Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Finding No. 2024-038 Federal Awarding Agency: USDHS Impact: Noncompliance AL Number and Title: 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) – COVID-19 Federal Award Number: 4094DRAKP00000001, 4413DRAKP00000001, 4533DRAKP00000001 Applicable Compliance Requirement: Subrecipient Monitoring Condition: DMVA management did not issue a management decision for a finding relating to one subrecipient's single audit. Context: Under federal regulations, pass-through entities are responsible for issuing a management decision for audit findings relating to federal awards provided to subrecipients. The management decisions must clearly state whether or not the audit finding is substantiated, the reason for the decision, and the adequacy of the recipient’s proposed corrective actions to address the finding. If the subrecipient has not completed corrective action, a timetable for follow-up should be given. One Disaster Grants subrecipient’s single audit contained a finding and DMVA management did not issue a management decision to the subrecipient. The finding related to the subrecipient not submitting a single audit to the federal audit clearinghouse within nine months after the end of the subrecipient’s fiscal year as required by federal regulations. Cause: DMVA has controls to ensure a management decision is issued on a subrecipient’s single audit finding. However, due to staff not following procedures, the management decision was not issued. Criteria: Title 2 CFR 200.521 states the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. Furthermore, Title 2 CFR 200.1 defines a management decision as a pass-through entity’s written determination, provided to the auditee, of the adequacy of the auditee’s proposed corrective actions to address the findings, based on its evaluation of the audit findings and proposed corrective actions. Effect: The lack of management decisions may result in the subrecipient not taking appropriate corrective action on findings. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements or withholding/terminating funding. Questioned Costs: None Recommendation: DMVA’s finance officer should ensure procedures are followed and a management decision is issued for all subrecipient single audit findings within six months of a subrecipient audit report’s acceptance by the federal audit clearinghouse. Views of Responsible Officials: Management agrees with this finding.
Finding No. 2024-038 Federal Awarding Agency: USDHS Impact: Noncompliance AL Number and Title: 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) – COVID-19 Federal Award Number: 4094DRAKP00000001, 4413DRAKP00000001, 4533DRAKP00000001 Applicable Compliance Requirement: Subrecipient Monitoring Condition: DMVA management did not issue a management decision for a finding relating to one subrecipient's single audit. Context: Under federal regulations, pass-through entities are responsible for issuing a management decision for audit findings relating to federal awards provided to subrecipients. The management decisions must clearly state whether or not the audit finding is substantiated, the reason for the decision, and the adequacy of the recipient’s proposed corrective actions to address the finding. If the subrecipient has not completed corrective action, a timetable for follow-up should be given. One Disaster Grants subrecipient’s single audit contained a finding and DMVA management did not issue a management decision to the subrecipient. The finding related to the subrecipient not submitting a single audit to the federal audit clearinghouse within nine months after the end of the subrecipient’s fiscal year as required by federal regulations. Cause: DMVA has controls to ensure a management decision is issued on a subrecipient’s single audit finding. However, due to staff not following procedures, the management decision was not issued. Criteria: Title 2 CFR 200.521 states the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. Furthermore, Title 2 CFR 200.1 defines a management decision as a pass-through entity’s written determination, provided to the auditee, of the adequacy of the auditee’s proposed corrective actions to address the findings, based on its evaluation of the audit findings and proposed corrective actions. Effect: The lack of management decisions may result in the subrecipient not taking appropriate corrective action on findings. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements or withholding/terminating funding. Questioned Costs: None Recommendation: DMVA’s finance officer should ensure procedures are followed and a management decision is issued for all subrecipient single audit findings within six months of a subrecipient audit report’s acceptance by the federal audit clearinghouse. Views of Responsible Officials: Management agrees with this finding.
Criteria or specific requirement: Title 2 – Grants and Agreements. Subtitle A – Office of Management and Budget Guidance for Grants and Agreements. Chapter II – Office of Management and Budget Guidance. Part 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D – Post Federal Award Requirements. Standards for Financial and Program Management. §200.303 Internal controls (2 CFR 200.303): The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2 – Grants and Agreements. Subtitle A – Office of Management and Budget Guidance for Grants and Agreements. Chapter II – Office of Management and Budget Guidance. Part 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D – Post Federal Award Requirements. Subrecipient Monitoring and Management. §200.332 Requirements for pass-through entities (2 CFR 200.332): A pass-through entity must: (c) Evaluate each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraph (f) of this section. When evaluating a subrecipient’s risk, a passthrough entity should consider the following: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits. This includes considering whether or not the subrecipient receives a Single Audit in accordance with subpart F and the extent to which the same or similar subawards have been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of any Federal agency monitoring (for example, if the subrecipient also receives Federal awards directly from the Federal agency). (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: (1) Review financial and performance reports. (2) Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the pass-through entity with information on their plan for corrective action and any assistance needed to resolve the situation. (3) Issue a management decision for audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) Resolve audit findings specifically related to the subaward. However, the pass-through entity is not responsible for resolving cross-cutting audit findings that apply to the subaward and other Federal awards or subawards. If a subrecipient has a current Single Audit report and has not been excluded from receiving Federal funding (meaning, has not been debarred or suspended), the pass-through entity may rely on the subrecipient’s cognizant agency for audit or oversight agency for audit to perform audit follow-up and make management decisions related to crosscutting audit findings in accordance with section §200.513(a)(4)(viii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. California Code of Regulations. Title 5 Education. § 18023. Compliance Reviews of Contractors. (b) At least once every three (3) years and as resources permit, the California Department of Education shall conduct reviews at the contractor's office(s) and operating facility(ies) to determine the contractor's compliance with applicable laws, regulations or contractual provisions. Child Care and Development Fund (CCDF) Plan for State/Territory California FFY 2022-24, Amendment 4. Chapter 8 Ensure Grantee Program Integrity and Accountability. 8.1 Internal Controls and Accountability Measures to Help Ensure Program Integrity. 8.1.1 Process to train about CCDF requirements and program integrity. States and territories are required to describe effective internal controls that are in place to ensure program integrity and accountability (98.68(a)), including processes to train child care providers and staff of the Lead Agency and other agencies engaged in the administration of CCDF about program requirements and integrity. v. Monitor and assess policy implementation on an ongoing basis. The Lead Agency conducts announced Categorical Program Monitoring (CPM)/Contract Monitoring Reviews (CMRs) for each contractor on a three- or four-year cycle for non-LEAs and LEAs respectively. The Lead Agency’s Governance and Administration Unit (GAU) conducts ongoing review of individual contractors by sampling the eligibility and need documentation in family files to estimate and reduce error rates. Additionally, the Lead Agency provides ongoing training and technical assistance to contractors in regional sessions, in one-on-one sessions, and/or in cluster with webinars or during face to-face presentations. These sessions address CCDF program administration, requirements, and integrity Condition: We selected 60 subrecipient contracts (21 local educational agency (LEA) contracts and 39 non-LEA contracts) from 60 subrecipient entities and tested compliance with subrecipient monitoring requirements. We noted the following: LEA • 2 LEA contracts/contractors had no record of on-site monitoring over five years. Non-LEA • 3 non-LEA contracts/contractors had no records available to demonstrate risk assessment of the contractor. • 11 non-LEA contracts/contractors had no record of on-site monitoring over five years. Questioned costs: None Context: See “Condition.” Cause: In fiscal year 2021, the administration of the CCDF Cluster program was transitioned from the California Department of Education (CDE) to CDSS. CDSS has been in the process of revising certain policies and procedures, including contractor monitoring. In addition, certain records related to CDE monitoring activities for the contracts selected were unavailable for review. Effect: CDSS is at risk for contractor noncompliance if monitoring procedures are not properly designed or executed, and/or documents demonstrating monitoring are not maintained. Repeat Finding: This was reported in the previous year as finding 2023-012. Recommendation: To enhance the effectiveness of the annual risk assessment process, we recommend a thorough evaluation that focuses on the identification and inclusion of all subrecipients and defined risk criteria as mandated in 2 CFR 200.332. Furthermore, it is crucial to establish and document a transparent basis for risk profiling that directly correlates such profiles with compliance monitoring activities across fiscal, program, and single audit requirements. Furthermore, we recommend CDSS perform a comprehensive post-transition review to ensure all monitoring responsibilities transferred from CDE have been fully identified and assigned. This review should validate robust mechanisms are in place for the accurate documentation and proper retention of records. Views of responsible officials: Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Assistance Listing 93.914 HIV Emergency Relief Project Grants Condition: The Office of Health and Human Services' (HHS) Audit Unit failed to issue a management decision for audit findings related to two subrecipients of the city, who each had audit findings reported in their respective single audits. The fiscal year 2023 single audit of Bebashi and the fiscal year 2024 single audit of The Children's Hospital of Pennsylvania had a significant deficiency reported under the HIV Emergency Relief Program (ALN 93.914) in the Internal Controls over Major Programs section of the Schedule of Findings and Questioned Costs. Funding for HIV Emergency Relief program is received directly from the U.S. Department of Health and Human Services. Criteria: 2 CFR section 200.332(e) states that the pass-through entity must issue a management decision for audit findings pertaining only to the federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Effect: The management decision serves to confirm the audit findings and outline a corrective action plan for the subrecipient. Failure to issue a management decision could lead to unresolved findings at the subrecipient level. Cause: HHS incorrectly relies on the auditing firms that perform subrecipient single audits to issue a management decision per 2 CFR section 200.312(e). Recommendation: We recommend that HHS management modifies and/or strengthens its current policies and procedures to ensure that a management decision letter will be issued for audit findings relating to any federal awards that were provided to subrecipients. Views of the Responsible Officials and Corrective Action Plan: HHS acknowledges the Controller’s finding that management decision letters were not issued for specific subrecipient audit findings under ALN 93.914, as required under 2 CFR 200.332(e) and 200.521. While the formal letters were not issued, HHS did review the audit findings, obtained and evaluated the subrecipients’ corrective action plans and confirmed that no questioned costs or additional risks remained. These steps ensured that the underlying corrective actions were completed. To strengthen documentation and ensure consistency across all federal programs, HHS will adopt the following corrective measures: 1. Standard management Decision Template • HHS will adopt a simple, uniform management decision template and clear steps for documenting decisions within the required federal timelines. 2. Central Location for Documentation • HHS will store all management decision letters and related materials in one designated shared location to ensure accessibility and consistent record-keeping. 3. Brief Staff Guidance • HHS will provide concise written guidance to staff outlining: o When a management decision is required, o How to complete it using the template, and o What documentation must be retained? These corrective actions will ensure consistent compliance with federal requirements while supporting the City’s long-term goal of standardizing financial processes across departments. Contact Person: Landuleni Shipanga, Controller, City of Philadelphia Office of Children and Families, 215-683-6366
