Provider?s Payment Eligibility for Retroactive Dates of Service The practice of ?backdating? enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the prov
2022-053 The Health Care Authority did not have adequate internal controls over and did not comply with requirements to ensure clients were eligible for the Children?s Health Insurance Program. Assistance Listing Number and Title: 93.767 Children?s Health Insurance Program 93.767 COVID-19 Children?s Health Insurance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2005WA5021; 1905WA5021; 2105WA5021; 2205WA5021; Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Eligibility Known Questioned Cost Amount: $3,036,657 Background The Health Care Authority administers the Children?s Health Insurance Program (CHIP). CHIP is a jointly funded state and federal partnership providing insurance coverage for almost 90,000 children and pregnant people in families with incomes too high to qualify for Medicaid. Federal CHIP financing is capped, and each state operates under an allotment. During fiscal year 2022, the Authority spent more than $229 million in state and federal funds to administer CHIP. To determine initial eligibility for CHIP, families must complete an application in the Washington Health Benefit Exchange, known as Washington Healthplanfinder, or through a streamlined paper application. Once families complete their applications, electronic verification sources confirm their income, immigration status and Social Security numbers (SSNs). The Authority automatically reviews applicants? eligibility first for Medicaid and then for CHIP if they are ineligible for Medicaid. Children in low-income families who are ineligible for Medicaid are enrolled in CHIP under the state CHIP plan. Washington has also elected to cover the prenatal period of some low-income pregnant people under the state CHIP plan. CHIP clients must be either U.S. citizens or lawfully present qualified noncitizens, and their eligibility is based on self-attested income in their applications; therefore, clients with verified citizenship and SSNs would be determined eligible if their reported income was between 210 percent and 312 percent of the federal poverty level. Once the Authority determines clients? initial eligibility, their start date is recorded as the first of the month in which their application was submitted, thus allowing for payments prior to approval to be processed after the fact. Children found eligible for medical assistance remain continuously eligible for a full 12 months, regardless of any changes in their household income or third-party liability. Households must report financial and nonfinancial changes, but these will not render them ineligible during the continuous eligibility period. However, if recipients? household income decreases, the Authority can move children to a more favorable program, such as Medicaid, to eliminate the premium payment requirements. Termination during the continuous eligibility period is acceptable only for the following reasons: ? Changes in residency (permanent move out of state) ? Death ? Fraud (unless it is going to prosecution) ? Failure to pay the premium for more than three months ? The child turns 19 years old (remains eligible through the end of their birth month) ? After the end of the month in which the postpartum period ends for pregnant people ? When a client requests to be removed from the program In response to the COVID-19 pandemic, the Centers for Medicare and Medicaid Services (CMS) approved waivers and disaster relief state plan amendments (SPA), effective March 1, 2020, through the end of the public health emergency declaration, allowing flexibilities to ensure the continuity of coverage through the public health emergency. The waivers and SPA allowed the Authority to implement flexibilities, including the following: ? Allow self-attestations for all eligibility requirements, excluding citizenship and immigration status, on a case-by-case basis ? Extend the redetermination timeline for current CHIP enrollees in the state to maintain continuity of coverage as permissible From the start of the pandemic, CMS kept an ongoing Frequently Asked Questions (FAQs) document to aid state Medicaid and CHIP agencies in their response to COVID-19, including guidance on eligibility, benefits and financing regarding the pandemic. This document was finalized on January 6, 2021. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit we reported the Authority did not have adequate internal controls to ensure clients were eligible for CHIP. The prior finding number was 2021-046. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure clients were eligible for CHIP. We used a statistically valid sampling method to randomly select and examine 59 out of a total population of 93,793 clients who had a federally verified SSN. We also used a statistically valid sampling method to randomly select and examine 59 out of a total population of 10,933 clients who did not have a federally verified SSN. For the sample of clients who had a verified SSN, we identified: ? One instance where the client aged out of services and was not referred to Washington Healthplanfinder to be redetermined eligible for Medicaid during the COVID-19 pandemic, as required. ? One instance where the Authority continued CHIP coverage for a client after the allowable postpartum period. For the sample of clients who did not have a federally verified SSN, we identified: ? Seventeen instances where the Authority continued CHIP coverage for clients after the allowable postpartum period. We also used computer-assisted audit techniques to analyze the entire client population. We found 3,416 clients who were over the age of 19 that were still receiving CHIP services during fiscal year 2022. We consider this internal control deficiency to be a material weakness, which led to material noncompliance. Cause of Condition The Authority chose not to remove clients from CHIP even when they aged out of coverage or their postpartum period ended. Effect of Condition and Questioned Costs By not having adequate internal controls, the Authority is at risk of not detecting or preventing ineligible payments of federal CHIP funds on behalf of recipients. We determined the following questioned costs: Audit Area Known Questions Costs (state and federal) Known questioned costs ? Federal portion only Likely improper payments (state and federal) Likely improper payments ? federal portion only Verified SSNs $ 2,117 $ 1,468 $ 3,365,166 $ 2,333,411 Non-Verified SSNs $14,760 $ 10,236 $ 2,735,142 $ 1,896,870 Over 19 years old $ 4,353,425 $ 3,024,953 $ 0 $ 0 Totals $ 4,370,302 $ 3,036,657 $ 6,100,308 $ 4,230,281 Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Authority: ? Implement internal controls to ensure all clients meet CHIP eligibility requirements ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Authority?s Response The Authority does not concur with any of the results cited by the auditor related to CHIP program eligibility. The agency has worked with the Governor?s Office and the Office of Financial Management to continue equity of state funded coverage for all individuals during the public health emergency, including CHIPRA pregnancy coverage. The postpartum period in CHIPRA coverage is state-funded. The State Auditor?s Office did not allow the Authority enough time to obtain the journal vouchers from our accounting partners that show the use of state funds for these expenditures. Regarding the clients receiving CHIP benefits who were aged 19 and over, the agency has pursued, and been notified of approval for, an 1115 disaster waiver from the Centers for Medicare & Medicaid Services. The waiver approves funding for CHIP clients aged 19 and over during the public health emergency and is retroactive to March 18, 2020. Once the approval letter is received by the Authority, the associated federal expenditures identified by the auditor will be valid. The agency was provided very little time and flexibility to respond to the audit results during a time when the agency and its federal counterparts are inundated and backlogged with unwinding the public health emergency. Auditor?s Remarks We provided the Authority with preliminary exceptions on February 27, 2023 and on March 15th, the Authority provided additional information that cleared some of the exceptions. The draft finding was provided to the Authority on April 17, 2023. It was not until April 18th, after audit work was concluded, that the Authority asserted the postpartum exceptions we identified were transferred from federal funding to state funding with journal vouchers. Despite not conveying this information to us timely, we requested copies of the journal vouchers to attempt to confirm the Authority?s assertion. On April 25, 2023, the Authority informed us that staff were not able to pull the journal vouchers and we therefore could not determine whether any of the federally funded payments were subsequently transferred to state funding. For the clients aged 19 and over, there was no formal approval from CMS in place during the audit period or currently. Therefore, we conducted our audit in accordance with codified eligibility rules. We reaffirm our finding and will follow up on the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. Title 42 CFR, Public Health Part 435 Subpart J, Eligibility in the States and District of Columbia, establishes the following applicable requirements: Section 435.926 Continuous eligibility for children, states in part: (b) Eligibility. The agency may provide continuous eligibility for the period specified in paragraph (c) of this section for an individual who is: (1) Under age 19 or under a younger age specified by the agency in its State plan; and (2) Eligible and enrolled for mandatory or optional coverage under the State plan in accordance with subpart B or C of this part. (c) Continuous eligibility period. (1) The agency must specify in the State plan the length of the continuous eligibility period, not to exceed 12 months. (2) A continuous eligibility period begins on the effective date of the individual?s eligibility under ? 435.915 or most recent redetermination or renewal of eligibility under ? 435.916 and ends after the period specified by the agency under paragraph (c)(1) of this section. (d) Applicability. A child?s eligibility may not be terminated during a continuous eligibility period, regardless of any changes in circumstances, unless: (1) The child attains the maximum age specified in accordance with paragraph (b)(1) of this section; (2) The child or child?s representative requests a voluntary termination of eligibility; (3) The child ceases to be a resident of the State; (4) The agency determines that eligibility was erroneously granted at the most recent determination, redetermination or renewal of eligibility because of agency error or fraud, abuse, or perjury attributed to the child or the child?s representative; or (5) The child dies. Title 42 CFR, Public Health, Part 457 establishes the following applicable requirements: Section 457.342 Continuous eligibility for children, states in part: (a) A State may provide continuous eligibility for children under a separate CHIP in accordance with the terms of ? 435.926 of this chapter, and subject to a child remaining ineligible for Medicaid, as required by section 2110(b)(1) of the Act and ? 457.310 (related to the definition and standards for being a targeted low-income child) and the requirements of section 2102(b)(3) of the Act and ? 457.350 (related to eligibility screening and enrollment). Section 457.380 Eligibility verification. (a) General requirements. Except where law requires other procedures (such as for citizenship and immigration status information), the State may accept attestation of information needed to determine the eligibility of an individual for CHIP (either self-attestation by the individual or attestation by an adult who is in the applicant?s household, as defined in ? 435.603(f) of this subchapter, or family, as defined in section 36B(d)(1) of the Internal Revenue Code, an authorized representative, or if the individual is a minor or incapacitated, someone acting responsibly for the individual) without requiring further information (including documentation) from the individual. (b) Status as a citizen, national or a non-citizen. (1) Except for newborns identified in ? 435.406(a)(1)(iii)(E) of this chapter, who are exempt from any requirement to verify citizenship, the agency must ? (i) Verify citizenship or immigration status in accordance with ? 435.956(a) of this chapter, except that the reference to ? 435.945(k) is read as a reference to paragraph (i) of this section; and (ii) Provide a reasonable opportunity period to verify such status in accordance with ? 435.956(a)(5) and (b) of this chapter and provide benefits during such reasonable opportunity period to individuals determined to be otherwise eligible for CHIP. (2) [Reserved] (c) State residents. If the State does not accept self-attestation of residency, the State must verify residency in accordance with ? 435.956(c) of this chapter. (d) Income. If the State does not accept self-attestation of income, the State must verify the income of an individual by using the data sources and following standards and procedures for verification of financial eligibility consistent with ? 435.945(a), ? 435.948 and ? 435.952 of this chapter. (e) Verification of other factors of eligibility. For eligibility requirements not described in paragraphs (c) or (d) of this section, a State may adopt reasonable verification procedures, consistent with the requirements in ? 435.952 of this chapter, except that the State must accept self-attestation of pregnancy unless the State has information that is not reasonably compatible with such attestation. (f) Requesting information. The terms of ? 435.952 of this chapter apply equally to the State in administering a separate CHIP. (g) Electronic service. Except to the extent permitted under paragraph (i) of this section, to the extent that information sought under this section is available through the electronic service described in ? 435.949 of this chapter, the State must obtain the information through that service. (h) Interaction with program integrity requirements. Nothing in this section should be construed as limiting the State?s program integrity measures or affecting the State's obligation to ensure that only eligible individuals receive benefits or its obligation to provide for methods of administration that are in the best interest of applicants and enrollees and are necessary for the proper and efficient operation of the plan. (i) Flexibility in information collection and verification. Subject to approval by the Secretary, the State may modify the methods to be used for collection of information and verification of information as set forth in this section, provided that such alternative source will reduce the administrative costs and burdens on individuals and States while maximizing accuracy, minimizing delay, meeting applicable requirements relating to the confidentiality, disclosure, maintenance, or use of information, and promoting coordination with other insurance affordability programs. (j) Verification plan. The State must develop, and update as modified, and submit to the Secretary, upon request, a verification plan describing the verification policies and procedures adopted by the State to implement the provisions set forth in this section in a format and manner prescribed by the Secretary. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Plan Amendment Approval Letter from CMS dated July 15, 2020 states in part: This letter is to inform you that your title XXI Children?s Health Insurance Program (CHIP) state plan amendment (SPA), WA-20-0001, submitted on May 4, 2020, has been approved. This SPA has an effective date of March 1, 2020. This amendment, as it applies to the COVID-19 public health emergency (PHE), makes the following changes beginning March 18, 2020, unless otherwise noted, through the duration of the Federally-declared PHE: ? Delay acting on changes in circumstances for CHIP beneficiaries other than the required changes in circumstances described in 42 CFR 457.342(a) cross-referencing 42 CFR 435.926(d); COVID-19 Frequently Asked Questions (FAQs) for State Medicaid and Children?s Health Insurance Program (CHIP) Agencies (Last Updated January 6, 2021) Section J. Children?s Health Insurance Program (CHIP) states in part: 4. Can states continue coverage for the duration of the Public Health Emergency for individuals in a separate CHIP who are aging out of eligibility or ending their postpartum period? No. The requirement in section 6008(b)(3) of the FFCRA to maintain coverage in Medicaid in order to receive the temporary increase in the Medicaid federal medical assistance percentage does not apply to separate CHIPs. Therefore, states may not continue to provide separate CHIP coverage to young adults aging out or women ending their postpartum period. If the state determines that the individual is eligible for Medicaid, they may be transitioned to the appropriate Medicaid eligibility group. States may not transition individuals to Medicaid without first determining them eligible in accordance with 42 C.F.R ? 457.350(b). States are required to transfer the accounts of individuals losing CHIP eligibility who are determined to be ineligible for Medicaid to the Exchange, in accordance with 42 C.F.R ? 457.350(b)(3) and (i).