Finding Number: 2023-001 Internal Control over Compliance and Compliance with the Subrecipient Monitoring Compliance Requirement, Repeat Finding, Finding No. 2022-001 Identification of the Major Federal Program: Programs: Government Agency: Inclusion Across the Nation of Communities of Learners of Underrepresented Discoverers in Engineering and Science Assistance Listing Number: 47.076 Award Number: HRD-1834540 Award Years: 09/01/2018 – 02/28/2025 PhysTEC: Building a Solution to the National Physics Teacher Shortage Assistance Listing Number: 47.049 Award Number: PHY-1707990 Award Years: 07/01/2017 – 06/30/2023 National Science Foundation (NSF) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331, a pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. reviewing financial and programmatic (performance and special reports) required by the PTE; 2. following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means; 3. issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Furthermore, under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Public Law 110-252, hereafter referred as the “Transparency Act” that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). If a subaward/subcontract was subject to reporting under the Transparency Act, the action was required to be reported in FSRS no later than the last day of the month following the month in which the subaward/subcontract amendment obligation was made or in the subcontract award/subcontract modification was made. Conditions – Our examination of the program’s subrecipient monitoring requirements includes the review and approval of financial and performance quarterly reports by the program managers. The quarterly reports are prepared by APS’ grants administrator with inputs provided by the subrecipient submitted to the program managers. Of the program’s twenty (20) subrecipients, we examined eight (8) subrecipients and observed that although the respective program managers had monitoring oversight of the various grant’s financial and programmatic activities, there was no formal evidentiary documentation to support the monitoring oversight process performed by the program managers. Furthermore, our examination of the program’s subrecipient monitoring requirements includes follow-ups by APS to ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to federal awards provided to the subrecipients which have been detected through reviews of audits, on-site reviews, and other means. We selected six (6) subrecipients for testing and noted that for two (2) samples selected APS was unable to provide evidence that it monitored the subrecipients through review of its single audit reports, on-site reviews, and other means. We also tested a sample of three (3) subrecipients and our examination of the monitoring and reporting requirements revealed that APS did not report the information on a subaward of $30,000 or more in federal funds timely and on one (1) of the sub awards reported, the contract award amount reported is less than the actual expenditures incurred by the subrecipient. APS began implementation of its corrective action plan on June 5, 2023, and the exceptions identified above is as a result of the fact that APS was still in the implementation process of its corrective action plan. Cause - Management does not have adequate internal controls and policies and procedures in place to ensure that a review is performed on the financial and programmatic reports in a timely manner and to ensure that its subrecipients do not have any audit deficiencies relating to federal award programs and if any deficiencies are detected, that the subrecipients takes timely and appropriate action to resolve the deficiencies identified. There is also a lack of established monitoring and internal control procedures in place to ensure that reports required under the Transparency Act are prepared and submitted timely in FSRS Reporting System resulted in APS’ noncompliance with the reporting requirements. Effect or potential effect – APS is not in compliance with the subrecipient monitoring requirements as it did not maintain consistent documented evidence of its monitoring of subrecipients. In addition, failure to comply with the reporting requirements of the Uniform Guidance could result in the awarding agency taking action such as reducing future funding. Questioned Costs – None. Context – These are conditions identified per review of APS compliance with specified compliance requirements using a statistically valid sample. Recommendations – BDO recommends that APS continue to apply the implemented policies, procedures and controls that will ensure that all requisite reports are reviewed, and evidence of review are documented and maintained. Furthermore, APS should continue to implement policies to obtain and review single audit reports of its subrecipients in order to ensure compliance with all the required laws, guidelines and requirement under the award. BDO recommends that APS continues to implement established policies and procedure over the preparation and timely submission of reports required under the Transparency Act to ensure compliance with reporting requirements. Views of Responsible Officials - APS concurs with this finding. APS’ corrective action is described in the Management’s Corrective Action Plan included below.
Finding Number: 2023-001 Internal Control over Compliance and Compliance with the Subrecipient Monitoring Compliance Requirement, Repeat Finding, Finding No. 2022-001 Identification of the Major Federal Program: Programs: Government Agency: Inclusion Across the Nation of Communities of Learners of Underrepresented Discoverers in Engineering and Science Assistance Listing Number: 47.076 Award Number: HRD-1834540 Award Years: 09/01/2018 – 02/28/2025 PhysTEC: Building a Solution to the National Physics Teacher Shortage Assistance Listing Number: 47.049 Award Number: PHY-1707990 Award Years: 07/01/2017 – 06/30/2023 National Science Foundation (NSF) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331, a pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. reviewing financial and programmatic (performance and special reports) required by the PTE; 2. following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means; 3. issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Furthermore, under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Public Law 110-252, hereafter referred as the “Transparency Act” that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). If a subaward/subcontract was subject to reporting under the Transparency Act, the action was required to be reported in FSRS no later than the last day of the month following the month in which the subaward/subcontract amendment obligation was made or in the subcontract award/subcontract modification was made. Conditions – Our examination of the program’s subrecipient monitoring requirements includes the review and approval of financial and performance quarterly reports by the program managers. The quarterly reports are prepared by APS’ grants administrator with inputs provided by the subrecipient submitted to the program managers. Of the program’s twenty (20) subrecipients, we examined eight (8) subrecipients and observed that although the respective program managers had monitoring oversight of the various grant’s financial and programmatic activities, there was no formal evidentiary documentation to support the monitoring oversight process performed by the program managers. Furthermore, our examination of the program’s subrecipient monitoring requirements includes follow-ups by APS to ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to federal awards provided to the subrecipients which have been detected through reviews of audits, on-site reviews, and other means. We selected six (6) subrecipients for testing and noted that for two (2) samples selected APS was unable to provide evidence that it monitored the subrecipients through review of its single audit reports, on-site reviews, and other means. We also tested a sample of three (3) subrecipients and our examination of the monitoring and reporting requirements revealed that APS did not report the information on a subaward of $30,000 or more in federal funds timely and on one (1) of the sub awards reported, the contract award amount reported is less than the actual expenditures incurred by the subrecipient. APS began implementation of its corrective action plan on June 5, 2023, and the exceptions identified above is as a result of the fact that APS was still in the implementation process of its corrective action plan. Cause - Management does not have adequate internal controls and policies and procedures in place to ensure that a review is performed on the financial and programmatic reports in a timely manner and to ensure that its subrecipients do not have any audit deficiencies relating to federal award programs and if any deficiencies are detected, that the subrecipients takes timely and appropriate action to resolve the deficiencies identified. There is also a lack of established monitoring and internal control procedures in place to ensure that reports required under the Transparency Act are prepared and submitted timely in FSRS Reporting System resulted in APS’ noncompliance with the reporting requirements. Effect or potential effect – APS is not in compliance with the subrecipient monitoring requirements as it did not maintain consistent documented evidence of its monitoring of subrecipients. In addition, failure to comply with the reporting requirements of the Uniform Guidance could result in the awarding agency taking action such as reducing future funding. Questioned Costs – None. Context – These are conditions identified per review of APS compliance with specified compliance requirements using a statistically valid sample. Recommendations – BDO recommends that APS continue to apply the implemented policies, procedures and controls that will ensure that all requisite reports are reviewed, and evidence of review are documented and maintained. Furthermore, APS should continue to implement policies to obtain and review single audit reports of its subrecipients in order to ensure compliance with all the required laws, guidelines and requirement under the award. BDO recommends that APS continues to implement established policies and procedure over the preparation and timely submission of reports required under the Transparency Act to ensure compliance with reporting requirements. Views of Responsible Officials - APS concurs with this finding. APS’ corrective action is described in the Management’s Corrective Action Plan included below.
Cluster: Research and Development Agency: Department of Human and Health Services Award Names: Safety and Health Risks in Energy Transition for the Commercial Fishing Industry Award Numbers: U01OH012502 Assistance Listing Title: Center for Disease Control and Prevention (CDC) Assistance Listing Number: 93.262 Award Year: FY 2023 Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Condition Through our testing of 4 subrecipients out of a total subrecipient population of 10, we were able to obtain a documented initial risk assessment for each subrecipient selected and other evidence of monitoring such as meetings with the subrecipients. However, we were unable to obtain evidence that the Company obtained and reviewed the annual Uniform Guidance report or annual audited financial statements (if the entity was not subject to a Uniform Guidance audit) for 1 out of 4 subrecipients selected for testing. Cause The Company failed to ensure that their subrecipient monitoring process included obtaining and reviewing every subrecipient’s annual Uniform Guidance report or annual audited financial statements during FY 2023. Effect The lack of an annual review of subrecipient audits may result in ineligible subrecipients receiving federal awards, subrecipient findings not being fully remediated and other monitoring procedures (based on risk level) not being performed. Questioned Costs None noted. Recommendation We recommend the Company follow their policy, which includes obtaining and reviewing Uniform Guidance reports (or audited financial statements to the extent Uniform Guidance reports are not available) for every subrecipient on an annual basis and ensure that it is completed for all applicable awards. When reviewing the reports, they should understand the type of opinion(s) expressed and whether there were any findings associated with their awards, document their review and assess whether there is any change in the risk assessment and subsequent monitoring needed of each subrecipient. We also recommend a supervisory review over subrecipient monitoring to be included in the process to ensure it gets completed completely and accurately for all awards. This supervisory review should also be evidenced through documentation. This is a repeat finding of 2022-001, which continued to remain open during FY2023. Management’ Views and Corrective Action Plan Management’s Views and Corrective Action Plan are included at the end of this report.
FINDING 2023-003 Subject: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds - Subrecipient Monitoring Federal Agency: Department of the Treasury Federal Program: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Assistance Listings Number: 21.027 Federal Award Number and Year (or Other Identifying Number): FY 2023 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Modified Opinion Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-005. Condition and Context The County received a total State and Local Fiscal Recovery Funds (SLFRF) allocation of $13,177,707. During the audit period, the County provided subawards of SLFRF funds to other entities. As a pass-through entity, the County must: Identify the award and the applicable requirements to each subrecipient. Evaluate each subrecipient's risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for an authorized purpose, complies with the terms and conditions of the subaward, and achieves performance goals. Subawards, totaling $290,000, were provided to two different entities. Both subrecipient agreements associated with the subawards were selected for testing. For the two agreements tested, the following information was incomplete or missing: The federal award identification number (FAIN). The federal award date of award to the recipient by the federal agency. The name of the federal awarding agency, pass-through entity (auditee), and contact information for awarding official of the pass-through entity (auditee). The Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each federal award and the Assistance Listings Number at time of disbursement. Furthermore, the County did not have an evaluation of the subrecipients' risk of noncompliance or monitoring activities demonstrating compliance with the subrecipient monitoring requirement. The County did not request any financial or audit documentation from the subrecipients. The lack of internal controls and noncompliance were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 21 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.331(a) states: "Subrecipients. A subaward is for the purpose of carrying out a portion of a Federal award and creates a Federal assistance relationship with the subrecipient. See definition for Subaward in § 200.1 of this part. Characteristics which support the classification of the non-Federal entity as a subrecipient include when the non-Federal entity: (1) Determines who is eligible to receive what Federal assistance; (2) Has its performance measured in relation to whether objectives of a Federal program were met; (3) Has responsibility for programmatic decision-making; (4) Is responsible for adherence to applicable Federal program requirements specified in the Federal award; and (5) In accordance with its agreement, uses the Federal funds to carry out a program for a public purpose specified in authorizing statute, as opposed to providing goods or services for the benefit of the pass-through entity." 2 CFR 200.332 states in part: "All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward . . . (1) Federal award identification. (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; INDIANA STATE BOARD OF ACCOUNTS 22 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the passthrough entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the passthrough entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; (4) (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the passthrough entity must determine the appropriate rate in collaboration with the subrecipient, which is either: (A) The negotiated indirect cost rate between the pass-through entity and the subrecipient; which can be based on a prior negotiated rate between a different PTE and the same subrecipient. If basing the rate on a previously negotiated rate, the pass-through entity is not required to collect information justifying this rate, but may elect to do so; (B) The de minimis indirect cost rate. INDIANA STATE BOARD OF ACCOUNTS 23 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. Subrecipients can elect to use the cost allocation method to account for indirect costs in accordance with § 200.405(d). (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient's risk of noncompliance with Federal statues, regulations, and the terms and conditions of the subaward for purposes of determined the appropriate subrecipient monitoring . . . (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. . . ." Cause The system of internal controls as established by the management of the County was not properly designed nor implemented. The County was unable to provide documentation that monitoring procedures were in place over subrecipients. Effect Without the proper implementation of an effectively designed system of internal controls, the County cannot be sure subrecipients are provided an adequate subaward agreement, with all required elements and are adequately monitored. As such, subaward agreements entered into by the County did not include all the required elements. In addition, the County did not properly monitor the non-profit to ensure proper spending of the federal funds. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the County. INDIANA STATE BOARD OF ACCOUNTS 24 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the County design and implement a proper system of internal controls and develop policies and procedures to ensure subrecipients are provided with an adequate subaward agreement and monitored as appropriate. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2023-001 - Internal Controls over Subrecipient Monitoring (SD, NC) Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds Federal Catalog Number: 21.027 Federal Agency: U.S. Department of Treasury Category of Finding: Subrecipient Monitoring Criteria: Pursuant to the Office of Management and Budget (OMB) 2 CFR Part 200, Appendix XI, Compliance Supplement May 2023, sections 3-M-1 and 3-M-2: A recipient must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. Reviewing financial and programmatic (performance and special reports) required by the PTE. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. 3. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Condition: While the Society currently has policies and procedures for monitoring subrecipients, it does not have a policy specifically relating to subaward agreements between the Society and its subrecipients that is compliant with applicable Federal statutes per 2 CFR part 200, Appendix XI, Compliance Supplement May 2023, sections 3-M-1 and 3-M-2. No formal subaward agreement was drafted by the Society and its subrecipient. Cause: Lack of formal policies specifically addressing federal requirements for subaward agreements. Effect or Potential Effect: Although the Society has existing policies and procedures for monitoring, the absence of a formal subaward agreement compliant with federal regulations may potentially result in the Society sending funds to subrecipients for activities and services that are nonconforming to allowed costs under the Uniform Guidance. Questioned Cost: None Context: During the audit, we did not receive a copy of the subaward between the Society and its subrecipient. Repeat of a Prior-Year Finding: No.
Criteria: 2 CFR 200.332 notes, “All pass-through entities must… (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Condition: The Organization noted they do not request and review audited financial statements for all subrecipients. Questioned Costs: N/A Cause and Effect: Without reviewing audited financial statements, subrecipients may have deficiencies in internal control or compliance which could lead to future unallowable expenditures to be incurred. Recommendation: We recommend ACT evaluates policies and procedures to ensure appropriate monitoring is performed over all subrecipients and reviews audited financial statements for those subrecipients that are required to have an audit performed. Views of Responsible Officials and Planned Corrective Actions: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Criteria: 2 CFR 200.332 notes, “All pass-through entities must… (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Condition: The Organization noted they do not request and review audited financial statements for all subrecipients. Questioned Costs: N/A Cause and Effect: Without reviewing audited financial statements, subrecipients may have deficiencies in internal control or compliance which could lead to future unallowable expenditures to be incurred. Recommendation: We recommend ACT evaluates policies and procedures to ensure appropriate monitoring is performed over all subrecipients and reviews audited financial statements for those subrecipients that are required to have an audit performed. Views of Responsible Officials and Planned Corrective Actions: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
2023-004: Subrecipient Monitoring Criteria: The Code of Federal Regulations 2 CFR 200.332 states that all pass-through entities (PTE) must: Identify the Award and Applicable Requirements - Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.331(a)(1); (2)all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.331(a)(3)). Evaluate Risk - Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). Monitor - Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: (1) Reviewing financial and programmatic (performance and special reports) required by the PTE. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Condition: The Organization did not clearly communicate the required federal award information and applicable requirements to the subrecipients. The Organization did not evaluate the risk of non-compliance of the subrecipients in order to identify the appropriate monitoring procedures. Statistical sampling was not used in making sample selections. Cause: The Organization has not implemented policies or procedures, to the degree necessary, to ensure that federal award monitoring compliance requirements are being met. Effect: The Organization did not perform adequate monitoring procedures on the subrecipients. Without communication of required information, subrecipients may overspend award amounts or incur unallowable expenses towards the grant. Questioned Costs: N/A Statistical Sampling: Statistical sampling was not used in making sample selections. Recommendation: We recommend that management of the Organization implement policies, procedures, and internal controls to evaluate the subrecipient risk of noncompliance to ensure subrecipients are being appropriately monitored in compliance with federal regulations. Views of Responsible Officials: Management agrees with this finding and their response is included in the corrective action plan.