2022-055 The Health Care Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and Children?s Health Insurance Program. Assistance Listing Number and Title: 93.767 Children?s Health Insurance Program 93.767 COVID-19 Children?s Health Insurance Program 93.775 State Medicaid Fraud Control Units 93.777 State Survey and Certification of Health Care Providers and Suppliers 93.777 COVID-19 State Survey and Certification of Health Care Providers and Suppliers 93.778 Medical Assistance Program 93.778 COVID-19 Medical Assistance Program Federal Grantor Name: U.S. Department of Health and Human Services Federal Award/Contract Number: 2005WA5021; 2105WAINCT; 2105WAIMPL; 2105WA5MAP; 2105WA5ADM; 1905WA5021; 2105WA5021; 2205WA5021; 2205WA5MAP; 2205WA5ADM Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Special Tests and Provisions ? Provider Eligibility (Screening and Enrollment) Known Questioned Cost Amount: $612,277 Background The Health Care Authority administers both Medicaid and the Children?s Health Insurance Program (CHIP). Medicaid is a jointly funded state and federal partnership providing coverage for about 2.3 million eligible low-income Washington residents who otherwise might go without medical care. Medicaid is Washington?s largest public assistance program and usually accounts for about one third of the state?s federal expenditures. CHIP provides health coverage for almost 90,000 children and pregnant people in families with incomes too high to qualify for Medicaid. During fiscal year 2022, the Medicaid program spent more than $17.6 billion in federal and state funds, and CHIP spent more than $229 million in federal and state funds. The Authority ensures medical providers for both programs are eligible to provide services for clients. Providers must continue to meet eligibility requirements to receive payments under the programs. Washington had more than 127,000 participating providers in fiscal year 2022. During that time, the Authority paid more than $6.6 billion to providers for direct client services under the programs. The Authority is responsible for performing screening measures appropriate for the provider type at application and initial enrollment. Federal regulations require state Medicaid agencies to revalidate the enrollment of all Medicaid and CHIP providers at least every five years. To meet this requirement, the Authority has implemented an automated revalidation notification process that is supposed to send a letter to providers in time for them to be revalidated before the end of the five-year period. Federal law also requires state Medicaid agencies to check federal databases at least monthly to confirm the identity and exclusion status of providers, as well as any person with ownership, controlling interest, or acting as an agent or managing employee of the provider. The provider enrollment and revalidation processes are similar. The first step in both processes is to determine the provider?s screening risk level. A provider can be designated as one of three risk levels: limited, moderate or high. Each risk level requires progressively greater scrutiny of the provider before it can be enrolled or revalidated. For providers enrolled with both Medicare and Medicaid, state Medicaid agencies must assign them to the same or higher risk category applicable under Medicare. Additionally, certain provider behaviors require them to be moved to a higher screening level. The following are the required screening procedures for all risk types: ? Verify that the provider meets applicable federal regulations or state requirements for the provider type before making an enrollment determination ? Conduct license verifications, including for licenses in states other than where the provider is enrolling ? Conduct database checks to ensure providers continue to meet the enrollment criteria for their provider type. Such database checks include the National Plan and Provider Enumeration System, List of Excluded Individuals/Entities, Excluded Parties List System, and Death Master File index. If state Medicaid agencies assess providers at a moderate or high risk, they are required to conduct onsite visits for those that did not have one as part of their Medicare enrollment. Federal regulations require a high-risk provider, or a person with a 5 percent or more direct or indirect ownership in the provider, to receive a fingerprint-based criminal background check. The deadline to fully implement a fingerprint-based criminal background check was July 1, 2018. The Authority is also responsible for ensuring that providers obtain the proper signed attestations and disclosures. For servicing only providers, a direct link must be made to a billing provider that has an active Core Provider Agreement (CPA) on file. A CPA contains the required attestation and disclosures of the billing provider to allow for the payment of medical claims. To ensure the Authority has completed all applicable screening and enrollment or revalidation steps before enrolling or revalidating providers, staff members use checklists for each enrollment and revalidation. The staff member signs and dates the checklist to indicate the provider is eligible to render services and receive payments. In response to the COVID-19 pandemic, the Authority obtained flexibilities under blanket waivers approved by the Centers for Medicare and Medicaid Services (CMS), which were effective March 1, 2020, through the end of the emergency declaration period. These included the waiving of provider application fees and fingerprint-based criminal background checks. The CMS waivers also allowed for expedited processing of any new or pending provider applications, as well as the postponement of all revalidation actions until November 1, 2020. Also in response to the COVID-19 pandemic, the Authority?s Chief Medical Officer approved a blanket waiver for the backdating of all providers effective dates, as allowed by CMS and Washington Administrative Code. This waiver allows providers to submit claims for services provided before their enrollment and revalidation applications are approved. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In prior audits, we reported the Authority did not have adequate internal controls over and did not comply with requirements to ensure it revalidated providers every five years and met screening requirements. The prior finding numbers were 2021-047, 2020-046, 2019-048, 2018-042, 2017-033, and 2016-035. Description of Condition The Authority did not have adequate internal controls over and did not comply with federal provider eligibility requirements for the Medicaid and CHIP programs. During the audit period, the Authority processed 10,959 new provider enrollments and was required to perform ongoing eligibility determinations for 114,427 active providers. We used a statistical sampling method to randomly select and examine 59 newly enrolled providers and 59 active providers to determine if the Authority properly screened them based on their enrollment status and correctly determined their eligibility status. Of the 118 providers examined, we found seven instances for six providers (5 percent) when the Authority did not take the appropriate actions to ensure providers met eligibility requirements. Specifically, we found: ? Staff enrolled three providers without a valid CPA on file. Because the providers were not covered by a CPA, they were improperly enrolled. ? Staff did not conduct a proper license check for three providers. A proper license check for these providers would have led staff to identify that their license was either expired or did not cover the enrollment period, and, therefore, were ineligible. ? Staff did not properly screen one provider based on a moderate risk level. The improper screening checklist was used and the risk level was not properly addressed. To determine if the Authority had revalidated providers every five years or had taken actions to deactivate providers, we used computer-assisted audit techniques to analyze the entire population of 2,049 providers that should have been revalidated or deactivated during the fiscal year. We found the Authority?s internal controls were insufficient and resulted in none of the 2,049 providers (100 percent) being revalidated before the due date. We determined 648 providers were subsequently revalidated, and the Authority backdated them. We also determined 1,242 providers were deactivated, but the Authority did not process the deactivation until at least 30 days after the eligibility end date. There were an additional 159 providers that should have been deactivated, but the Authority did not take actions to deactivate or revalidate them. Federal law requires the Authority to check federal databases at least monthly to confirm the identity and exclusion status of providers. However, the automated system that performs these checks and notifies the Authority of possible problems with providers was not operating correctly, and it frequently provided incorrect information. Management decided to ignore this information and stopped performing the monthly database checks. The Authority did review the results of the check once during the fiscal year, in July of 2021. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition Although the Authority has established internal controls over screening and enrolling providers, they were ineffective for preventing or detecting noncompliance. Management also did not ensure staff consistently followed the procedures in place. Additionally, the automated revalidation notification was inadequate for ensuring the Authority complied with the five-year revalidation requirement. To comply with this requirement, the Authority should notify providers about their revalidations and ensure they are started and completed before the due date. Our audit found that the Authority?s automated system is designed to notify providers of their revalidations one day after the due date. Due to this inadequate system design, all provider revalidations were completed after their due dates. Although management directed staff to stop performing the monthly database checks because of issues with the automated system, they did not reinstate the procedures used before the system was implemented so staff could continue verifying providers? identity and exclusion status. Effect of Condition and Questioned Costs By not conducting required licensing, screening, and enrollment processes in a timely manner, the Authority is at risk of not detecting or preventing ineligible providers from providing services to clients and receiving federal Medicaid and CHIP funds. Payments to providers who are ineligible are unallowable, and the Authority could be required to repay the grantor for these payments. We identified the following payments made to ineligible providers: Audit Area Known questioned costs (state and federal) Known questioned costs (federal portion only) Likely improper payments (state and federal) Likely improper payments (federal portion only) New Providers $7,092 $3,985 $1,317,224 $740,280 Deactivated Providers $302,372 $292,051 $399,999 $351,698 Not Revalidated or Deactivated $509,702 $316,241 Total $819,166 $612,277 $1,717,223 $1,091,978 In addition to the questioned costs in the table above, we also identified $26,148,599 in costs at risk for those providers whose revalidations were backdated. If the providers had not been revalidated, these costs would also be considered questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Authority: ? Strengthen internal controls to ensure providers are adequately screened, licensed, enrolled, and eligible to provide and bill for services ? Implement internal controls designed to bring it into material compliance with the provider revalidation process Authority?s Response The Authority partially concurs with the finding. The Authority agrees that ProviderOne sends revalidation notifications one day after the due date rather than before the due date to allow time for the revalidation process. A system revision is in process, and we expect this issue to be resolved by the beginning of 2024. The Authority does not concur with the remainder of the auditor?s findings. The auditor provided the final exceptions and this finding at the close of the audit. The document with the final exceptions did not contain enough information for the Authority to adequately review the results of the auditor?s testing or the methodology used to calculate questioned costs. The time allotted to the Authority to review the testing results, seek clarification, and provide an agency response was not sufficient to analyze the results and provide an informed response. Due to the lack of complete information and time provided, the Authority is unable to agree or disagree with the results of the audit. Finally, on March 19, 2020, the Centers for Medicare & Medicaid Services (CMS) approved Washington?s request for an 1135 COVID-19 Emergency Declaration Blanket Waiver for Health Care Providers, effective through the end of the federal Public Health Emergency. This waiver temporarily suspended provider enrollment and revalidation requirements. Should the Authority agree with any or all of the results from the audit, it would not concur that questioned costs be returned because provider enrollment and revalidations requirements were temporarily suspended by CMS. Auditor?s Remarks We provided the Authority with preliminary exceptions on December 20, 2022 for ?Not Revalidated or Deactivated Providers? and on December 30, 2022 for ?New Providers?, ?Active Providers?, and ?Deactivated Providers?. The Authority provided additional information on January 31, 2023 that cleared some of the exceptions. We provided final exceptions on March 3, 2023 which included the unique transaction identifier for each exception. The Authority requested that we perform additional testing for the ?Deactivated Providers? on March 15th. The draft finding was provided to the Authority on April 14, 2023 and the Authority provided their response on May 3rd. Despite several years of the known system weaknesses, the Authority has not updated the system or implemented compensating processes to ensure providers are eligible to provide Medicaid and Chip services. Regarding the 1135 COVID-19 Emergency Declaration Blanket Waiver, the Authority informed us that beginning October 1, 2020, Authority management had reinstated the majority of provider eligibility requirements that had been waived. We reaffirm our finding with questioned costs and will follow up on the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 2 CFR Part 200, Uniform Guidance, section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200.1, Uniform Guidance establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 42 CFR Part 433, State Fiscal Administration, Subpart F ? Refunding of Federal Share of Medicaid Overpayments to Providers, describes the requirements for identifying, reporting, collecting, and remitting Medicaid overpayments. Title 42 CFR section 438 subpart H ? Additional Program Integrity Safeguards, states in part: Section 438.602 State responsibilities. (a) Monitoring contractor compliance. Consistent with ? 438.66, the State must monitor the MCO?s, PIHP?s, PAHP?s, PCCM?s or PCCM entity?s compliance, as applicable, with ?? 438.604, 438.606, 438.608, 438.610, 438.230, and 438.808. (b) Screening and enrollment and revalidation of providers. (1) The State must screen and enroll, and periodically revalidate, all network providers of MCOs, PIHPs, and PAHPs, in accordance with the requirements of part 455, subparts B and E of this chapter. This requirement extends to PCCMs and PCCM entities to the extent the primary care case manager is not otherwise enrolled with the State to provide services to FFS beneficiaries. This provision does not require the network provider to render services to FFS beneficiaries. (2) MCOs, PIHPs, and PAHPs may execute network provider agreements pending the outcome of the process in paragraph (b)(1) of this section of up to 120 days, but must terminate a network provider immediately upon notification from the State that the network provider cannot be enrolled, or the expiration of one 120 day period without enrollment of the provider, and notify affected enrollees. (c) Ownership and control information. The State must review the ownership and control disclosures submitted by the MCO, PIHP, PAHP, PCCM or PCCM entity, and any subcontractors as required in ? 438.608(c). (d) Federal database checks. Consistent with the requirements at ? 455.436 of this chapter, the State must confirm the identity and determine the exclusion status of the MCO, PIHP, PAHP, PCCM or PCCM entity, any subcontractor, as well as any person with an ownership or control interest, or who is an agent or managing employee of the MCO, PIHP, PAHP, PCCM or PCCM entity through routine checks of Federal databases. This includes the Social Security Administration?s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the System for Award Management (SAM), and any other databases as the State or Secretary may prescribe. These databases must be consulted upon contracting and no less frequently than monthly thereafter. If the State finds a party that is excluded, it must promptly notify the MCO, PIHP, PAHP, PCCM, or PCCM entity and take action consistent with ? 438.610(c). Title 42 CFR section 455 Subpart B ? Disclosure of Information by Providers and Fiscal Agents, states in part: Section 455.104 Disclosure by Medicaid providers and fiscal agents: Information on ownership and control. (a) Who must provide disclosures. The Medicaid agency must obtain disclosures from disclosing entities, fiscal agents, and managed care entities. (b) What disclosures must be provided. The Medicaid agency must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: (1) (i) The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. (ii) Date of birth and Social Security Number (in the case of an individual). (iii) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. (2) Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. (3) The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. (4) The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). (c) When the disclosures must be provided ? (1) Disclosures from providers or disclosing entities. Disclosure from any provider or disclosing entity is due at any of the following times: (i) Upon the provider or disclosing entity submitting the provider application. (ii) Upon the provider or disclosing entity executing the provider agreement. (iii) Upon request of the Medicaid agency during the re-validation of enrollment process under ? 455.414. (iv) Within 35 days after any change in ownership of the disclosing entity. (2) Disclosures from fiscal agents. Disclosures from fiscal agents are due at any of the following times: (i) Upon the fiscal agent submitting the proposal in accordance with the State?s procurement process. (ii) Upon the fiscal agent executing the contract with the State. (iii) Upon renewal or extension of the contract. (iv) Within 35 days after any change in ownership of the fiscal agent. (3) Disclosures from managed care entities. Disclosures from managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are due at any of the following times: (i) Upon the managed care entity submitting the proposal in accordance with the State?s procurement process. (ii) Upon the managed care entity executing the contract with the State. (iii) Upon renewal or extension of the contract. (iv) Within 35 days after any change in ownership of the managed care entity. (4) Disclosures from PCCMs. PCCMs will comply with disclosure requirements under paragraph (c)(1) of this section. (d) To whom must the disclosures be provided. All disclosures must be provided to the Medicaid agency. (e) Consequences for failure to provide required disclosures. Federal financial participation (FFP) is not available in payments made to a disclosing entity that fails to disclose ownership or control information as required by this section. Title 42 CFR section 455 Subpart E ? Provider Screening and Enrollment, states in part: Section 455.410 Enrollment and screening of providers (a) The State Medicaid agency must require all enrolled providers to be screened under to this subpart. (b) The State Medicaid agency must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. (c) The State Medicaid agency may rely on the results of the provider screening performed by any of the following: (1) Medicare contractors. (2) Medicaid agencies or Children?s Health Insurance Programs of other States. Section 455.412 Verification of provider licenses The State Medicaid agency must ? (a) Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. (b) Confirm that the provider?s license has not expired and that there are no current limitations on the provider?s license. Section 455.414 Revalidation of enrollment The State Medicaid agency must revalidate the enrollment of all providers regardless of provider type at least every 5 years. Section 455.436 Federal database checks The State Medicaid agency must do all of the following: (a) Confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. (b) Check the Social Security Administration?s Death Master File, the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. (c) (1) Consult appropriate databases to confirm identity upon enrollment and reenrollment; and (2) Check the LEIE and EPLS no less frequently than monthly. Section 455.450 Screening levels for Medicaid providers. A State Medicaid agency must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. (a) Screening for providers designated as limited categorical risk. When the State Medicaid agency designates a provider as a limited categorical risk, the State Medicaid agency must do all of the following: (1) Verify that a provider meets any applicable Federal regulations, or State requirements for the provider type prior to making an enrollment determination. (2) Conduct license verifications, including State licensure verifications in States other than where the provider is enrolling, in accordance with ? 455.412. (3) Conduct database checks on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type, in accordance with ? 455.436. (b) Screening for providers designated as moderate categorical risk. When the State Medicaid agency designates a provider as a ?moderate? categorical risk, a State Medicaid agency must do both of the following: (1) Perform the ?limited? screening requirements described in paragraph (a) of this section. (2) Conduct on-site visits in accordance with ? 455.432. (c) Screening for providers designated as high categorical risk. When the State Medicaid agency designates a provider as a ?high? categorical risk, a State Medicaid agency must do both of the following: (1) Perform the ?limited? and ?moderate? screening requirements described in paragraphs (a) and (b) of this section. (2) (i) Conduct a criminal background check; and (ii) Require the submission of a set of fingerprints in accordance with ? 455.434. (d) Denial or termination of enrollment. A provider, or any person with 5 percent or greater direct or indirect ownership in the provider, who is required by the State Medicaid agency or CMS to submit a set of fingerprints and fails to do so may have its - (1) Application denied under ? 455.434; or (2) Enrollment terminated under ? 455.416. (e) Adjustment of risk level. The State agency must adjust the categorical risk level from ?limited? or ?moderate? to ?high? when any of the following occurs: (1) The State Medicaid agency imposes a payment suspension on a provider based on credible allegation of fraud, waste or abuse, the provider has an existing Medicaid overpayment, or the provider has been excluded by the OIG or another State?s Medicaid program within the previous 10 years. (2) The State Medicaid agency or CMS in the previous 6 months lifted a temporary moratorium for the particular provider type and a provider that was prevented from enrolling based on the moratorium applies for enrollment as a provider at any time within 6 months from the date the moratorium was lifted. Medicaid Provider Enrollment Compendium (MPEC) B. Enrolled Provider?s Payment Eligibility for Retroactive Dates of Service The practice of ?backdating? enrollment involves approving an enrollment with a retroactive billing date. This practice allows a provider, once enrolled, to submit claims for services dated prior to the date upon which the SMA approved the enrollment. As discussed earlier, provider screening enables states to identify ineligible parties before they are able to enroll and start billing. Components of provider screening include database and licensure checks, and may also include site visits and FCBCs. To the extent a SMA approves the enrollment of a new provider and permits the provider to bill for services dated prior to applicable screening(s), this practice creates risk. For example, if a newly enrolling provider is subject to a site visit, and the SMA completes a site visit for the provider but nonetheless permits the provider to bill for services dated prior to the date on which the site visit occurred, there is risk the prov
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-066 The Health Care Authority did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Block Grants for Community Mental Health Services program and the Block Grants for Prevention and Treatment of Substance Abuse program received required single audits, and that it appropriately followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.958 Block Grants for Community Mental Health Services 93.958 COVID-19 Block Grants for Community Mental Health Services 93.959 Block Grants for Prevention and Treatment of Substance Abuse 93.959 COVID-19 Block Grants for Prevention and Treatment of Substance Abuse Federal Grantor Name: U.S. Department of Health and Human Services Federal Award Number: 1B09SM082638-01; 6B09SM082638-01M001; 6N09SM082638-01M004; 6B09SM082638-01M002; 6B09SM082638-01M003; 6N09SM083829-01M001; 1B09SM083829-01; 1B09SM086035-01; 6B09SM086035-01M001; 6B09SM086035-01M002; 6B09SM086035-01M003; 1B09SM085384-01; 1B09SM085912-01; 1B09SM083998-01 1B08TI083138-01; 6B08TI083138-01M003; 6B08TI083138-01M004; 6B08TI083486-01M001; 6B08TI083486-01M002; 6B08TI083486-01M004; 1B08TI83519-01; 1B08TI084681-01; 1B08TI083977-01 Pass-through Entity: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Background The Health Care Authority, Division of Behavioral Health and Recovery, administers the Block Grants for Community Mental Health Services (MHBG) and the Block Grants for Prevention and Treatment of Substance Abuse (SABG) programs. The Authority subawards federal funds to counties, tribes, and nonprofit organizations to provide mental health treatment and crisis services to adults diagnosed with serious mental illness and children diagnosed with serious emotional disturbances, as well as develop substance abuse prevention programs and provide treatment and support services. In fiscal year 2022, the Authority spent about $31.7 million in federal program funds for MHBG and about $67.3 million in federal program funds for SABG. Of these amounts, the Authority passed about $20.5 million to MHBG subrecipients and $52 million to SABG subrecipients. Federal regulations require the Authority to monitor its subrecipients? activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single audit. The audit must be completed and submitted to the Federal Audit Clearinghouse within 30 days after receiving the auditor?s report or nine months after the end of the subrecipient?s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the Authority must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for an Authority-funded program, federal law requires the Authority to issue a management decision to the subrecipient within six months of the audit report?s acceptance by the Federal Audit Clearinghouse. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Authority did not have adequate internal controls over and did not comply with requirements to ensure subrecipients of the MHBG and SABG programs received required single audits, and that it appropriately followed up on findings and issued management decisions. We found the Authority did not have adequate internal controls in place to verify whether: ? Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed ? Follow up occurred on findings and management decisions were issued when due We used a nonstatistical sampling method to randomly select and examine 17 out of a total population of 129 subrecipients. We found the Authority did not monitor one subrecipient (6 percent) to ensure it received a single audit when required. Additionally, we identified one subrecipient that received a single audit finding for which the Authority was required to issue a management decision. We found the Authority did not issue a management decision for this subrecipient. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition The Authority did not have written policies or procedures to ensure all subrecipients received an audit when required and management decisions were issued. In addition, staff used a tracking sheet to monitor the subrecipient audit requirements, but did not detect the identified noncompliance. Effect of Condition Without establishing adequate internal controls, the Authority cannot ensure all subrecipients that required a single audit received one. Furthermore, the Authority cannot ensure it is following up on subrecipient single audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness, the Authority cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the Authority: ? Establish and follow policies and procedures to ensure subrecipients obtain required single audits ? Establish and follow effective internal controls to ensure it issues management decisions by the due date and follows up on all subrecipient audit findings related to the programs ? Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations Authority?s Response HCA concurs with the finding. Auditor?s Remarks We thank the Authority for its cooperation and assistance throughout the audit. We will review the status of the Authority?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, establishes the following applicable requirements: Section 200.332 Requirements for pass-through entities, states in part: All pass-through entities must: (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by ? 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient?s cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section ? 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient?s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set for the in ?200.501 Audit requirements. Section 200.339 Remedies for noncompliance, states: If a non-Federal entity fails to comply with the U.S. Constitution, Federal statutes, regulations or the terms and conditions of a Federal award, the Federal awarding agency or pass-through entity may impose additional conditions, as described in ? 200.208. If the Federal awarding agency or pass-through entity determines that noncompliance cannot be remedied by imposing additional conditions, the Federal awarding agency or pass-through entity may take one or more of the following actions, as appropriate in the circumstances: (a) Temporarily withhold cash payments pending correction of the deficiency by the non-Federal entity or more severe enforcement action by the Federal awarding agency or pass-through entity. (b) Disallow (that is, deny both use of funds and any applicable matching credit for) all or part of the cost of the activity or action not in compliance. (c) Wholly or partly suspend or terminate the Federal award. (d) Initiate suspension or debarment proceedings as authorized under 2 CFR part 180 and Federal awarding agency regulations (or in the case of a pass-through entity, recommend such a proceeding be initiated by a Federal awarding agency). (e) Withhold further Federal awards for the project or program. (f) Take other remedies that may be legally available. Section 200.501 Audit requirements, states in part: (a) Audit required. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single or program-specific audit conducted for that year in accordance with the provisions of this part. (b) Single audit. A non-Federal entity that expends $750,000 or more during the non-Federal entity?s fiscal year in Federal awards must have a single audit conducted in accordance with ? 200.514 except when it elects to have a program-specific audit conducted in accordance with paragraph (c) of this section. Section 200.521 Management decision, states in part: (a) General. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action. If the auditee has not completed corrective action, a timetable for follow-up should be given. Prior to issuing the management decision, the Federal agency or pass-through entity may request additional information or documentation from the auditee, including a request for auditor assurance related to the documentation, as a way of mitigating disallowed costs. The management decision should describe any appeal process available to the auditee. While not required, the Federal agency or pass-through entity may also issue a management decision on findings relating to the financial statements which are required to be reported in accordance with GAGAS. (c) Pass-through entity. As provided in ? 200.332(d), the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. (d) Time requirements. The Federal awarding agency or pass-through entity responsible for issuing a management decision must do so within six months of acceptance of the audit report by the FAC. The auditee must initiate and proceed with corrective action as rapidly as possible and corrective action should begin no later than upon receipt of the audit report. (e) Reference numbers. Management decisions must include the reference numbers the auditor assigned to each audit finding in accordance with ? 200.516(c).
2022-014 The Department of Social and Health Services improperly charged $390 to the Coronavirus Relief Fund. Assistance Listing Number and Title: 21.019 COVID-19 Coronavirus Relief Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: None Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $390 Background In March 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which authorized the spending of $2.2 trillion in federal funds to respond to the COVID-19 pandemic. The CARES Act established the Coronavirus Relief Fund (CRF), which authorized $150 billion in federal financial assistance for state, territorial, tribal, and certain eligible local governments. Through the CARES Act, Washington was awarded about $2.95 billion of CRF money to help fund the state?s response to the COVID-19 pandemic. Of this amount, the Office of Financial Management allocated about $2.2 billion to state agencies for various programs. In fiscal year 2022, state agencies spent about $345 million in CRF funds. The CARES Act requires recipients to only use CRF payments to cover: ? Necessary expenditures incurred due to the public health emergency (COVID-19) ? Costs that were not accounted for in the government?s most recently approved budget as of March 27, 2020 ? Costs that were incurred during the period that begins March 1, 2020, and ends December 31, 2021 In fiscal year 2022, the Department of Social and Health Services spent $40 million in CRF funds. The Department used the funds to cover payroll costs for employees who were substantially dedicated to responding to the COVID-19 public health emergency. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $390 to the CRF. We found the Department had adequate internal controls to ensure it materially complied with activities allowed or unallowed and allowable costs/cost principles requirements. We used a statistical sampling method to randomly select and examine 83 monthly payments out of a total population of 9,415. We reviewed the supporting documentation for each monthly payment and found: ? One overpayment for four hours overtime and overtime shift totaling $208. ? One payment where there was no supporting documentation for an employee?s shift differential pay of $7.50. ? One overpayment for call-back pay totaling $174.23. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition The Department followed procedures for approving payroll costs. However, multiple reviews did not prevent the unsupported shift differential pay and the two overpayments from being charged to the CRF. Effect of Condition and Questioned Costs The Department improperly charged the CRF for payroll costs totaling $390. Based on the unallowable payments, we estimate the likely questioned costs for this grant to be $45,266. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department?s Response The Department concurs with the audit finding. If the grantor contacts the Department regarding the questioned costs, the Department will discuss the way we used the funds and will take additional action if appropriate. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-014 The Department of Social and Health Services improperly charged $390 to the Coronavirus Relief Fund. Assistance Listing Number and Title: 21.019 COVID-19 Coronavirus Relief Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: None Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $390 Background In March 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which authorized the spending of $2.2 trillion in federal funds to respond to the COVID-19 pandemic. The CARES Act established the Coronavirus Relief Fund (CRF), which authorized $150 billion in federal financial assistance for state, territorial, tribal, and certain eligible local governments. Through the CARES Act, Washington was awarded about $2.95 billion of CRF money to help fund the state?s response to the COVID-19 pandemic. Of this amount, the Office of Financial Management allocated about $2.2 billion to state agencies for various programs. In fiscal year 2022, state agencies spent about $345 million in CRF funds. The CARES Act requires recipients to only use CRF payments to cover: ? Necessary expenditures incurred due to the public health emergency (COVID-19) ? Costs that were not accounted for in the government?s most recently approved budget as of March 27, 2020 ? Costs that were incurred during the period that begins March 1, 2020, and ends December 31, 2021 In fiscal year 2022, the Department of Social and Health Services spent $40 million in CRF funds. The Department used the funds to cover payroll costs for employees who were substantially dedicated to responding to the COVID-19 public health emergency. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $390 to the CRF. We found the Department had adequate internal controls to ensure it materially complied with activities allowed or unallowed and allowable costs/cost principles requirements. We used a statistical sampling method to randomly select and examine 83 monthly payments out of a total population of 9,415. We reviewed the supporting documentation for each monthly payment and found: ? One overpayment for four hours overtime and overtime shift totaling $208. ? One payment where there was no supporting documentation for an employee?s shift differential pay of $7.50. ? One overpayment for call-back pay totaling $174.23. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition The Department followed procedures for approving payroll costs. However, multiple reviews did not prevent the unsupported shift differential pay and the two overpayments from being charged to the CRF. Effect of Condition and Questioned Costs The Department improperly charged the CRF for payroll costs totaling $390. Based on the unallowable payments, we estimate the likely questioned costs for this grant to be $45,266. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department?s Response The Department concurs with the audit finding. If the grantor contacts the Department regarding the questioned costs, the Department will discuss the way we used the funds and will take additional action if appropriate. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-014 The Department of Social and Health Services improperly charged $390 to the Coronavirus Relief Fund. Assistance Listing Number and Title: 21.019 COVID-19 Coronavirus Relief Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: None Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $390 Background In March 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which authorized the spending of $2.2 trillion in federal funds to respond to the COVID-19 pandemic. The CARES Act established the Coronavirus Relief Fund (CRF), which authorized $150 billion in federal financial assistance for state, territorial, tribal, and certain eligible local governments. Through the CARES Act, Washington was awarded about $2.95 billion of CRF money to help fund the state?s response to the COVID-19 pandemic. Of this amount, the Office of Financial Management allocated about $2.2 billion to state agencies for various programs. In fiscal year 2022, state agencies spent about $345 million in CRF funds. The CARES Act requires recipients to only use CRF payments to cover: ? Necessary expenditures incurred due to the public health emergency (COVID-19) ? Costs that were not accounted for in the government?s most recently approved budget as of March 27, 2020 ? Costs that were incurred during the period that begins March 1, 2020, and ends December 31, 2021 In fiscal year 2022, the Department of Social and Health Services spent $40 million in CRF funds. The Department used the funds to cover payroll costs for employees who were substantially dedicated to responding to the COVID-19 public health emergency. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $390 to the CRF. We found the Department had adequate internal controls to ensure it materially complied with activities allowed or unallowed and allowable costs/cost principles requirements. We used a statistical sampling method to randomly select and examine 83 monthly payments out of a total population of 9,415. We reviewed the supporting documentation for each monthly payment and found: ? One overpayment for four hours overtime and overtime shift totaling $208. ? One payment where there was no supporting documentation for an employee?s shift differential pay of $7.50. ? One overpayment for call-back pay totaling $174.23. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition The Department followed procedures for approving payroll costs. However, multiple reviews did not prevent the unsupported shift differential pay and the two overpayments from being charged to the CRF. Effect of Condition and Questioned Costs The Department improperly charged the CRF for payroll costs totaling $390. Based on the unallowable payments, we estimate the likely questioned costs for this grant to be $45,266. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department?s Response The Department concurs with the audit finding. If the grantor contacts the Department regarding the questioned costs, the Department will discuss the way we used the funds and will take additional action if appropriate. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-014 The Department of Social and Health Services improperly charged $390 to the Coronavirus Relief Fund. Assistance Listing Number and Title: 21.019 COVID-19 Coronavirus Relief Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: None Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $390 Background In March 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which authorized the spending of $2.2 trillion in federal funds to respond to the COVID-19 pandemic. The CARES Act established the Coronavirus Relief Fund (CRF), which authorized $150 billion in federal financial assistance for state, territorial, tribal, and certain eligible local governments. Through the CARES Act, Washington was awarded about $2.95 billion of CRF money to help fund the state?s response to the COVID-19 pandemic. Of this amount, the Office of Financial Management allocated about $2.2 billion to state agencies for various programs. In fiscal year 2022, state agencies spent about $345 million in CRF funds. The CARES Act requires recipients to only use CRF payments to cover: ? Necessary expenditures incurred due to the public health emergency (COVID-19) ? Costs that were not accounted for in the government?s most recently approved budget as of March 27, 2020 ? Costs that were incurred during the period that begins March 1, 2020, and ends December 31, 2021 In fiscal year 2022, the Department of Social and Health Services spent $40 million in CRF funds. The Department used the funds to cover payroll costs for employees who were substantially dedicated to responding to the COVID-19 public health emergency. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $390 to the CRF. We found the Department had adequate internal controls to ensure it materially complied with activities allowed or unallowed and allowable costs/cost principles requirements. We used a statistical sampling method to randomly select and examine 83 monthly payments out of a total population of 9,415. We reviewed the supporting documentation for each monthly payment and found: ? One overpayment for four hours overtime and overtime shift totaling $208. ? One payment where there was no supporting documentation for an employee?s shift differential pay of $7.50. ? One overpayment for call-back pay totaling $174.23. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition The Department followed procedures for approving payroll costs. However, multiple reviews did not prevent the unsupported shift differential pay and the two overpayments from being charged to the CRF. Effect of Condition and Questioned Costs The Department improperly charged the CRF for payroll costs totaling $390. Based on the unallowable payments, we estimate the likely questioned costs for this grant to be $45,266. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department?s Response The Department concurs with the audit finding. If the grantor contacts the Department regarding the questioned costs, the Department will discuss the way we used the funds and will take additional action if appropriate. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-014 The Department of Social and Health Services improperly charged $390 to the Coronavirus Relief Fund. Assistance Listing Number and Title: 21.019 COVID-19 Coronavirus Relief Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: None Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $390 Background In March 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which authorized the spending of $2.2 trillion in federal funds to respond to the COVID-19 pandemic. The CARES Act established the Coronavirus Relief Fund (CRF), which authorized $150 billion in federal financial assistance for state, territorial, tribal, and certain eligible local governments. Through the CARES Act, Washington was awarded about $2.95 billion of CRF money to help fund the state?s response to the COVID-19 pandemic. Of this amount, the Office of Financial Management allocated about $2.2 billion to state agencies for various programs. In fiscal year 2022, state agencies spent about $345 million in CRF funds. The CARES Act requires recipients to only use CRF payments to cover: ? Necessary expenditures incurred due to the public health emergency (COVID-19) ? Costs that were not accounted for in the government?s most recently approved budget as of March 27, 2020 ? Costs that were incurred during the period that begins March 1, 2020, and ends December 31, 2021 In fiscal year 2022, the Department of Social and Health Services spent $40 million in CRF funds. The Department used the funds to cover payroll costs for employees who were substantially dedicated to responding to the COVID-19 public health emergency. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $390 to the CRF. We found the Department had adequate internal controls to ensure it materially complied with activities allowed or unallowed and allowable costs/cost principles requirements. We used a statistical sampling method to randomly select and examine 83 monthly payments out of a total population of 9,415. We reviewed the supporting documentation for each monthly payment and found: ? One overpayment for four hours overtime and overtime shift totaling $208. ? One payment where there was no supporting documentation for an employee?s shift differential pay of $7.50. ? One overpayment for call-back pay totaling $174.23. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition The Department followed procedures for approving payroll costs. However, multiple reviews did not prevent the unsupported shift differential pay and the two overpayments from being charged to the CRF. Effect of Condition and Questioned Costs The Department improperly charged the CRF for payroll costs totaling $390. Based on the unallowable payments, we estimate the likely questioned costs for this grant to be $45,266. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department?s Response The Department concurs with the audit finding. If the grantor contacts the Department regarding the questioned costs, the Department will discuss the way we used the funds and will take additional action if appropriate. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-014 The Department of Social and Health Services improperly charged $390 to the Coronavirus Relief Fund. Assistance Listing Number and Title: 21.019 COVID-19 Coronavirus Relief Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: None Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $390 Background In March 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which authorized the spending of $2.2 trillion in federal funds to respond to the COVID-19 pandemic. The CARES Act established the Coronavirus Relief Fund (CRF), which authorized $150 billion in federal financial assistance for state, territorial, tribal, and certain eligible local governments. Through the CARES Act, Washington was awarded about $2.95 billion of CRF money to help fund the state?s response to the COVID-19 pandemic. Of this amount, the Office of Financial Management allocated about $2.2 billion to state agencies for various programs. In fiscal year 2022, state agencies spent about $345 million in CRF funds. The CARES Act requires recipients to only use CRF payments to cover: ? Necessary expenditures incurred due to the public health emergency (COVID-19) ? Costs that were not accounted for in the government?s most recently approved budget as of March 27, 2020 ? Costs that were incurred during the period that begins March 1, 2020, and ends December 31, 2021 In fiscal year 2022, the Department of Social and Health Services spent $40 million in CRF funds. The Department used the funds to cover payroll costs for employees who were substantially dedicated to responding to the COVID-19 public health emergency. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $390 to the CRF. We found the Department had adequate internal controls to ensure it materially complied with activities allowed or unallowed and allowable costs/cost principles requirements. We used a statistical sampling method to randomly select and examine 83 monthly payments out of a total population of 9,415. We reviewed the supporting documentation for each monthly payment and found: ? One overpayment for four hours overtime and overtime shift totaling $208. ? One payment where there was no supporting documentation for an employee?s shift differential pay of $7.50. ? One overpayment for call-back pay totaling $174.23. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition The Department followed procedures for approving payroll costs. However, multiple reviews did not prevent the unsupported shift differential pay and the two overpayments from being charged to the CRF. Effect of Condition and Questioned Costs The Department improperly charged the CRF for payroll costs totaling $390. Based on the unallowable payments, we estimate the likely questioned costs for this grant to be $45,266. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department?s Response The Department concurs with the audit finding. If the grantor contacts the Department regarding the questioned costs, the Department will discuss the way we used the funds and will take additional action if appropriate. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-014 The Department of Social and Health Services improperly charged $390 to the Coronavirus Relief Fund. Assistance Listing Number and Title: 21.019 COVID-19 Coronavirus Relief Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: None Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $390 Background In March 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which authorized the spending of $2.2 trillion in federal funds to respond to the COVID-19 pandemic. The CARES Act established the Coronavirus Relief Fund (CRF), which authorized $150 billion in federal financial assistance for state, territorial, tribal, and certain eligible local governments. Through the CARES Act, Washington was awarded about $2.95 billion of CRF money to help fund the state?s response to the COVID-19 pandemic. Of this amount, the Office of Financial Management allocated about $2.2 billion to state agencies for various programs. In fiscal year 2022, state agencies spent about $345 million in CRF funds. The CARES Act requires recipients to only use CRF payments to cover: ? Necessary expenditures incurred due to the public health emergency (COVID-19) ? Costs that were not accounted for in the government?s most recently approved budget as of March 27, 2020 ? Costs that were incurred during the period that begins March 1, 2020, and ends December 31, 2021 In fiscal year 2022, the Department of Social and Health Services spent $40 million in CRF funds. The Department used the funds to cover payroll costs for employees who were substantially dedicated to responding to the COVID-19 public health emergency. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $390 to the CRF. We found the Department had adequate internal controls to ensure it materially complied with activities allowed or unallowed and allowable costs/cost principles requirements. We used a statistical sampling method to randomly select and examine 83 monthly payments out of a total population of 9,415. We reviewed the supporting documentation for each monthly payment and found: ? One overpayment for four hours overtime and overtime shift totaling $208. ? One payment where there was no supporting documentation for an employee?s shift differential pay of $7.50. ? One overpayment for call-back pay totaling $174.23. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition The Department followed procedures for approving payroll costs. However, multiple reviews did not prevent the unsupported shift differential pay and the two overpayments from being charged to the CRF. Effect of Condition and Questioned Costs The Department improperly charged the CRF for payroll costs totaling $390. Based on the unallowable payments, we estimate the likely questioned costs for this grant to be $45,266. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department?s Response The Department concurs with the audit finding. If the grantor contacts the Department regarding the questioned costs, the Department will discuss the way we used the funds and will take additional action if appropriate. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-014 The Department of Social and Health Services improperly charged $390 to the Coronavirus Relief Fund. Assistance Listing Number and Title: 21.019 COVID-19 Coronavirus Relief Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: None Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $390 Background In March 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which authorized the spending of $2.2 trillion in federal funds to respond to the COVID-19 pandemic. The CARES Act established the Coronavirus Relief Fund (CRF), which authorized $150 billion in federal financial assistance for state, territorial, tribal, and certain eligible local governments. Through the CARES Act, Washington was awarded about $2.95 billion of CRF money to help fund the state?s response to the COVID-19 pandemic. Of this amount, the Office of Financial Management allocated about $2.2 billion to state agencies for various programs. In fiscal year 2022, state agencies spent about $345 million in CRF funds. The CARES Act requires recipients to only use CRF payments to cover: ? Necessary expenditures incurred due to the public health emergency (COVID-19) ? Costs that were not accounted for in the government?s most recently approved budget as of March 27, 2020 ? Costs that were incurred during the period that begins March 1, 2020, and ends December 31, 2021 In fiscal year 2022, the Department of Social and Health Services spent $40 million in CRF funds. The Department used the funds to cover payroll costs for employees who were substantially dedicated to responding to the COVID-19 public health emergency. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $390 to the CRF. We found the Department had adequate internal controls to ensure it materially complied with activities allowed or unallowed and allowable costs/cost principles requirements. We used a statistical sampling method to randomly select and examine 83 monthly payments out of a total population of 9,415. We reviewed the supporting documentation for each monthly payment and found: ? One overpayment for four hours overtime and overtime shift totaling $208. ? One payment where there was no supporting documentation for an employee?s shift differential pay of $7.50. ? One overpayment for call-back pay totaling $174.23. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition The Department followed procedures for approving payroll costs. However, multiple reviews did not prevent the unsupported shift differential pay and the two overpayments from being charged to the CRF. Effect of Condition and Questioned Costs The Department improperly charged the CRF for payroll costs totaling $390. Based on the unallowable payments, we estimate the likely questioned costs for this grant to be $45,266. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department?s Response The Department concurs with the audit finding. If the grantor contacts the Department regarding the questioned costs, the Department will discuss the way we used the funds and will take additional action if appropriate. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-014 The Department of Social and Health Services improperly charged $390 to the Coronavirus Relief Fund. Assistance Listing Number and Title: 21.019 COVID-19 Coronavirus Relief Fund Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: None Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Known Questioned Cost Amount: $390 Background In March 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which authorized the spending of $2.2 trillion in federal funds to respond to the COVID-19 pandemic. The CARES Act established the Coronavirus Relief Fund (CRF), which authorized $150 billion in federal financial assistance for state, territorial, tribal, and certain eligible local governments. Through the CARES Act, Washington was awarded about $2.95 billion of CRF money to help fund the state?s response to the COVID-19 pandemic. Of this amount, the Office of Financial Management allocated about $2.2 billion to state agencies for various programs. In fiscal year 2022, state agencies spent about $345 million in CRF funds. The CARES Act requires recipients to only use CRF payments to cover: ? Necessary expenditures incurred due to the public health emergency (COVID-19) ? Costs that were not accounted for in the government?s most recently approved budget as of March 27, 2020 ? Costs that were incurred during the period that begins March 1, 2020, and ends December 31, 2021 In fiscal year 2022, the Department of Social and Health Services spent $40 million in CRF funds. The Department used the funds to cover payroll costs for employees who were substantially dedicated to responding to the COVID-19 public health emergency. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department improperly charged $390 to the CRF. We found the Department had adequate internal controls to ensure it materially complied with activities allowed or unallowed and allowable costs/cost principles requirements. We used a statistical sampling method to randomly select and examine 83 monthly payments out of a total population of 9,415. We reviewed the supporting documentation for each monthly payment and found: ? One overpayment for four hours overtime and overtime shift totaling $208. ? One payment where there was no supporting documentation for an employee?s shift differential pay of $7.50. ? One overpayment for call-back pay totaling $174.23. Federal regulations require the auditor to issue a finding when the known or estimated questioned costs identified in a single audit exceed $25,000. We are issuing this finding because, as stated in the Effect of Condition and Questioned Costs section of this finding, the estimated questioned costs exceed that threshold. This issue was not reported as a finding in the prior audit. Cause of Condition The Department followed procedures for approving payroll costs. However, multiple reviews did not prevent the unsupported shift differential pay and the two overpayments from being charged to the CRF. Effect of Condition and Questioned Costs The Department improperly charged the CRF for payroll costs totaling $390. Based on the unallowable payments, we estimate the likely questioned costs for this grant to be $45,266. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs? as required by 2 CFR ? 200.516(3). We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendation We recommend the Department consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid. Department?s Response The Department concurs with the audit finding. If the grantor contacts the Department regarding the questioned costs, the Department will discuss the way we used the funds and will take additional action if appropriate. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-016 The Department of Commerce did not have adequate internal controls over and did not comply with requirements to ensure payments to subrecipients of the Emergency Rental Assistance program were allowable and properly supported. Assistance Listing Number and Title: 21.023 COVID-19 Emergency Rental Assistance Program Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: N/A Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs / Cost Principles Period of Performance Known Questioned Cost Amount: $255,642,551 Background Congress passed two acts authorizing federal funds for the Emergency Rental Assistance (ERA) program to respond to the COVID-19 pandemic. The Consolidated Appropriations Act, 2021, enacted on December 27, 2020, provided $25 billion for ERA. These funds are known as ERA1. The American Rescue Plan Act of 2021, enacted on March 11, 2021, provided $21.55 billion in additional funding for ERA. These funds are known as ERA2. The funds are provided directly to states, U.S. territories, local governments and, in the case of ERA1, Indian tribes, to assist eligible households through existing or newly created rental assistance programs. The Department of Commerce administers the ERA program in Washington. The Department subawarded federal funds to subrecipients to provide financial assistance to households, landlords and utility providers. In fiscal year 2022, the Department spent about $450 million in ERA1 and ERA2 funds. During the audit period, the Department allocated program funds to 38 ERA1 subrecipients and 12 ERA2 subrecipients. Grant recipients may use ERA1 and ERA2 funds for administrative expenses, housing stability services, financial assistance, and other affordable rental housing and eviction prevention purposes. Most of the expenditures the Department spent were for financial assistance to eligible households, which included payment of rent, rental arrears, utilities and home energy costs, utilities and home energy costs arrears, housing stability services and other expenses related to housing. Under the ERA1 program, award funds used for ?other expenses? must be related to housing and ?incurred due, directly or indirectly, to the COVID-19 outbreak.? The amount for prospective rent cannot exceed three months under a single household application. Financial assistance arrears may only cover household expenses accrued on or after March 13, 2020, up to a maximum 15 months for ERA1 and a maximum of 18 months under ERA1 and ERA2 combined. There is no maximum dollar amount for the cumulative financial assistance that may be provided on behalf of an eligible household beyond the requirement that the amounts paid be based on documentation of household income, leases and equivalent forms. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements to ensure payments for the ERA program were allowable and properly supported. During the audit period, the Department only required high-level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of the reimbursement payment, the Department implemented a fiscal review process for the ERA1 and ERA2 subrecipients. We reviewed the three fiscal reviews completed in the audit period and determined they were sufficient for ensuring payments to these subrecipients were allowable and adequately supported. However, we determined the Department did not complete fiscal reviews for 35 of the 38 ERA1 subrecipients (92 percent) and all 12 ERA2 subrecipients (100 percent) during the audit period. We used a statistical sampling method to randomly select and review 55 out of 369 payments. Additionally, we judgmentally reviewed one individually significant payment that exceeded $23 million. In total, we examined more than $258 million in provider payments as part of the audit. Of the 56 payments examined, we identified 54 payments (96 percent), including the individually significant payment, that did not have adequate documentation and for which the subrecipient did not receive a fiscal review to ensure the payment(s) was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. This issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee the ERA program. Department staff approved payments to subrecipients without adequate supporting documentation, and management relied on annual fiscal monitoring reviews to ensure subrecipients had proper support for reimbursement payments. However, management said that due to limited staffing and resources, they were only able to conduct monitoring for three subrecipients during the audit period. Effect of Condition and Questioned Costs We determined the Department did not receive adequate supporting documentation before paying subrecipients and did not perform fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $255,642,551 in known federal questioned costs and $437,002,382 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflects this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls, the Department cannot reasonably ensure it is using federal funds for allowable purposes and spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement additional monitoring procedures to ensure adequate review of each subrecipient?s use of the federal subaward ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. Every week of delay would increase the number of people at risk of dying. During fiscal years 2021 through 2023, the department created the following programs with federal funding: ? Eviction Rent Assistance Program (ERAP) 1.0 and 2.0, with Coronavirus State Fiscal Recovery Funds allocated by the Washington State Legislature. ? Treasury Rent Assistance Program (T-RAP) 1.0 and 2.0, with funds awarded to the Department by the United States Department of Treasury. The Department endeavored to quickly deploy these programs either concurrently or on overlapping timelines, as the federal government doubled down on passing legislation to provide much needed assistance to the states. At the time the Department received the first ERAP funds for rental assistance, the Department had current contracts with grantees for the same activity and for whom monitoring plans had been completed. The vast majority of our grantees are local government entities, with whom the Department has a long history of contracting and partnering on delivering services. Local governments have controls in place and a proven track record of administering housing assistance funds, so the Department has an inherent trust and confidence in their administrative and fiscal control functions, including the detailed review of expenditures. When the Department received the first emergency rental assistance funds (August 2020) the funding for the program was set to expire just four months after the federal award, requiring the Department to lift bureaucratic barriers and issue funds quickly. It was not until late December 2020 that Congress extended the end date and we were informed we could continue to fund the program into 2021. The Department had started a fiscal review process for ERAP 1 and ERAP 2 programs following those awards. Upon receiving the results of the fiscal year 2021 emergency rental assistance audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. The State Auditor?s Office identified this deficiency during fiscal year 2021. Following that, at the end of fiscal year 2022, the department began to review supporting backup documentation for all expenditures. Unfortunately this process had not been implemented in full to meet the second audit requirements for fiscal year 2022. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We will continue to submit monthly and quarterly data and reconciliation reports to the United States Department of Treasury and work with the Washington State Auditor?s Office in response to any current or future audits. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Subrecipient Monitoring Known Questioned Cost Amount: $28,886,606 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state?s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2022, state agencies spent more than $1.4 billion in SLFRF funds, $132 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0), in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2022, the Department expended about $111 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program. During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP 2.0 subrecipients. We determined that the Department did not perform fiscal reviews or any program reviews for 20 of its 32 subrecipients (63 percent) during the audit period. We used a statistical sampling method to randomly select and review seven out of 12 subrecipients for which the Department completed monitoring during the audit period. We determined four of the seven fiscal reviews completed were insufficient for ensuring payments to these subrecipients were allowable and adequately supported, primarily because the support reviewed lacked enough detail to ensure the activities were allowable and within the period of performance. We also examined program monitoring documentation completed for these same seven subrecipients. The Department selected only one household from each subrecipient for eligibility verification. We determined these reviews did not provide reasonable assurance that payments to the subrecipients were made only on behalf of eligible households. We also used a statistical sampling method to randomly select and review 56 out of 627 payments. Additionally, we judgmentally selected and reviewed one individually significant payment of $6 million. In total, we examined 57 provider payments totaling $48.5 million. Of the 57 payments examined, we identified 37 (65 percent), including the individually significant payment, that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. The issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. Department staff approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper support and only served eligible households. However, management said that due to limited staffing and resources, they were only able to monitor 12 subrecipients during the audit period, wherein staff elected to review just one household payment for each subrecipient for appropriateness. Furthermore, the program did not have written policies and procedures in place documenting the programmatic and fiscal monitoring requirements for staff to follow. Therefore, management could not ensure that reviews were thorough and consistent, included a valid sample of subrecipient records, and required detailed source documentation, including accounting support. Effect of Condition and Questioned Costs We determined the Department did not review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $28,886,606 in known federal questioned costs and $71,007,353 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls and reviewing detailed supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement written policies and monitoring procedures to ensure adequate review of each subrecipient?s use of federal funds ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Ensure it has sufficient staffing and resources to monitor each subrecipient, as required under Uniform Guidance ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. In fiscal year 202, Commerce created the Eviction Rent Assistance Programs 1.0 and 2.0: Coronavirus State Fiscal Recovery Funds allocated by the Washington State legislature to fund the program. All of the rental assistance programs included multiple funding allocations. To provide much needed assistance to the state, the Department quickly deployed the programs either concurrently or on overlapping timelines. The vast majority of our grantees are local government entities with whom the Department has a long history of contracting and partnering with to deliver services. Federal requirements dictate local governments ensure their internal controls meet standards to comply with all compliance requirements. The Department used that expectation to rely on their administrative and fiscal control functions to ensure compliance. The Department received the first emergency rental assistance funds in August 2020 and the funding was set to expire four months after the award issuance. The Department moved quickly to relieve barriers to issue funding. In December 2020 Congress extended the end date to continue the funding for this program into 2021. As a result of the fiscal year 2021 audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. As a result of the deficiencies reported in the fiscal year 2021 audit, the program deployed new subrecipient monitoring risk assessment processes, and now completes a new assessment for each award at the time of the award. Once the deficiency was identified, the Department began to review supporting backup documentation for all expenditures. The current finding also focused on specific sets of expenditures which were not reviewed in detail. As a result, the Department is currently evaluating the best approach to obtain and review supporting documentation at a detail level to ensure compliance with all requirements. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We thank the State Auditor?s Office for identifying areas we could improve to meet all compliance requirements for federal funding. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Subrecipient Monitoring Known Questioned Cost Amount: $28,886,606 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state?s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2022, state agencies spent more than $1.4 billion in SLFRF funds, $132 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0), in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2022, the Department expended about $111 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program. During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP 2.0 subrecipients. We determined that the Department did not perform fiscal reviews or any program reviews for 20 of its 32 subrecipients (63 percent) during the audit period. We used a statistical sampling method to randomly select and review seven out of 12 subrecipients for which the Department completed monitoring during the audit period. We determined four of the seven fiscal reviews completed were insufficient for ensuring payments to these subrecipients were allowable and adequately supported, primarily because the support reviewed lacked enough detail to ensure the activities were allowable and within the period of performance. We also examined program monitoring documentation completed for these same seven subrecipients. The Department selected only one household from each subrecipient for eligibility verification. We determined these reviews did not provide reasonable assurance that payments to the subrecipients were made only on behalf of eligible households. We also used a statistical sampling method to randomly select and review 56 out of 627 payments. Additionally, we judgmentally selected and reviewed one individually significant payment of $6 million. In total, we examined 57 provider payments totaling $48.5 million. Of the 57 payments examined, we identified 37 (65 percent), including the individually significant payment, that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. The issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. Department staff approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper support and only served eligible households. However, management said that due to limited staffing and resources, they were only able to monitor 12 subrecipients during the audit period, wherein staff elected to review just one household payment for each subrecipient for appropriateness. Furthermore, the program did not have written policies and procedures in place documenting the programmatic and fiscal monitoring requirements for staff to follow. Therefore, management could not ensure that reviews were thorough and consistent, included a valid sample of subrecipient records, and required detailed source documentation, including accounting support. Effect of Condition and Questioned Costs We determined the Department did not review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $28,886,606 in known federal questioned costs and $71,007,353 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls and reviewing detailed supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement written policies and monitoring procedures to ensure adequate review of each subrecipient?s use of federal funds ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Ensure it has sufficient staffing and resources to monitor each subrecipient, as required under Uniform Guidance ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. In fiscal year 202, Commerce created the Eviction Rent Assistance Programs 1.0 and 2.0: Coronavirus State Fiscal Recovery Funds allocated by the Washington State legislature to fund the program. All of the rental assistance programs included multiple funding allocations. To provide much needed assistance to the state, the Department quickly deployed the programs either concurrently or on overlapping timelines. The vast majority of our grantees are local government entities with whom the Department has a long history of contracting and partnering with to deliver services. Federal requirements dictate local governments ensure their internal controls meet standards to comply with all compliance requirements. The Department used that expectation to rely on their administrative and fiscal control functions to ensure compliance. The Department received the first emergency rental assistance funds in August 2020 and the funding was set to expire four months after the award issuance. The Department moved quickly to relieve barriers to issue funding. In December 2020 Congress extended the end date to continue the funding for this program into 2021. As a result of the fiscal year 2021 audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. As a result of the deficiencies reported in the fiscal year 2021 audit, the program deployed new subrecipient monitoring risk assessment processes, and now completes a new assessment for each award at the time of the award. Once the deficiency was identified, the Department began to review supporting backup documentation for all expenditures. The current finding also focused on specific sets of expenditures which were not reviewed in detail. As a result, the Department is currently evaluating the best approach to obtain and review supporting documentation at a detail level to ensure compliance with all requirements. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We thank the State Auditor?s Office for identifying areas we could improve to meet all compliance requirements for federal funding. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Subrecipient Monitoring Known Questioned Cost Amount: $28,886,606 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state?s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2022, state agencies spent more than $1.4 billion in SLFRF funds, $132 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0), in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2022, the Department expended about $111 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program. During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP 2.0 subrecipients. We determined that the Department did not perform fiscal reviews or any program reviews for 20 of its 32 subrecipients (63 percent) during the audit period. We used a statistical sampling method to randomly select and review seven out of 12 subrecipients for which the Department completed monitoring during the audit period. We determined four of the seven fiscal reviews completed were insufficient for ensuring payments to these subrecipients were allowable and adequately supported, primarily because the support reviewed lacked enough detail to ensure the activities were allowable and within the period of performance. We also examined program monitoring documentation completed for these same seven subrecipients. The Department selected only one household from each subrecipient for eligibility verification. We determined these reviews did not provide reasonable assurance that payments to the subrecipients were made only on behalf of eligible households. We also used a statistical sampling method to randomly select and review 56 out of 627 payments. Additionally, we judgmentally selected and reviewed one individually significant payment of $6 million. In total, we examined 57 provider payments totaling $48.5 million. Of the 57 payments examined, we identified 37 (65 percent), including the individually significant payment, that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. The issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. Department staff approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper support and only served eligible households. However, management said that due to limited staffing and resources, they were only able to monitor 12 subrecipients during the audit period, wherein staff elected to review just one household payment for each subrecipient for appropriateness. Furthermore, the program did not have written policies and procedures in place documenting the programmatic and fiscal monitoring requirements for staff to follow. Therefore, management could not ensure that reviews were thorough and consistent, included a valid sample of subrecipient records, and required detailed source documentation, including accounting support. Effect of Condition and Questioned Costs We determined the Department did not review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $28,886,606 in known federal questioned costs and $71,007,353 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls and reviewing detailed supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement written policies and monitoring procedures to ensure adequate review of each subrecipient?s use of federal funds ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Ensure it has sufficient staffing and resources to monitor each subrecipient, as required under Uniform Guidance ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. In fiscal year 202, Commerce created the Eviction Rent Assistance Programs 1.0 and 2.0: Coronavirus State Fiscal Recovery Funds allocated by the Washington State legislature to fund the program. All of the rental assistance programs included multiple funding allocations. To provide much needed assistance to the state, the Department quickly deployed the programs either concurrently or on overlapping timelines. The vast majority of our grantees are local government entities with whom the Department has a long history of contracting and partnering with to deliver services. Federal requirements dictate local governments ensure their internal controls meet standards to comply with all compliance requirements. The Department used that expectation to rely on their administrative and fiscal control functions to ensure compliance. The Department received the first emergency rental assistance funds in August 2020 and the funding was set to expire four months after the award issuance. The Department moved quickly to relieve barriers to issue funding. In December 2020 Congress extended the end date to continue the funding for this program into 2021. As a result of the fiscal year 2021 audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. As a result of the deficiencies reported in the fiscal year 2021 audit, the program deployed new subrecipient monitoring risk assessment processes, and now completes a new assessment for each award at the time of the award. Once the deficiency was identified, the Department began to review supporting backup documentation for all expenditures. The current finding also focused on specific sets of expenditures which were not reviewed in detail. As a result, the Department is currently evaluating the best approach to obtain and review supporting documentation at a detail level to ensure compliance with all requirements. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We thank the State Auditor?s Office for identifying areas we could improve to meet all compliance requirements for federal funding. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Subrecipient Monitoring Known Questioned Cost Amount: $28,886,606 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state?s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2022, state agencies spent more than $1.4 billion in SLFRF funds, $132 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0), in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2022, the Department expended about $111 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program. During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP 2.0 subrecipients. We determined that the Department did not perform fiscal reviews or any program reviews for 20 of its 32 subrecipients (63 percent) during the audit period. We used a statistical sampling method to randomly select and review seven out of 12 subrecipients for which the Department completed monitoring during the audit period. We determined four of the seven fiscal reviews completed were insufficient for ensuring payments to these subrecipients were allowable and adequately supported, primarily because the support reviewed lacked enough detail to ensure the activities were allowable and within the period of performance. We also examined program monitoring documentation completed for these same seven subrecipients. The Department selected only one household from each subrecipient for eligibility verification. We determined these reviews did not provide reasonable assurance that payments to the subrecipients were made only on behalf of eligible households. We also used a statistical sampling method to randomly select and review 56 out of 627 payments. Additionally, we judgmentally selected and reviewed one individually significant payment of $6 million. In total, we examined 57 provider payments totaling $48.5 million. Of the 57 payments examined, we identified 37 (65 percent), including the individually significant payment, that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. The issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. Department staff approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper support and only served eligible households. However, management said that due to limited staffing and resources, they were only able to monitor 12 subrecipients during the audit period, wherein staff elected to review just one household payment for each subrecipient for appropriateness. Furthermore, the program did not have written policies and procedures in place documenting the programmatic and fiscal monitoring requirements for staff to follow. Therefore, management could not ensure that reviews were thorough and consistent, included a valid sample of subrecipient records, and required detailed source documentation, including accounting support. Effect of Condition and Questioned Costs We determined the Department did not review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $28,886,606 in known federal questioned costs and $71,007,353 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls and reviewing detailed supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement written policies and monitoring procedures to ensure adequate review of each subrecipient?s use of federal funds ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Ensure it has sufficient staffing and resources to monitor each subrecipient, as required under Uniform Guidance ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. In fiscal year 202, Commerce created the Eviction Rent Assistance Programs 1.0 and 2.0: Coronavirus State Fiscal Recovery Funds allocated by the Washington State legislature to fund the program. All of the rental assistance programs included multiple funding allocations. To provide much needed assistance to the state, the Department quickly deployed the programs either concurrently or on overlapping timelines. The vast majority of our grantees are local government entities with whom the Department has a long history of contracting and partnering with to deliver services. Federal requirements dictate local governments ensure their internal controls meet standards to comply with all compliance requirements. The Department used that expectation to rely on their administrative and fiscal control functions to ensure compliance. The Department received the first emergency rental assistance funds in August 2020 and the funding was set to expire four months after the award issuance. The Department moved quickly to relieve barriers to issue funding. In December 2020 Congress extended the end date to continue the funding for this program into 2021. As a result of the fiscal year 2021 audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. As a result of the deficiencies reported in the fiscal year 2021 audit, the program deployed new subrecipient monitoring risk assessment processes, and now completes a new assessment for each award at the time of the award. Once the deficiency was identified, the Department began to review supporting backup documentation for all expenditures. The current finding also focused on specific sets of expenditures which were not reviewed in detail. As a result, the Department is currently evaluating the best approach to obtain and review supporting documentation at a detail level to ensure compliance with all requirements. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We thank the State Auditor?s Office for identifying areas we could improve to meet all compliance requirements for federal funding. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Subrecipient Monitoring Known Questioned Cost Amount: $28,886,606 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state?s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2022, state agencies spent more than $1.4 billion in SLFRF funds, $132 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0), in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2022, the Department expended about $111 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program. During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP 2.0 subrecipients. We determined that the Department did not perform fiscal reviews or any program reviews for 20 of its 32 subrecipients (63 percent) during the audit period. We used a statistical sampling method to randomly select and review seven out of 12 subrecipients for which the Department completed monitoring during the audit period. We determined four of the seven fiscal reviews completed were insufficient for ensuring payments to these subrecipients were allowable and adequately supported, primarily because the support reviewed lacked enough detail to ensure the activities were allowable and within the period of performance. We also examined program monitoring documentation completed for these same seven subrecipients. The Department selected only one household from each subrecipient for eligibility verification. We determined these reviews did not provide reasonable assurance that payments to the subrecipients were made only on behalf of eligible households. We also used a statistical sampling method to randomly select and review 56 out of 627 payments. Additionally, we judgmentally selected and reviewed one individually significant payment of $6 million. In total, we examined 57 provider payments totaling $48.5 million. Of the 57 payments examined, we identified 37 (65 percent), including the individually significant payment, that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. The issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. Department staff approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper support and only served eligible households. However, management said that due to limited staffing and resources, they were only able to monitor 12 subrecipients during the audit period, wherein staff elected to review just one household payment for each subrecipient for appropriateness. Furthermore, the program did not have written policies and procedures in place documenting the programmatic and fiscal monitoring requirements for staff to follow. Therefore, management could not ensure that reviews were thorough and consistent, included a valid sample of subrecipient records, and required detailed source documentation, including accounting support. Effect of Condition and Questioned Costs We determined the Department did not review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $28,886,606 in known federal questioned costs and $71,007,353 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls and reviewing detailed supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement written policies and monitoring procedures to ensure adequate review of each subrecipient?s use of federal funds ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Ensure it has sufficient staffing and resources to monitor each subrecipient, as required under Uniform Guidance ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. In fiscal year 202, Commerce created the Eviction Rent Assistance Programs 1.0 and 2.0: Coronavirus State Fiscal Recovery Funds allocated by the Washington State legislature to fund the program. All of the rental assistance programs included multiple funding allocations. To provide much needed assistance to the state, the Department quickly deployed the programs either concurrently or on overlapping timelines. The vast majority of our grantees are local government entities with whom the Department has a long history of contracting and partnering with to deliver services. Federal requirements dictate local governments ensure their internal controls meet standards to comply with all compliance requirements. The Department used that expectation to rely on their administrative and fiscal control functions to ensure compliance. The Department received the first emergency rental assistance funds in August 2020 and the funding was set to expire four months after the award issuance. The Department moved quickly to relieve barriers to issue funding. In December 2020 Congress extended the end date to continue the funding for this program into 2021. As a result of the fiscal year 2021 audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. As a result of the deficiencies reported in the fiscal year 2021 audit, the program deployed new subrecipient monitoring risk assessment processes, and now completes a new assessment for each award at the time of the award. Once the deficiency was identified, the Department began to review supporting backup documentation for all expenditures. The current finding also focused on specific sets of expenditures which were not reviewed in detail. As a result, the Department is currently evaluating the best approach to obtain and review supporting documentation at a detail level to ensure compliance with all requirements. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We thank the State Auditor?s Office for identifying areas we could improve to meet all compliance requirements for federal funding. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Subrecipient Monitoring Known Questioned Cost Amount: $28,886,606 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state?s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2022, state agencies spent more than $1.4 billion in SLFRF funds, $132 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0), in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2022, the Department expended about $111 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program. During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP 2.0 subrecipients. We determined that the Department did not perform fiscal reviews or any program reviews for 20 of its 32 subrecipients (63 percent) during the audit period. We used a statistical sampling method to randomly select and review seven out of 12 subrecipients for which the Department completed monitoring during the audit period. We determined four of the seven fiscal reviews completed were insufficient for ensuring payments to these subrecipients were allowable and adequately supported, primarily because the support reviewed lacked enough detail to ensure the activities were allowable and within the period of performance. We also examined program monitoring documentation completed for these same seven subrecipients. The Department selected only one household from each subrecipient for eligibility verification. We determined these reviews did not provide reasonable assurance that payments to the subrecipients were made only on behalf of eligible households. We also used a statistical sampling method to randomly select and review 56 out of 627 payments. Additionally, we judgmentally selected and reviewed one individually significant payment of $6 million. In total, we examined 57 provider payments totaling $48.5 million. Of the 57 payments examined, we identified 37 (65 percent), including the individually significant payment, that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. The issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. Department staff approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper support and only served eligible households. However, management said that due to limited staffing and resources, they were only able to monitor 12 subrecipients during the audit period, wherein staff elected to review just one household payment for each subrecipient for appropriateness. Furthermore, the program did not have written policies and procedures in place documenting the programmatic and fiscal monitoring requirements for staff to follow. Therefore, management could not ensure that reviews were thorough and consistent, included a valid sample of subrecipient records, and required detailed source documentation, including accounting support. Effect of Condition and Questioned Costs We determined the Department did not review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $28,886,606 in known federal questioned costs and $71,007,353 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls and reviewing detailed supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement written policies and monitoring procedures to ensure adequate review of each subrecipient?s use of federal funds ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Ensure it has sufficient staffing and resources to monitor each subrecipient, as required under Uniform Guidance ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. In fiscal year 202, Commerce created the Eviction Rent Assistance Programs 1.0 and 2.0: Coronavirus State Fiscal Recovery Funds allocated by the Washington State legislature to fund the program. All of the rental assistance programs included multiple funding allocations. To provide much needed assistance to the state, the Department quickly deployed the programs either concurrently or on overlapping timelines. The vast majority of our grantees are local government entities with whom the Department has a long history of contracting and partnering with to deliver services. Federal requirements dictate local governments ensure their internal controls meet standards to comply with all compliance requirements. The Department used that expectation to rely on their administrative and fiscal control functions to ensure compliance. The Department received the first emergency rental assistance funds in August 2020 and the funding was set to expire four months after the award issuance. The Department moved quickly to relieve barriers to issue funding. In December 2020 Congress extended the end date to continue the funding for this program into 2021. As a result of the fiscal year 2021 audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. As a result of the deficiencies reported in the fiscal year 2021 audit, the program deployed new subrecipient monitoring risk assessment processes, and now completes a new assessment for each award at the time of the award. Once the deficiency was identified, the Department began to review supporting backup documentation for all expenditures. The current finding also focused on specific sets of expenditures which were not reviewed in detail. As a result, the Department is currently evaluating the best approach to obtain and review supporting documentation at a detail level to ensure compliance with all requirements. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We thank the State Auditor?s Office for identifying areas we could improve to meet all compliance requirements for federal funding. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Subrecipient Monitoring Known Questioned Cost Amount: $28,886,606 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state?s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2022, state agencies spent more than $1.4 billion in SLFRF funds, $132 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0), in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2022, the Department expended about $111 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program. During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP 2.0 subrecipients. We determined that the Department did not perform fiscal reviews or any program reviews for 20 of its 32 subrecipients (63 percent) during the audit period. We used a statistical sampling method to randomly select and review seven out of 12 subrecipients for which the Department completed monitoring during the audit period. We determined four of the seven fiscal reviews completed were insufficient for ensuring payments to these subrecipients were allowable and adequately supported, primarily because the support reviewed lacked enough detail to ensure the activities were allowable and within the period of performance. We also examined program monitoring documentation completed for these same seven subrecipients. The Department selected only one household from each subrecipient for eligibility verification. We determined these reviews did not provide reasonable assurance that payments to the subrecipients were made only on behalf of eligible households. We also used a statistical sampling method to randomly select and review 56 out of 627 payments. Additionally, we judgmentally selected and reviewed one individually significant payment of $6 million. In total, we examined 57 provider payments totaling $48.5 million. Of the 57 payments examined, we identified 37 (65 percent), including the individually significant payment, that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. The issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. Department staff approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper support and only served eligible households. However, management said that due to limited staffing and resources, they were only able to monitor 12 subrecipients during the audit period, wherein staff elected to review just one household payment for each subrecipient for appropriateness. Furthermore, the program did not have written policies and procedures in place documenting the programmatic and fiscal monitoring requirements for staff to follow. Therefore, management could not ensure that reviews were thorough and consistent, included a valid sample of subrecipient records, and required detailed source documentation, including accounting support. Effect of Condition and Questioned Costs We determined the Department did not review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $28,886,606 in known federal questioned costs and $71,007,353 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls and reviewing detailed supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement written policies and monitoring procedures to ensure adequate review of each subrecipient?s use of federal funds ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Ensure it has sufficient staffing and resources to monitor each subrecipient, as required under Uniform Guidance ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. In fiscal year 202, Commerce created the Eviction Rent Assistance Programs 1.0 and 2.0: Coronavirus State Fiscal Recovery Funds allocated by the Washington State legislature to fund the program. All of the rental assistance programs included multiple funding allocations. To provide much needed assistance to the state, the Department quickly deployed the programs either concurrently or on overlapping timelines. The vast majority of our grantees are local government entities with whom the Department has a long history of contracting and partnering with to deliver services. Federal requirements dictate local governments ensure their internal controls meet standards to comply with all compliance requirements. The Department used that expectation to rely on their administrative and fiscal control functions to ensure compliance. The Department received the first emergency rental assistance funds in August 2020 and the funding was set to expire four months after the award issuance. The Department moved quickly to relieve barriers to issue funding. In December 2020 Congress extended the end date to continue the funding for this program into 2021. As a result of the fiscal year 2021 audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. As a result of the deficiencies reported in the fiscal year 2021 audit, the program deployed new subrecipient monitoring risk assessment processes, and now completes a new assessment for each award at the time of the award. Once the deficiency was identified, the Department began to review supporting backup documentation for all expenditures. The current finding also focused on specific sets of expenditures which were not reviewed in detail. As a result, the Department is currently evaluating the best approach to obtain and review supporting documentation at a detail level to ensure compliance with all requirements. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We thank the State Auditor?s Office for identifying areas we could improve to meet all compliance requirements for federal funding. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Subrecipient Monitoring Known Questioned Cost Amount: $28,886,606 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state?s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2022, state agencies spent more than $1.4 billion in SLFRF funds, $132 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0), in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2022, the Department expended about $111 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program. During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP 2.0 subrecipients. We determined that the Department did not perform fiscal reviews or any program reviews for 20 of its 32 subrecipients (63 percent) during the audit period. We used a statistical sampling method to randomly select and review seven out of 12 subrecipients for which the Department completed monitoring during the audit period. We determined four of the seven fiscal reviews completed were insufficient for ensuring payments to these subrecipients were allowable and adequately supported, primarily because the support reviewed lacked enough detail to ensure the activities were allowable and within the period of performance. We also examined program monitoring documentation completed for these same seven subrecipients. The Department selected only one household from each subrecipient for eligibility verification. We determined these reviews did not provide reasonable assurance that payments to the subrecipients were made only on behalf of eligible households. We also used a statistical sampling method to randomly select and review 56 out of 627 payments. Additionally, we judgmentally selected and reviewed one individually significant payment of $6 million. In total, we examined 57 provider payments totaling $48.5 million. Of the 57 payments examined, we identified 37 (65 percent), including the individually significant payment, that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. The issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. Department staff approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper support and only served eligible households. However, management said that due to limited staffing and resources, they were only able to monitor 12 subrecipients during the audit period, wherein staff elected to review just one household payment for each subrecipient for appropriateness. Furthermore, the program did not have written policies and procedures in place documenting the programmatic and fiscal monitoring requirements for staff to follow. Therefore, management could not ensure that reviews were thorough and consistent, included a valid sample of subrecipient records, and required detailed source documentation, including accounting support. Effect of Condition and Questioned Costs We determined the Department did not review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $28,886,606 in known federal questioned costs and $71,007,353 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls and reviewing detailed supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement written policies and monitoring procedures to ensure adequate review of each subrecipient?s use of federal funds ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Ensure it has sufficient staffing and resources to monitor each subrecipient, as required under Uniform Guidance ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. In fiscal year 202, Commerce created the Eviction Rent Assistance Programs 1.0 and 2.0: Coronavirus State Fiscal Recovery Funds allocated by the Washington State legislature to fund the program. All of the rental assistance programs included multiple funding allocations. To provide much needed assistance to the state, the Department quickly deployed the programs either concurrently or on overlapping timelines. The vast majority of our grantees are local government entities with whom the Department has a long history of contracting and partnering with to deliver services. Federal requirements dictate local governments ensure their internal controls meet standards to comply with all compliance requirements. The Department used that expectation to rely on their administrative and fiscal control functions to ensure compliance. The Department received the first emergency rental assistance funds in August 2020 and the funding was set to expire four months after the award issuance. The Department moved quickly to relieve barriers to issue funding. In December 2020 Congress extended the end date to continue the funding for this program into 2021. As a result of the fiscal year 2021 audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. As a result of the deficiencies reported in the fiscal year 2021 audit, the program deployed new subrecipient monitoring risk assessment processes, and now completes a new assessment for each award at the time of the award. Once the deficiency was identified, the Department began to review supporting backup documentation for all expenditures. The current finding also focused on specific sets of expenditures which were not reviewed in detail. As a result, the Department is currently evaluating the best approach to obtain and review supporting documentation at a detail level to ensure compliance with all requirements. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We thank the State Auditor?s Office for identifying areas we could improve to meet all compliance requirements for federal funding. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Subrecipient Monitoring Known Questioned Cost Amount: $28,886,606 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state?s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2022, state agencies spent more than $1.4 billion in SLFRF funds, $132 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0), in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2022, the Department expended about $111 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program. During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP 2.0 subrecipients. We determined that the Department did not perform fiscal reviews or any program reviews for 20 of its 32 subrecipients (63 percent) during the audit period. We used a statistical sampling method to randomly select and review seven out of 12 subrecipients for which the Department completed monitoring during the audit period. We determined four of the seven fiscal reviews completed were insufficient for ensuring payments to these subrecipients were allowable and adequately supported, primarily because the support reviewed lacked enough detail to ensure the activities were allowable and within the period of performance. We also examined program monitoring documentation completed for these same seven subrecipients. The Department selected only one household from each subrecipient for eligibility verification. We determined these reviews did not provide reasonable assurance that payments to the subrecipients were made only on behalf of eligible households. We also used a statistical sampling method to randomly select and review 56 out of 627 payments. Additionally, we judgmentally selected and reviewed one individually significant payment of $6 million. In total, we examined 57 provider payments totaling $48.5 million. Of the 57 payments examined, we identified 37 (65 percent), including the individually significant payment, that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. The issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. Department staff approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper support and only served eligible households. However, management said that due to limited staffing and resources, they were only able to monitor 12 subrecipients during the audit period, wherein staff elected to review just one household payment for each subrecipient for appropriateness. Furthermore, the program did not have written policies and procedures in place documenting the programmatic and fiscal monitoring requirements for staff to follow. Therefore, management could not ensure that reviews were thorough and consistent, included a valid sample of subrecipient records, and required detailed source documentation, including accounting support. Effect of Condition and Questioned Costs We determined the Department did not review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $28,886,606 in known federal questioned costs and $71,007,353 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls and reviewing detailed supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement written policies and monitoring procedures to ensure adequate review of each subrecipient?s use of federal funds ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Ensure it has sufficient staffing and resources to monitor each subrecipient, as required under Uniform Guidance ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. In fiscal year 202, Commerce created the Eviction Rent Assistance Programs 1.0 and 2.0: Coronavirus State Fiscal Recovery Funds allocated by the Washington State legislature to fund the program. All of the rental assistance programs included multiple funding allocations. To provide much needed assistance to the state, the Department quickly deployed the programs either concurrently or on overlapping timelines. The vast majority of our grantees are local government entities with whom the Department has a long history of contracting and partnering with to deliver services. Federal requirements dictate local governments ensure their internal controls meet standards to comply with all compliance requirements. The Department used that expectation to rely on their administrative and fiscal control functions to ensure compliance. The Department received the first emergency rental assistance funds in August 2020 and the funding was set to expire four months after the award issuance. The Department moved quickly to relieve barriers to issue funding. In December 2020 Congress extended the end date to continue the funding for this program into 2021. As a result of the fiscal year 2021 audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. As a result of the deficiencies reported in the fiscal year 2021 audit, the program deployed new subrecipient monitoring risk assessment processes, and now completes a new assessment for each award at the time of the award. Once the deficiency was identified, the Department began to review supporting backup documentation for all expenditures. The current finding also focused on specific sets of expenditures which were not reviewed in detail. As a result, the Department is currently evaluating the best approach to obtain and review supporting documentation at a detail level to ensure compliance with all requirements. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We thank the State Auditor?s Office for identifying areas we could improve to meet all compliance requirements for federal funding. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.
2022-019 The Department of Commerce did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the Coronavirus State and Local Fiscal Recovery Funds. Assistance Listing Number and Title: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Grantor Name: U.S. Department of the Treasury Federal Award/Contract Number: SLFRP0002 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Activities Allowed or Unallowed Allowable Costs/Cost Principles Period of Performance Subrecipient Monitoring Known Questioned Cost Amount: $28,886,606 Background The Coronavirus State and Local Fiscal Recovery Funds (SLFRF), as part of the American Rescue Plan Act of 2021, delivered $350 billion to state, local, and tribal governments to support the response to and recovery from the COVID-19 public health emergency. Washington received $4.4 billion of SLFRF money from the U.S. Department of the Treasury, which the state?s Office of Financial Management allocated to state agencies for various programs. In fiscal year 2022, state agencies spent more than $1.4 billion in SLFRF funds, $132 million of which was spent by the Department of Commerce. The Department used SLFRF funds to administer and provide economic assistance to households at risk of eviction and homelessness primarily through the Eviction Rental Assistance Program (ERAP 2.0), in addition to transportation, tourism, and other pandemic-recovery projects. During fiscal year 2022, the Department expended about $111 million on reimbursements and advance payments to local governments and nonprofit organizations as subrecipients. These subrecipients were responsible for making direct payments of rent and utilities for eligible low-income households with overdue rent payments dating as far back as March 2020. Pass-through entities are required to monitor the activities of subrecipients to ensure they are properly using federal funds for allowable activities and expenditures. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. Description of Condition The Department did not have adequate internal controls over and did not comply with requirements for monitoring subrecipients to ensure payments were allowable, properly supported, and met period of performance requirements for the SLFRF program. During the audit period, the Department only required summary level supporting documentation when approving subrecipient payments. Since detailed source documentation was not required at the time of reimbursement, the Department implemented a fiscal review process for ERAP 2.0 subrecipients. We determined that the Department did not perform fiscal reviews or any program reviews for 20 of its 32 subrecipients (63 percent) during the audit period. We used a statistical sampling method to randomly select and review seven out of 12 subrecipients for which the Department completed monitoring during the audit period. We determined four of the seven fiscal reviews completed were insufficient for ensuring payments to these subrecipients were allowable and adequately supported, primarily because the support reviewed lacked enough detail to ensure the activities were allowable and within the period of performance. We also examined program monitoring documentation completed for these same seven subrecipients. The Department selected only one household from each subrecipient for eligibility verification. We determined these reviews did not provide reasonable assurance that payments to the subrecipients were made only on behalf of eligible households. We also used a statistical sampling method to randomly select and review 56 out of 627 payments. Additionally, we judgmentally selected and reviewed one individually significant payment of $6 million. In total, we examined 57 provider payments totaling $48.5 million. Of the 57 payments examined, we identified 37 (65 percent), including the individually significant payment, that did not have adequate documentation to ensure the payment was for allowable activities, met cost principles, and occurred within the award?s period of performance. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. The issue was not reported as a finding in the prior audit. Cause of Condition Management did not ensure that proper internal controls were in place to oversee ERAP 2.0 and the use of SLFRF funds. Department staff approved payments to subrecipients without reviewing adequate supporting documentation, and management relied on annual program and fiscal monitoring to ensure subrecipients had proper support and only served eligible households. However, management said that due to limited staffing and resources, they were only able to monitor 12 subrecipients during the audit period, wherein staff elected to review just one household payment for each subrecipient for appropriateness. Furthermore, the program did not have written policies and procedures in place documenting the programmatic and fiscal monitoring requirements for staff to follow. Therefore, management could not ensure that reviews were thorough and consistent, included a valid sample of subrecipient records, and required detailed source documentation, including accounting support. Effect of Condition and Questioned Costs We determined the Department did not review adequate supporting documentation before paying subrecipients, and it did not perform adequate fiscal reviews to ensure that expenditures were for allowable activities. As a result, we identified $28,886,606 in known federal questioned costs and $71,007,353 in likely federal questioned costs. Our sampling methodology meets statistical sampling criteria under generally accepted auditing standards in AU-C 530.05. It is important to note that the sampling technique we used is intended to support our audit conclusions by determining if expenditures complied with program requirements in all material respects. Accordingly, we used an acceptance sampling formula designed to provide a high level of assurance, with a 95 percent confidence of whether exceptions exceeded our materiality threshold. Our audit report and finding reflect this conclusion. However, the likely improper payment projections are a point estimate and only represent our ?best estimate of total questioned costs,? as required by 2 CFR ? 200.516(3). To ensure a representative sample, we stratified the population by dollar amount. Without establishing adequate internal controls and reviewing detailed supporting documentation from subrecipients, the Department cannot reasonably ensure it is using federal funds for allowable purposes and that spending occurs within the allowed period of performance. We question costs when we find an agency has not complied with grant regulations or when it does not have adequate documentation to support its expenditures. Recommendations We recommend the Department: ? Implement written policies and monitoring procedures to ensure adequate review of each subrecipient?s use of federal funds ? Improve internal controls to ensure subrecipients provide adequate supporting documentation when requesting reimbursement ? Ensure it has sufficient staffing and resources to monitor each subrecipient, as required under Uniform Guidance ? Consult with the grantor to discuss whether the questioned costs identified in the audit should be repaid Department?s Response The Coronavirus pandemic created an unprecedented crisis of imminent evictions for an estimated 200,000 households who would face homelessness. Prompt program implementation was critical to reducing evictions as homelessness was shown to increase the spread of COVID-19 leading to death. In fiscal year 202, Commerce created the Eviction Rent Assistance Programs 1.0 and 2.0: Coronavirus State Fiscal Recovery Funds allocated by the Washington State legislature to fund the program. All of the rental assistance programs included multiple funding allocations. To provide much needed assistance to the state, the Department quickly deployed the programs either concurrently or on overlapping timelines. The vast majority of our grantees are local government entities with whom the Department has a long history of contracting and partnering with to deliver services. Federal requirements dictate local governments ensure their internal controls meet standards to comply with all compliance requirements. The Department used that expectation to rely on their administrative and fiscal control functions to ensure compliance. The Department received the first emergency rental assistance funds in August 2020 and the funding was set to expire four months after the award issuance. The Department moved quickly to relieve barriers to issue funding. In December 2020 Congress extended the end date to continue the funding for this program into 2021. As a result of the fiscal year 2021 audit, it was determined the fiscal review must be completed for all program reimbursements, even if the detail review of expenditures was completed at our subrecipient level. The initial fiscal monitoring was based on previously conducted risk assessments, so not all payees received a fiscal monitoring. As a result of the deficiencies reported in the fiscal year 2021 audit, the program deployed new subrecipient monitoring risk assessment processes, and now completes a new assessment for each award at the time of the award. Once the deficiency was identified, the Department began to review supporting backup documentation for all expenditures. The current finding also focused on specific sets of expenditures which were not reviewed in detail. As a result, the Department is currently evaluating the best approach to obtain and review supporting documentation at a detail level to ensure compliance with all requirements. The Department continues to complete reviews of supporting documentation for fiscal year 2023 expenditures and we strive to meet all other program requirements. We thank the State Auditor?s Office for identifying areas we could improve to meet all compliance requirements for federal funding. Auditor?s Remarks We thank the Department for its cooperation and assistance throughout the audit. We will review the status of the Department?s corrective action during our next audit. Applicable Laws and Regulations Title 2 U.S. Code of Federal Regulations (CFR) Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), section 516, Audit findings, establishes reporting requirements for audit findings. Title 2 CFR Part 200, Uniform Guidance, section 303, Internal controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. Title 2 CFR Part 200, Uniform Guidance, section 332, Requirements for pass-through entities, establishes the requirements for all pass-through entities. Title 2 CFR Part 200, Uniform Guidance, section 403, Factors affecting allowability of costs, describes the general criteria in order for a cost to be allowable under federal awards, including being adequately documented. Title 2 CFR Part 200.1, Uniform Guidance, establishes definitions for improper payments. Part 200.410 establishes requirements for the collection of unallowable costs.