Finding Number: 2023-007 Repeat Finding: Yes Type of Finding: Material Weakness in Internal Control and Material Noncompliance Description: Subrecipient Monitoring and Management Major Program: AL#93.772 - Tribal Public Health Capacity Building and Quality Improvement Umbrella Cooperative Agreement – Direct Award (DHHS) – Award numbers: 1 NU38TO000023-01-00, 6 NU38TO000023- 01-01, 6 NU38OT000257-05-03 and 6 NU38OT000257C3 Questioned Costs: None How the questioned costs were computed: N/A Compliance Requirement: Subrecipient Monitoring Condition: The Organization did not comply with any of the subrecipient monitoring and management requirements in accordance with 2 CFR Part 200.332. Criteria: The subrecipient monitoring and management requirements that are codified in 2 CFR Part 200.332 requires the pass-through entity must: a. Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes: 1. Federal award identification; 2. All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; 3. Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports. 4. (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the passthrough entity must determine the appropriate rate in collaboration with the subrecipient, which is either: 1. The negotiated indirect cost rate between the pass-through entity and the subrecipient; 2. The de minimis indirect cost rate (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. (iii) 5. A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient’s records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and 6. Appropriate terms and conditions concerning closeout of the subaward. b. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. c. Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. 4. The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the passthrough entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. e. Depending upon the pass-through entity's assessment of risk posed by the subrecipient, the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: 1. Providing subrecipients with training and technical assistance on program-related matters; and 2. Performing on-site reviews of the subrecipient's program operations; 3. Arranging for agreed-upon-procedures engagements as described in § 200.425. f. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. g. Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. h. Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations. Cause: The Organization’s management was not aware of the subrecipient monitoring and management requirements. Effect: The Organization was not in compliance with any of the subrecipient monitoring and management requirements, resulting in a material noncompliance and a material weakness in internal controls over compliance. Recommendation: We recommend the Organization implement systems and procedures to ensure compliance with the subrecipient monitoring and management compliance requirements. View of Responsible Officials: Management agrees with the finding and has committed to a corrective action plan.
Finding Number: 2023-007 Repeat Finding: Yes Type of Finding: Material Weakness in Internal Control and Material Noncompliance Description: Subrecipient Monitoring and Management Major Program: AL#93.772 - Tribal Public Health Capacity Building and Quality Improvement Umbrella Cooperative Agreement – Direct Award (DHHS) – Award numbers: 1 NU38TO000023-01-00, 6 NU38TO000023- 01-01, 6 NU38OT000257-05-03 and 6 NU38OT000257C3 Questioned Costs: None How the questioned costs were computed: N/A Compliance Requirement: Subrecipient Monitoring Condition: The Organization did not comply with any of the subrecipient monitoring and management requirements in accordance with 2 CFR Part 200.332. Criteria: The subrecipient monitoring and management requirements that are codified in 2 CFR Part 200.332 requires the pass-through entity must: a. Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes: 1. Federal award identification; 2. All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; 3. Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports. 4. (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the passthrough entity must determine the appropriate rate in collaboration with the subrecipient, which is either: 1. The negotiated indirect cost rate between the pass-through entity and the subrecipient; 2. The de minimis indirect cost rate (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. (iii) 5. A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient’s records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and 6. Appropriate terms and conditions concerning closeout of the subaward. b. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. c. Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. 4. The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the passthrough entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. e. Depending upon the pass-through entity's assessment of risk posed by the subrecipient, the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: 1. Providing subrecipients with training and technical assistance on program-related matters; and 2. Performing on-site reviews of the subrecipient's program operations; 3. Arranging for agreed-upon-procedures engagements as described in § 200.425. f. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. g. Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. h. Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations. Cause: The Organization’s management was not aware of the subrecipient monitoring and management requirements. Effect: The Organization was not in compliance with any of the subrecipient monitoring and management requirements, resulting in a material noncompliance and a material weakness in internal controls over compliance. Recommendation: We recommend the Organization implement systems and procedures to ensure compliance with the subrecipient monitoring and management compliance requirements. View of Responsible Officials: Management agrees with the finding and has committed to a corrective action plan.
2023-008 - Uniform Guidance Subrecipient Monitoring - Significant Deficiency/Noncompliance Federal Program: Assistance Listing #21.027, Coronavirus State and Local Fiscal Recovery Funds, U.S. Department of Treasury, Pass Through Entity Identifying Number: Not Available Assistance Listing #21.023, Emergency Rental Assistance Program, U.S. Department of Treasury, Passed through the Pennsylvania Department of Human Services, Pass-Through Entity Identifying Number: N/A Prior Year Finding Number 2022-004 Criteria: The requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards (Uniform Guidance), §200.331 Requirements for Pass-through Entities, requires entities who pass federal funding through to subrecipients evaluate each subrecipient's risk of noncompliance. As detailed in 2 CFR sections 200.331(d) through (f), the Uniform Guidance requires pass-through entities to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. This includes issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient, as detailed in 2 CFR section 200.521. Condition/Context: As part of our follow-up on previous audit findings and based on our current year testing, it was noted that the County is not formally documenting its monitoring activities over its subrecipients in compliance with the Uniform Guidance. Questioned Costs: N/A Cause: While the County has monitoring processes in place for subrecipients, it is not currently documenting certain of the initial risk assessment decisions or the occurrence of ongoing monitoring activities for its subrecipient, representing a significant deficiency in internal control over compliance. Effect: The County is not in compliance with certain requirements of the Uniform Guidance. Recommendation: We recommend that County management perform and document the various monitoring activities performed with regard to its subrecipients. Views of Responsible Officials and Planned Corrective Actions: Management understands and is working to provide better oversight and monitoring of entities that receive pass-through grant dollars. See corrective action plan.
2023-008 - Uniform Guidance Subrecipient Monitoring - Significant Deficiency/Noncompliance Federal Program: Assistance Listing #21.027, Coronavirus State and Local Fiscal Recovery Funds, U.S. Department of Treasury, Pass Through Entity Identifying Number: Not Available Assistance Listing #21.023, Emergency Rental Assistance Program, U.S. Department of Treasury, Passed through the Pennsylvania Department of Human Services, Pass-Through Entity Identifying Number: N/A Prior Year Finding Number 2022-004 Criteria: The requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards (Uniform Guidance), §200.331 Requirements for Pass-through Entities, requires entities who pass federal funding through to subrecipients evaluate each subrecipient's risk of noncompliance. As detailed in 2 CFR sections 200.331(d) through (f), the Uniform Guidance requires pass-through entities to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. This includes issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient, as detailed in 2 CFR section 200.521. Condition/Context: As part of our follow-up on previous audit findings and based on our current year testing, it was noted that the County is not formally documenting its monitoring activities over its subrecipients in compliance with the Uniform Guidance. Questioned Costs: N/A Cause: While the County has monitoring processes in place for subrecipients, it is not currently documenting certain of the initial risk assessment decisions or the occurrence of ongoing monitoring activities for its subrecipient, representing a significant deficiency in internal control over compliance. Effect: The County is not in compliance with certain requirements of the Uniform Guidance. Recommendation: We recommend that County management perform and document the various monitoring activities performed with regard to its subrecipients. Views of Responsible Officials and Planned Corrective Actions: Management understands and is working to provide better oversight and monitoring of entities that receive pass-through grant dollars. See corrective action plan.
Finding Number: 2023-001 Internal Control over Compliance and Compliance with the Subrecipient Monitoring Compliance Requirement, Repeat Finding, Finding No. 2022-001 Identification of the Major Federal Program: Programs: Government Agency: Inclusion Across the Nation of Communities of Learners of Underrepresented Discoverers in Engineering and Science Assistance Listing Number: 47.076 Award Number: HRD-1834540 Award Years: 09/01/2018 – 02/28/2025 PhysTEC: Building a Solution to the National Physics Teacher Shortage Assistance Listing Number: 47.049 Award Number: PHY-1707990 Award Years: 07/01/2017 – 06/30/2023 National Science Foundation (NSF) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331, a pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. reviewing financial and programmatic (performance and special reports) required by the PTE; 2. following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means; 3. issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Furthermore, under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Public Law 110-252, hereafter referred as the “Transparency Act” that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). If a subaward/subcontract was subject to reporting under the Transparency Act, the action was required to be reported in FSRS no later than the last day of the month following the month in which the subaward/subcontract amendment obligation was made or in the subcontract award/subcontract modification was made. Conditions – Our examination of the program’s subrecipient monitoring requirements includes the review and approval of financial and performance quarterly reports by the program managers. The quarterly reports are prepared by APS’ grants administrator with inputs provided by the subrecipient submitted to the program managers. Of the program’s twenty (20) subrecipients, we examined eight (8) subrecipients and observed that although the respective program managers had monitoring oversight of the various grant’s financial and programmatic activities, there was no formal evidentiary documentation to support the monitoring oversight process performed by the program managers. Furthermore, our examination of the program’s subrecipient monitoring requirements includes follow-ups by APS to ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to federal awards provided to the subrecipients which have been detected through reviews of audits, on-site reviews, and other means. We selected six (6) subrecipients for testing and noted that for two (2) samples selected APS was unable to provide evidence that it monitored the subrecipients through review of its single audit reports, on-site reviews, and other means. We also tested a sample of three (3) subrecipients and our examination of the monitoring and reporting requirements revealed that APS did not report the information on a subaward of $30,000 or more in federal funds timely and on one (1) of the sub awards reported, the contract award amount reported is less than the actual expenditures incurred by the subrecipient. APS began implementation of its corrective action plan on June 5, 2023, and the exceptions identified above is as a result of the fact that APS was still in the implementation process of its corrective action plan. Cause - Management does not have adequate internal controls and policies and procedures in place to ensure that a review is performed on the financial and programmatic reports in a timely manner and to ensure that its subrecipients do not have any audit deficiencies relating to federal award programs and if any deficiencies are detected, that the subrecipients takes timely and appropriate action to resolve the deficiencies identified. There is also a lack of established monitoring and internal control procedures in place to ensure that reports required under the Transparency Act are prepared and submitted timely in FSRS Reporting System resulted in APS’ noncompliance with the reporting requirements. Effect or potential effect – APS is not in compliance with the subrecipient monitoring requirements as it did not maintain consistent documented evidence of its monitoring of subrecipients. In addition, failure to comply with the reporting requirements of the Uniform Guidance could result in the awarding agency taking action such as reducing future funding. Questioned Costs – None. Context – These are conditions identified per review of APS compliance with specified compliance requirements using a statistically valid sample. Recommendations – BDO recommends that APS continue to apply the implemented policies, procedures and controls that will ensure that all requisite reports are reviewed, and evidence of review are documented and maintained. Furthermore, APS should continue to implement policies to obtain and review single audit reports of its subrecipients in order to ensure compliance with all the required laws, guidelines and requirement under the award. BDO recommends that APS continues to implement established policies and procedure over the preparation and timely submission of reports required under the Transparency Act to ensure compliance with reporting requirements. Views of Responsible Officials - APS concurs with this finding. APS’ corrective action is described in the Management’s Corrective Action Plan included below.
Finding Number: 2023-001 Internal Control over Compliance and Compliance with the Subrecipient Monitoring Compliance Requirement, Repeat Finding, Finding No. 2022-001 Identification of the Major Federal Program: Programs: Government Agency: Inclusion Across the Nation of Communities of Learners of Underrepresented Discoverers in Engineering and Science Assistance Listing Number: 47.076 Award Number: HRD-1834540 Award Years: 09/01/2018 – 02/28/2025 PhysTEC: Building a Solution to the National Physics Teacher Shortage Assistance Listing Number: 47.049 Award Number: PHY-1707990 Award Years: 07/01/2017 – 06/30/2023 National Science Foundation (NSF) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331, a pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. reviewing financial and programmatic (performance and special reports) required by the PTE; 2. following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means; 3. issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Furthermore, under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Public Law 110-252, hereafter referred as the “Transparency Act” that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). If a subaward/subcontract was subject to reporting under the Transparency Act, the action was required to be reported in FSRS no later than the last day of the month following the month in which the subaward/subcontract amendment obligation was made or in the subcontract award/subcontract modification was made. Conditions – Our examination of the program’s subrecipient monitoring requirements includes the review and approval of financial and performance quarterly reports by the program managers. The quarterly reports are prepared by APS’ grants administrator with inputs provided by the subrecipient submitted to the program managers. Of the program’s twenty (20) subrecipients, we examined eight (8) subrecipients and observed that although the respective program managers had monitoring oversight of the various grant’s financial and programmatic activities, there was no formal evidentiary documentation to support the monitoring oversight process performed by the program managers. Furthermore, our examination of the program’s subrecipient monitoring requirements includes follow-ups by APS to ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to federal awards provided to the subrecipients which have been detected through reviews of audits, on-site reviews, and other means. We selected six (6) subrecipients for testing and noted that for two (2) samples selected APS was unable to provide evidence that it monitored the subrecipients through review of its single audit reports, on-site reviews, and other means. We also tested a sample of three (3) subrecipients and our examination of the monitoring and reporting requirements revealed that APS did not report the information on a subaward of $30,000 or more in federal funds timely and on one (1) of the sub awards reported, the contract award amount reported is less than the actual expenditures incurred by the subrecipient. APS began implementation of its corrective action plan on June 5, 2023, and the exceptions identified above is as a result of the fact that APS was still in the implementation process of its corrective action plan. Cause - Management does not have adequate internal controls and policies and procedures in place to ensure that a review is performed on the financial and programmatic reports in a timely manner and to ensure that its subrecipients do not have any audit deficiencies relating to federal award programs and if any deficiencies are detected, that the subrecipients takes timely and appropriate action to resolve the deficiencies identified. There is also a lack of established monitoring and internal control procedures in place to ensure that reports required under the Transparency Act are prepared and submitted timely in FSRS Reporting System resulted in APS’ noncompliance with the reporting requirements. Effect or potential effect – APS is not in compliance with the subrecipient monitoring requirements as it did not maintain consistent documented evidence of its monitoring of subrecipients. In addition, failure to comply with the reporting requirements of the Uniform Guidance could result in the awarding agency taking action such as reducing future funding. Questioned Costs – None. Context – These are conditions identified per review of APS compliance with specified compliance requirements using a statistically valid sample. Recommendations – BDO recommends that APS continue to apply the implemented policies, procedures and controls that will ensure that all requisite reports are reviewed, and evidence of review are documented and maintained. Furthermore, APS should continue to implement policies to obtain and review single audit reports of its subrecipients in order to ensure compliance with all the required laws, guidelines and requirement under the award. BDO recommends that APS continues to implement established policies and procedure over the preparation and timely submission of reports required under the Transparency Act to ensure compliance with reporting requirements. Views of Responsible Officials - APS concurs with this finding. APS’ corrective action is described in the Management’s Corrective Action Plan included below.
Cluster: Research and Development Agency: Department of Human and Health Services Award Names: Safety and Health Risks in Energy Transition for the Commercial Fishing Industry Award Numbers: U01OH012502 Assistance Listing Title: Center for Disease Control and Prevention (CDC) Assistance Listing Number: 93.262 Award Year: FY 2023 Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Condition Through our testing of 4 subrecipients out of a total subrecipient population of 10, we were able to obtain a documented initial risk assessment for each subrecipient selected and other evidence of monitoring such as meetings with the subrecipients. However, we were unable to obtain evidence that the Company obtained and reviewed the annual Uniform Guidance report or annual audited financial statements (if the entity was not subject to a Uniform Guidance audit) for 1 out of 4 subrecipients selected for testing. Cause The Company failed to ensure that their subrecipient monitoring process included obtaining and reviewing every subrecipient’s annual Uniform Guidance report or annual audited financial statements during FY 2023. Effect The lack of an annual review of subrecipient audits may result in ineligible subrecipients receiving federal awards, subrecipient findings not being fully remediated and other monitoring procedures (based on risk level) not being performed. Questioned Costs None noted. Recommendation We recommend the Company follow their policy, which includes obtaining and reviewing Uniform Guidance reports (or audited financial statements to the extent Uniform Guidance reports are not available) for every subrecipient on an annual basis and ensure that it is completed for all applicable awards. When reviewing the reports, they should understand the type of opinion(s) expressed and whether there were any findings associated with their awards, document their review and assess whether there is any change in the risk assessment and subsequent monitoring needed of each subrecipient. We also recommend a supervisory review over subrecipient monitoring to be included in the process to ensure it gets completed completely and accurately for all awards. This supervisory review should also be evidenced through documentation. This is a repeat finding of 2022-001, which continued to remain open during FY2023. Management’ Views and Corrective Action Plan Management’s Views and Corrective Action Plan are included at the end of this report.
FINDING 2023-003 Subject: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds - Subrecipient Monitoring Federal Agency: Department of the Treasury Federal Program: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Assistance Listings Number: 21.027 Federal Award Number and Year (or Other Identifying Number): FY 2023 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Modified Opinion Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-005. Condition and Context The County received a total State and Local Fiscal Recovery Funds (SLFRF) allocation of $13,177,707. During the audit period, the County provided subawards of SLFRF funds to other entities. As a pass-through entity, the County must: Identify the award and the applicable requirements to each subrecipient. Evaluate each subrecipient's risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for an authorized purpose, complies with the terms and conditions of the subaward, and achieves performance goals. Subawards, totaling $290,000, were provided to two different entities. Both subrecipient agreements associated with the subawards were selected for testing. For the two agreements tested, the following information was incomplete or missing: The federal award identification number (FAIN). The federal award date of award to the recipient by the federal agency. The name of the federal awarding agency, pass-through entity (auditee), and contact information for awarding official of the pass-through entity (auditee). The Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each federal award and the Assistance Listings Number at time of disbursement. Furthermore, the County did not have an evaluation of the subrecipients' risk of noncompliance or monitoring activities demonstrating compliance with the subrecipient monitoring requirement. The County did not request any financial or audit documentation from the subrecipients. The lack of internal controls and noncompliance were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 21 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.331(a) states: "Subrecipients. A subaward is for the purpose of carrying out a portion of a Federal award and creates a Federal assistance relationship with the subrecipient. See definition for Subaward in § 200.1 of this part. Characteristics which support the classification of the non-Federal entity as a subrecipient include when the non-Federal entity: (1) Determines who is eligible to receive what Federal assistance; (2) Has its performance measured in relation to whether objectives of a Federal program were met; (3) Has responsibility for programmatic decision-making; (4) Is responsible for adherence to applicable Federal program requirements specified in the Federal award; and (5) In accordance with its agreement, uses the Federal funds to carry out a program for a public purpose specified in authorizing statute, as opposed to providing goods or services for the benefit of the pass-through entity." 2 CFR 200.332 states in part: "All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward . . . (1) Federal award identification. (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; INDIANA STATE BOARD OF ACCOUNTS 22 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the passthrough entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the passthrough entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; (4) (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the passthrough entity must determine the appropriate rate in collaboration with the subrecipient, which is either: (A) The negotiated indirect cost rate between the pass-through entity and the subrecipient; which can be based on a prior negotiated rate between a different PTE and the same subrecipient. If basing the rate on a previously negotiated rate, the pass-through entity is not required to collect information justifying this rate, but may elect to do so; (B) The de minimis indirect cost rate. INDIANA STATE BOARD OF ACCOUNTS 23 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. Subrecipients can elect to use the cost allocation method to account for indirect costs in accordance with § 200.405(d). (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient's risk of noncompliance with Federal statues, regulations, and the terms and conditions of the subaward for purposes of determined the appropriate subrecipient monitoring . . . (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. . . ." Cause The system of internal controls as established by the management of the County was not properly designed nor implemented. The County was unable to provide documentation that monitoring procedures were in place over subrecipients. Effect Without the proper implementation of an effectively designed system of internal controls, the County cannot be sure subrecipients are provided an adequate subaward agreement, with all required elements and are adequately monitored. As such, subaward agreements entered into by the County did not include all the required elements. In addition, the County did not properly monitor the non-profit to ensure proper spending of the federal funds. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the County. INDIANA STATE BOARD OF ACCOUNTS 24 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the County design and implement a proper system of internal controls and develop policies and procedures to ensure subrecipients are provided with an adequate subaward agreement and monitored as appropriate. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2023-001 - Internal Controls over Subrecipient Monitoring (SD, NC) Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds Federal Catalog Number: 21.027 Federal Agency: U.S. Department of Treasury Category of Finding: Subrecipient Monitoring Criteria: Pursuant to the Office of Management and Budget (OMB) 2 CFR Part 200, Appendix XI, Compliance Supplement May 2023, sections 3-M-1 and 3-M-2: A recipient must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. Reviewing financial and programmatic (performance and special reports) required by the PTE. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. 3. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Condition: While the Society currently has policies and procedures for monitoring subrecipients, it does not have a policy specifically relating to subaward agreements between the Society and its subrecipients that is compliant with applicable Federal statutes per 2 CFR part 200, Appendix XI, Compliance Supplement May 2023, sections 3-M-1 and 3-M-2. No formal subaward agreement was drafted by the Society and its subrecipient. Cause: Lack of formal policies specifically addressing federal requirements for subaward agreements. Effect or Potential Effect: Although the Society has existing policies and procedures for monitoring, the absence of a formal subaward agreement compliant with federal regulations may potentially result in the Society sending funds to subrecipients for activities and services that are nonconforming to allowed costs under the Uniform Guidance. Questioned Cost: None Context: During the audit, we did not receive a copy of the subaward between the Society and its subrecipient. Repeat of a Prior-Year Finding: No.
Criteria: 2 CFR 200.332 notes, “All pass-through entities must… (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Condition: The Organization noted they do not request and review audited financial statements for all subrecipients. Questioned Costs: N/A Cause and Effect: Without reviewing audited financial statements, subrecipients may have deficiencies in internal control or compliance which could lead to future unallowable expenditures to be incurred. Recommendation: We recommend ACT evaluates policies and procedures to ensure appropriate monitoring is performed over all subrecipients and reviews audited financial statements for those subrecipients that are required to have an audit performed. Views of Responsible Officials and Planned Corrective Actions: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Criteria: 2 CFR 200.332 notes, “All pass-through entities must… (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Condition: The Organization noted they do not request and review audited financial statements for all subrecipients. Questioned Costs: N/A Cause and Effect: Without reviewing audited financial statements, subrecipients may have deficiencies in internal control or compliance which could lead to future unallowable expenditures to be incurred. Recommendation: We recommend ACT evaluates policies and procedures to ensure appropriate monitoring is performed over all subrecipients and reviews audited financial statements for those subrecipients that are required to have an audit performed. Views of Responsible Officials and Planned Corrective Actions: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
2023-004: Subrecipient Monitoring Criteria: The Code of Federal Regulations 2 CFR 200.332 states that all pass-through entities (PTE) must: Identify the Award and Applicable Requirements - Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.331(a)(1); (2)all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.331(a)(3)). Evaluate Risk - Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). Monitor - Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: (1) Reviewing financial and programmatic (performance and special reports) required by the PTE. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Condition: The Organization did not clearly communicate the required federal award information and applicable requirements to the subrecipients. The Organization did not evaluate the risk of non-compliance of the subrecipients in order to identify the appropriate monitoring procedures. Statistical sampling was not used in making sample selections. Cause: The Organization has not implemented policies or procedures, to the degree necessary, to ensure that federal award monitoring compliance requirements are being met. Effect: The Organization did not perform adequate monitoring procedures on the subrecipients. Without communication of required information, subrecipients may overspend award amounts or incur unallowable expenses towards the grant. Questioned Costs: N/A Statistical Sampling: Statistical sampling was not used in making sample selections. Recommendation: We recommend that management of the Organization implement policies, procedures, and internal controls to evaluate the subrecipient risk of noncompliance to ensure subrecipients are being appropriately monitored in compliance with federal regulations. Views of Responsible Officials: Management agrees with this finding and their response is included in the corrective action plan.
Finding Number: 2023-007 Repeat Finding: Yes Type of Finding: Material Weakness in Internal Control and Material Noncompliance Description: Subrecipient Monitoring and Management Major Program: AL#93.772 - Tribal Public Health Capacity Building and Quality Improvement Umbrella Cooperative Agreement – Direct Award (DHHS) – Award numbers: 1 NU38TO000023-01-00, 6 NU38TO000023- 01-01, 6 NU38OT000257-05-03 and 6 NU38OT000257C3 Questioned Costs: None How the questioned costs were computed: N/A Compliance Requirement: Subrecipient Monitoring Condition: The Organization did not comply with any of the subrecipient monitoring and management requirements in accordance with 2 CFR Part 200.332. Criteria: The subrecipient monitoring and management requirements that are codified in 2 CFR Part 200.332 requires the pass-through entity must: a. Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes: 1. Federal award identification; 2. All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; 3. Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports. 4. (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the passthrough entity must determine the appropriate rate in collaboration with the subrecipient, which is either: 1. The negotiated indirect cost rate between the pass-through entity and the subrecipient; 2. The de minimis indirect cost rate (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. (iii) 5. A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient’s records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and 6. Appropriate terms and conditions concerning closeout of the subaward. b. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. c. Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. 4. The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the passthrough entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. e. Depending upon the pass-through entity's assessment of risk posed by the subrecipient, the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: 1. Providing subrecipients with training and technical assistance on program-related matters; and 2. Performing on-site reviews of the subrecipient's program operations; 3. Arranging for agreed-upon-procedures engagements as described in § 200.425. f. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. g. Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. h. Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations. Cause: The Organization’s management was not aware of the subrecipient monitoring and management requirements. Effect: The Organization was not in compliance with any of the subrecipient monitoring and management requirements, resulting in a material noncompliance and a material weakness in internal controls over compliance. Recommendation: We recommend the Organization implement systems and procedures to ensure compliance with the subrecipient monitoring and management compliance requirements. View of Responsible Officials: Management agrees with the finding and has committed to a corrective action plan.
Finding Number: 2023-007 Repeat Finding: Yes Type of Finding: Material Weakness in Internal Control and Material Noncompliance Description: Subrecipient Monitoring and Management Major Program: AL#93.772 - Tribal Public Health Capacity Building and Quality Improvement Umbrella Cooperative Agreement – Direct Award (DHHS) – Award numbers: 1 NU38TO000023-01-00, 6 NU38TO000023- 01-01, 6 NU38OT000257-05-03 and 6 NU38OT000257C3 Questioned Costs: None How the questioned costs were computed: N/A Compliance Requirement: Subrecipient Monitoring Condition: The Organization did not comply with any of the subrecipient monitoring and management requirements in accordance with 2 CFR Part 200.332. Criteria: The subrecipient monitoring and management requirements that are codified in 2 CFR Part 200.332 requires the pass-through entity must: a. Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes: 1. Federal award identification; 2. All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; 3. Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports. 4. (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the passthrough entity must determine the appropriate rate in collaboration with the subrecipient, which is either: 1. The negotiated indirect cost rate between the pass-through entity and the subrecipient; 2. The de minimis indirect cost rate (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. (iii) 5. A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient’s records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and 6. Appropriate terms and conditions concerning closeout of the subaward. b. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. c. Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. 4. The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the passthrough entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. e. Depending upon the pass-through entity's assessment of risk posed by the subrecipient, the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: 1. Providing subrecipients with training and technical assistance on program-related matters; and 2. Performing on-site reviews of the subrecipient's program operations; 3. Arranging for agreed-upon-procedures engagements as described in § 200.425. f. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. g. Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. h. Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations. Cause: The Organization’s management was not aware of the subrecipient monitoring and management requirements. Effect: The Organization was not in compliance with any of the subrecipient monitoring and management requirements, resulting in a material noncompliance and a material weakness in internal controls over compliance. Recommendation: We recommend the Organization implement systems and procedures to ensure compliance with the subrecipient monitoring and management compliance requirements. View of Responsible Officials: Management agrees with the finding and has committed to a corrective action plan.
2023-008 - Uniform Guidance Subrecipient Monitoring - Significant Deficiency/Noncompliance Federal Program: Assistance Listing #21.027, Coronavirus State and Local Fiscal Recovery Funds, U.S. Department of Treasury, Pass Through Entity Identifying Number: Not Available Assistance Listing #21.023, Emergency Rental Assistance Program, U.S. Department of Treasury, Passed through the Pennsylvania Department of Human Services, Pass-Through Entity Identifying Number: N/A Prior Year Finding Number 2022-004 Criteria: The requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards (Uniform Guidance), §200.331 Requirements for Pass-through Entities, requires entities who pass federal funding through to subrecipients evaluate each subrecipient's risk of noncompliance. As detailed in 2 CFR sections 200.331(d) through (f), the Uniform Guidance requires pass-through entities to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. This includes issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient, as detailed in 2 CFR section 200.521. Condition/Context: As part of our follow-up on previous audit findings and based on our current year testing, it was noted that the County is not formally documenting its monitoring activities over its subrecipients in compliance with the Uniform Guidance. Questioned Costs: N/A Cause: While the County has monitoring processes in place for subrecipients, it is not currently documenting certain of the initial risk assessment decisions or the occurrence of ongoing monitoring activities for its subrecipient, representing a significant deficiency in internal control over compliance. Effect: The County is not in compliance with certain requirements of the Uniform Guidance. Recommendation: We recommend that County management perform and document the various monitoring activities performed with regard to its subrecipients. Views of Responsible Officials and Planned Corrective Actions: Management understands and is working to provide better oversight and monitoring of entities that receive pass-through grant dollars. See corrective action plan.
2023-008 - Uniform Guidance Subrecipient Monitoring - Significant Deficiency/Noncompliance Federal Program: Assistance Listing #21.027, Coronavirus State and Local Fiscal Recovery Funds, U.S. Department of Treasury, Pass Through Entity Identifying Number: Not Available Assistance Listing #21.023, Emergency Rental Assistance Program, U.S. Department of Treasury, Passed through the Pennsylvania Department of Human Services, Pass-Through Entity Identifying Number: N/A Prior Year Finding Number 2022-004 Criteria: The requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards (Uniform Guidance), §200.331 Requirements for Pass-through Entities, requires entities who pass federal funding through to subrecipients evaluate each subrecipient's risk of noncompliance. As detailed in 2 CFR sections 200.331(d) through (f), the Uniform Guidance requires pass-through entities to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. This includes issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient, as detailed in 2 CFR section 200.521. Condition/Context: As part of our follow-up on previous audit findings and based on our current year testing, it was noted that the County is not formally documenting its monitoring activities over its subrecipients in compliance with the Uniform Guidance. Questioned Costs: N/A Cause: While the County has monitoring processes in place for subrecipients, it is not currently documenting certain of the initial risk assessment decisions or the occurrence of ongoing monitoring activities for its subrecipient, representing a significant deficiency in internal control over compliance. Effect: The County is not in compliance with certain requirements of the Uniform Guidance. Recommendation: We recommend that County management perform and document the various monitoring activities performed with regard to its subrecipients. Views of Responsible Officials and Planned Corrective Actions: Management understands and is working to provide better oversight and monitoring of entities that receive pass-through grant dollars. See corrective action plan.
2023-002 Subrecipient Monitoring Public Health Training Centers Program – Assistance Listing No. 93.516 Award Number: 1 T29HP46735‐01‐00 – Award Period: September 15, 2022 through September 14, 2025 Centers for Disease Control and Prevention Collaboration with Academia to Strengthen Public Health – Assistance Listing No. 93.967 Award Number: G2513_AG-1146 Amendment #1 – Award Period: February 1, 2023 through November 30, 2024 Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Condition: During our testing of subrecipients, we noted documentation was not maintained demonstrating the Organization checked for suspension and debarment prior to contracting with subrecipients, subrecipient vs contractor determinations, evaluation of each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring, or obtaining/reviewing the most recent single audit reports for subrecipients to address findings related to a particular subaward. Criteria: According to 2 CFR 200.331, pass-through entities must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. 2 CFR 200.332 requires every subaward agreement include certain information including the subrecipient’s unique entity identifier (see paragraph (a) for a list of all required data elements); additionally, all pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in § 200.425. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations. 2 CFR 180.22 requires that contract awards not be made to parties listed on the government wide exclusions in the system for Award Management, which contains the names of parties debarred, suspended or otherwise excluded by agencies as well as parties declared ineligible under statutory or regulatory authority. Questioned Costs: None. Cause: The Organization did not have a process in place to ensure all required elements of subrecipient monitoring were documented and retained in their records. Effect: Inadequate monitoring procedures and records may not detect subrecipient noncompliance on a timely basis. This could result in the Organization entering into subrecipient agreements with organizations who are ineligible to receive federal funds or might otherwise not comply with federal laws and regulations. Recommendation: We recommend that management implement procedures to ensure that future subrecipient agreements are compared against all requirements in 2 CFR 200.331, 2 CFR 200.332, and 2 CFR 180.22 and that formal documentation of such considerations be maintained. Views of Responsible Officials and Planned Corrective Actions: Management agrees. See separately issued Corrective Action Plan.
Subrecipient Monitoring Federal Department – U.S. Department of Health and Human Services Federal Award Identification Number and Year: NH75OT000024 and 2021 COVID-19 - Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises, Federal Assistance Listing #93.391 County Department – Department of Public Health Finding 2023 – 005 CRITERIA 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, Subpart D—Post Federal Award Requirements Standards for Financial and Program Management, Section 200.332. Requirements for pass-through entities, requires that “All pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F—Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in Section 200.208 Specific conditions. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by Section 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in Section 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F— Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501 Audit requirements. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in Section 200.338 Remedies for noncompliance of this part and in program regulations.” CONDITION During the current audit period, the Cook County Department of Public Health (DPH) did not adequately comply with its subrecipient monitoring requirements in accordance with federal regulations. CAUSE Based on discussions with management, the cause of this finding was due to DPH/CCH identifying a consultant agency to conduct the subrecipient monitoring; this was accomplished October 2023. Current Status: These documents were created, shared with the auditor pending management approval; 1) Subrecipient Monitoring Policy 2). Subrecipient Commitment Form 3). Subrecipient Determination Tool 4). Subrecipient Risk Assessment and Monitoring Guide. EFFECT Failure to adequately monitor the activities and performance of a subrecipient could result in Federal awards being used for unauthorized purposes and DPH’s inability to adequately perform risk assessments on its subrecipient(s). QUESTIONED COSTS None. CONTEXT During the prior audit period, we noted 6 instances (of 27 subrecipients), whereby adequate documentation was not maintained to support both the financial and programmatic monitoring of these subrecipients. Also, we noted no evidence of the performance of subrecipients’ risk assessment and whether the subrecipients were required to have a Single audit conducted. This resulted in the 2022 audit finding and subsequent corrective action planned prepared by DPH to address the finding, which was anticipated to be completed by December 31, 2023. During the current audit period, we received DPH’s current year status of the prior audit finding, noting that risk assessment and monitoring will be ongoing during the 2023 Single audit. To assess the current year’s status, we reviewed 5 of 35 subrecipients, noting that risk assessments were conducted in April 2024. We also noted that 4 of the 5 subrecipients reviewed were subject to a Single Audit per the risk assessment documentation. However, we noted no evidence financial monitoring conducted, including whether a Single Audit report was obtained and reviewed by DPH. IDENTIFICATION OF REPEATED FINDINGS Repeated (Prior Finding No. 2022-009) RECOMMENDATION We recommend DPH implement its prior corrective action plan for any future subrecipients awarded under the federal program. Also, procedures should be in place to adequately document financial monitoring conducted, as well as the review of the Single Audit report, as required by federal regulations. VIEWS OF RESPONSIBLE OFFICIALS AND PLANNED CORRECTIVE ACTIONS The County agrees with the finding and recommendation. The County’s corrective action plan is on page 56.
Subrecipient Monitoring Federal Department – U.S. Department of Health and Human Services Federal Award Identification Number and Year: NU58DP006993 and 2022/2023 COVID-19 - Community Health Workers for Public Health Response and Resilient, Federal Assistance Listing #93.495 County Department – Department of Public Health Finding 2023 – 006 CRITERIA 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, Subpart D—Post Federal Award Requirements Standards for Financial and Program Management, Section 200.332. Requirements for pass-through entities, requires that “All pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F—Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in Section 200.208 Specific conditions. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by Section 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in Section 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F— Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501 Audit requirements. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in Section 200.338 Remedies for noncompliance of this part and in program regulations.” CONDITION During the current audit period, the Cook County Department of Public Health (DPH) did not perform adequate monitoring of its subrecipients as required by Federal regulations. CAUSE Based on discussions with management, the cause of this finding was due to DPH/CCH identifying a consultant agency to conduct the subrecipient monitoring; this was accomplished October 2023. Current Status: These documents were created, shared with the auditor pending management approval; 1) Subrecipient Monitoring Policy 2). Subrecipient Commitment Form 3). Subrecipient Determination Tool 4). Subrecipient Risk Assessment and Monitoring Guide. EFFECT Failure to adequately monitor the activities and performance of a subrecipient could result in Federal awards being used for unauthorized purposes and DPH’s inability to adequately perform risk assessments on its subrecipient(s). QUESTIONED COSTS None. CONTEXT During the current audit period, we noted 12 subrecipients were awarded funds. During our review of three (3) subrecipients, we noted the following: For all three subrecipients, we noted that adequate documentation was not maintained to support the financial monitoring of these subrecipients. Also, no documentation was provided to verify whether the subrecipients were required to have a Single Audit conducted, including DPH’s review of the report, and if applicable, issuance of a management decision on audit findings noted as required by 2 CFR 200.332d(3). For one subrecipient, we noted documentation was not maintained to support DPH’s evaluation of the subrecipient’s risk of noncompliance and the frequency of monitoring to be conducted by DPH based on the assessed risk. IDENTIFICATION OF REPEATED FINDINGS None. RECOMMENDATION We recommend DPH implement procedures to ensure that adequate documentation is maintained to support financial monitoring conducted, evaluation of each subrecipient’s risk of noncompliance and review of the Single Audit report, as required by federal regulations. VIEWS OF RESPONSIBLE OFFICIALS AND PLANNED CORRECTIVE ACTIONS The County agrees with the finding and recommendation. The County’s corrective action plan is on page 56.
Subrecipient Monitoring Federal Department – U.S. Department of Health and Human Services Federal Award Identification Number and Year: NH75OT000024 and 2021 COVID-19 - Activities to Support State, Tribal, Local and Territorial (STLT) Health Department Response to Public Health or Healthcare Crises, Federal Assistance Listing #93.391 County Department – Department of Public Health Finding 2023 – 005 CRITERIA 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, Subpart D—Post Federal Award Requirements Standards for Financial and Program Management, Section 200.332. Requirements for pass-through entities, requires that “All pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F—Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in Section 200.208 Specific conditions. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by Section 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in Section 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F— Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501 Audit requirements. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in Section 200.338 Remedies for noncompliance of this part and in program regulations.” CONDITION During the current audit period, the Cook County Department of Public Health (DPH) did not adequately comply with its subrecipient monitoring requirements in accordance with federal regulations. CAUSE Based on discussions with management, the cause of this finding was due to DPH/CCH identifying a consultant agency to conduct the subrecipient monitoring; this was accomplished October 2023. Current Status: These documents were created, shared with the auditor pending management approval; 1) Subrecipient Monitoring Policy 2). Subrecipient Commitment Form 3). Subrecipient Determination Tool 4). Subrecipient Risk Assessment and Monitoring Guide. EFFECT Failure to adequately monitor the activities and performance of a subrecipient could result in Federal awards being used for unauthorized purposes and DPH’s inability to adequately perform risk assessments on its subrecipient(s). QUESTIONED COSTS None. CONTEXT During the prior audit period, we noted 6 instances (of 27 subrecipients), whereby adequate documentation was not maintained to support both the financial and programmatic monitoring of these subrecipients. Also, we noted no evidence of the performance of subrecipients’ risk assessment and whether the subrecipients were required to have a Single audit conducted. This resulted in the 2022 audit finding and subsequent corrective action planned prepared by DPH to address the finding, which was anticipated to be completed by December 31, 2023. During the current audit period, we received DPH’s current year status of the prior audit finding, noting that risk assessment and monitoring will be ongoing during the 2023 Single audit. To assess the current year’s status, we reviewed 5 of 35 subrecipients, noting that risk assessments were conducted in April 2024. We also noted that 4 of the 5 subrecipients reviewed were subject to a Single Audit per the risk assessment documentation. However, we noted no evidence financial monitoring conducted, including whether a Single Audit report was obtained and reviewed by DPH. IDENTIFICATION OF REPEATED FINDINGS Repeated (Prior Finding No. 2022-009) RECOMMENDATION We recommend DPH implement its prior corrective action plan for any future subrecipients awarded under the federal program. Also, procedures should be in place to adequately document financial monitoring conducted, as well as the review of the Single Audit report, as required by federal regulations. VIEWS OF RESPONSIBLE OFFICIALS AND PLANNED CORRECTIVE ACTIONS The County agrees with the finding and recommendation. The County’s corrective action plan is on page 56.
Subrecipient Monitoring Federal Department – U.S. Department of Health and Human Services Federal Award Identification Number and Year: NU58DP006993 and 2022/2023 COVID-19 - Community Health Workers for Public Health Response and Resilient, Federal Assistance Listing #93.495 County Department – Department of Public Health Finding 2023 – 006 CRITERIA 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, Subpart D—Post Federal Award Requirements Standards for Financial and Program Management, Section 200.332. Requirements for pass-through entities, requires that “All pass-through entities must: (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F—Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (c) Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in Section 200.208 Specific conditions. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by Section 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters; and (2) Performing on-site reviews of the subrecipient's program operations; (3) Arranging for agreed-upon-procedures engagements as described in Section 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F— Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in Section 200.501 Audit requirements. (g) Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. (h) Consider taking enforcement action against noncompliant subrecipients as described in Section 200.338 Remedies for noncompliance of this part and in program regulations.” CONDITION During the current audit period, the Cook County Department of Public Health (DPH) did not perform adequate monitoring of its subrecipients as required by Federal regulations. CAUSE Based on discussions with management, the cause of this finding was due to DPH/CCH identifying a consultant agency to conduct the subrecipient monitoring; this was accomplished October 2023. Current Status: These documents were created, shared with the auditor pending management approval; 1) Subrecipient Monitoring Policy 2). Subrecipient Commitment Form 3). Subrecipient Determination Tool 4). Subrecipient Risk Assessment and Monitoring Guide. EFFECT Failure to adequately monitor the activities and performance of a subrecipient could result in Federal awards being used for unauthorized purposes and DPH’s inability to adequately perform risk assessments on its subrecipient(s). QUESTIONED COSTS None. CONTEXT During the current audit period, we noted 12 subrecipients were awarded funds. During our review of three (3) subrecipients, we noted the following: For all three subrecipients, we noted that adequate documentation was not maintained to support the financial monitoring of these subrecipients. Also, no documentation was provided to verify whether the subrecipients were required to have a Single Audit conducted, including DPH’s review of the report, and if applicable, issuance of a management decision on audit findings noted as required by 2 CFR 200.332d(3). For one subrecipient, we noted documentation was not maintained to support DPH’s evaluation of the subrecipient’s risk of noncompliance and the frequency of monitoring to be conducted by DPH based on the assessed risk. IDENTIFICATION OF REPEATED FINDINGS None. RECOMMENDATION We recommend DPH implement procedures to ensure that adequate documentation is maintained to support financial monitoring conducted, evaluation of each subrecipient’s risk of noncompliance and review of the Single Audit report, as required by federal regulations. VIEWS OF RESPONSIBLE OFFICIALS AND PLANNED CORRECTIVE ACTIONS The County agrees with the finding and recommendation. The County’s corrective action plan is on page 56.
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings
2023-001 Subrecipient Monitoring Cluster: Research and Development Cluster (“R&D Cluster”) Grantor: Various - All R&D Cluster awards with subrecipients Award Name: Various - All R&D Cluster awards with subrecipients Award Year: FY2023 Pass-through entities and ID Number: Various - All R&D Cluster awards with subrecipients Assistance Listing Number: Various – All R&D Cluster awards with subrecipients Condition While the University has a detailed pre-award risk assessment process prior to entering into a subrecipient relationship, which includes review of subrecipient Uniform Guidance reports, subsequent review of Uniform Guidance reports for monitoring purposes is not consistently completed. Subsequent review of Uniform Guidance reports for monitoring purposes is completed at the time of a subaward amendment, or no less frequently than an annual basis per University policy, however, for 4 out of 25 subaward selections, the subawards were not amended within a year. As such, over a year passed since a Uniform Guidance report was reviewed for these subrecipients for monitoring purposes. Additionally, given the risk assessments are used to cover certain post-award subrecipient monitoring requirements, we noted the following: • 4 out of 25 selections did not have clear documentation as to which Uniform Guidance report had been specifically reviewed • 3 out of 25 subrecipients had findings/deficiencies in their Uniform Guidance reports and there was no documentation for how the University concluded these were not relevant to their subawards • 1 out of 5 subrecipients without Uniform Guidance reports did not have notations on alternative support that was reviewed in lieu of Uniform Guidance reports, as required by University policy. Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: • Reviewing financial and performance reports required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. • Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Additionally, 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Cause Review of Uniform Guidance reports for post-award monitoring purposes is dependent upon a subaward amendment being executed. If an annual amendment is not executed, there is a gap in the monitoring process as the latest Uniform Guidance reports did not get reviewed. While the University expected all subrecipients to have a subaward amendment processed within a year, the testing noted above identified instances where no amendment was processed, and as such, a Uniform Guidance report was not reviewed within that period of time. Additionally, in regard to the completeness of documentation within the risk assessments, while individuals executing the subaward agreements are required to review the risk assessment form in conjunction with the agreement, there is no formal secondary review required to be evidenced and as such, certain elements were overlooked. Effect The lack of an annual review of subrecipient Uniform Guidance reports may result in potential compliance issues not being identified and management not addressing findings and issuing a management decision, as required under the Uniform Guidance. In addition, the lack of review of the risk assessment form may result in missing information not being identified. Questioned Costs There are no questioned costs associated with this finding. Recommendation We recommend the University review their policies and procedures specific to reviewing Uniform Guidance reports of subrecipients for post-award monitoring purposes to ensure all subrecipient reports are reviewed annually. Additionally, we recommend a formal secondary sign-off be included on the risk assessment form to ensure completeness and agreement with conclusions reached. Management’s Views and Corrective Action Plan Management’s response is included in “Management’s Views and Corrective Action Plan” included at the end of this report after the summary schedule of status of prior audit findings