Finding 2024-002: Untimely Review of Subrecipient Single Audit Reports Federal Agency: The Corporation for National and Community Service U.S. Department of Agriculture (USDA) U.S. Department of Commerce (USDOC) U.S. Department of Defense (USDOD) U.S. Department of Education (USDE) U.S. Department of Energy (USDOE) U.S. Department of Health and Human Services (USDHHS) U.S. Department of Homeland Security (USDHS) U.S. Department of Housing and Urban Development (USHUD) U.S. Department of Interior (USDOI) U.S. Department of Justice (USDOJ) U.S. Department of Transportation (USDOT) U.S. Director of National Intelligence (USDNI) U.S. Environmental Protection Agency (USEPA) National Aeronautics and Space Administration (NASA) National Endowment for the Humanities (NEH) National Science Foundation (NSF) Social Security Administration (SSA) U.S. Department of Veteran Affairs (USDVA) All Pass-Through Entities Program Name: Research and Development (R&D) Cluster ALN and Program Expenditures: Various ($539,302,615) Federal Award Numbers: Various – See schedule of award numbers Federal Award Year: Various – See schedule of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Condition Found: The University did not review single audit reports received from its subrecipients for the R&D Cluster program on a timely basis. The University’s policy requires review of the single audit reports received from its subrecipients within six months of the date of acceptance of the single audit report by the Federal Audit Clearinghouse (FAC). During our testing of a sample of single audit report reviews for 40 subrecipients (with expenditures of $31,826,626), we noted the University did not review the single audit reports for nine subrecipients (with expenditures of $4,812,867) within six months of the date of acceptance of the single audit report by the FAC. Upon further review, management evaluated all the single audit report reviews performed during fiscal year 2024 for its subrecipients of the R&D Cluster program (195 single audit reviews for subrecipients with expenditures of $81,358,862) and determined that the single audit reports for 70 subrecipients (with expenditures of $48,019,701) were not reviewed within six months of the date of acceptance of the single audit report by the FAC. Specifically, these single audit reports were reviewed 181-392 days after acceptance by the FAC. The University’s subrecipient expenditures under the R&D Cluster program for the year ended June 30, 2024 were $81,358,862. Criteria: According to 2 CFR 200.332(e), a pass-through entity is required to monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR 200.332(e)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision for audit findings pertaining to the Federal Award provided to the subrecipient from the pass-through entity within six months of acceptance of the audit report by the Federal Audit Clearinghouse (FAC) and ensure that the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires nonfederal entities to, among other things, establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include procedures to ensure single audit reports are reviewed in a timely manner in accordance with University policy. Cause: In discussing these conditions with University officials, they stated this delay was an oversight due in part to limited staffing resources to review the single audits while the University was implementing a new financial system. Possible Asserted Effect: Failure to complete and document reviews of subrecipient single audit reports in a timely manner may result in federal funds being expended for unallowable purposes and subrecipients not administering the federal programs in accordance with laws, regulations, and grant agreements. Repeat Finding: A similar finding was not reported in the prior year audit. Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend the University establish procedures to ensure subrecipient single audit report reviews are completed and documented in a timely manner. Views of University Officials The University concurs with the finding and has already begun to address these concerns. Although there was a delay in the review of single audit reports, the University did not miss or delay any required action with said subrecipients as a result. See separate report for planned corrective action.
Finding 2024-002: Untimely Review of Subrecipient Single Audit Reports Federal Agency: The Corporation for National and Community Service U.S. Department of Agriculture (USDA) U.S. Department of Commerce (USDOC) U.S. Department of Defense (USDOD) U.S. Department of Education (USDE) U.S. Department of Energy (USDOE) U.S. Department of Health and Human Services (USDHHS) U.S. Department of Homeland Security (USDHS) U.S. Department of Housing and Urban Development (USHUD) U.S. Department of Interior (USDOI) U.S. Department of Justice (USDOJ) U.S. Department of Transportation (USDOT) U.S. Director of National Intelligence (USDNI) U.S. Environmental Protection Agency (USEPA) National Aeronautics and Space Administration (NASA) National Endowment for the Humanities (NEH) National Science Foundation (NSF) Social Security Administration (SSA) U.S. Department of Veteran Affairs (USDVA) All Pass-Through Entities Program Name: Research and Development (R&D) Cluster ALN and Program Expenditures: Various ($539,302,615) Federal Award Numbers: Various – See schedule of award numbers Federal Award Year: Various – See schedule of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Condition Found: The University did not review single audit reports received from its subrecipients for the R&D Cluster program on a timely basis. The University’s policy requires review of the single audit reports received from its subrecipients within six months of the date of acceptance of the single audit report by the Federal Audit Clearinghouse (FAC). During our testing of a sample of single audit report reviews for 40 subrecipients (with expenditures of $31,826,626), we noted the University did not review the single audit reports for nine subrecipients (with expenditures of $4,812,867) within six months of the date of acceptance of the single audit report by the FAC. Upon further review, management evaluated all the single audit report reviews performed during fiscal year 2024 for its subrecipients of the R&D Cluster program (195 single audit reviews for subrecipients with expenditures of $81,358,862) and determined that the single audit reports for 70 subrecipients (with expenditures of $48,019,701) were not reviewed within six months of the date of acceptance of the single audit report by the FAC. Specifically, these single audit reports were reviewed 181-392 days after acceptance by the FAC. The University’s subrecipient expenditures under the R&D Cluster program for the year ended June 30, 2024 were $81,358,862. Criteria: According to 2 CFR 200.332(e), a pass-through entity is required to monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR 200.332(e)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision for audit findings pertaining to the Federal Award provided to the subrecipient from the pass-through entity within six months of acceptance of the audit report by the Federal Audit Clearinghouse (FAC) and ensure that the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires nonfederal entities to, among other things, establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include procedures to ensure single audit reports are reviewed in a timely manner in accordance with University policy. Cause: In discussing these conditions with University officials, they stated this delay was an oversight due in part to limited staffing resources to review the single audits while the University was implementing a new financial system. Possible Asserted Effect: Failure to complete and document reviews of subrecipient single audit reports in a timely manner may result in federal funds being expended for unallowable purposes and subrecipients not administering the federal programs in accordance with laws, regulations, and grant agreements. Repeat Finding: A similar finding was not reported in the prior year audit. Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend the University establish procedures to ensure subrecipient single audit report reviews are completed and documented in a timely manner. Views of University Officials The University concurs with the finding and has already begun to address these concerns. Although there was a delay in the review of single audit reports, the University did not miss or delay any required action with said subrecipients as a result. See separate report for planned corrective action.
Finding 2024-002: Untimely Review of Subrecipient Single Audit Reports Federal Agency: The Corporation for National and Community Service U.S. Department of Agriculture (USDA) U.S. Department of Commerce (USDOC) U.S. Department of Defense (USDOD) U.S. Department of Education (USDE) U.S. Department of Energy (USDOE) U.S. Department of Health and Human Services (USDHHS) U.S. Department of Homeland Security (USDHS) U.S. Department of Housing and Urban Development (USHUD) U.S. Department of Interior (USDOI) U.S. Department of Justice (USDOJ) U.S. Department of Transportation (USDOT) U.S. Director of National Intelligence (USDNI) U.S. Environmental Protection Agency (USEPA) National Aeronautics and Space Administration (NASA) National Endowment for the Humanities (NEH) National Science Foundation (NSF) Social Security Administration (SSA) U.S. Department of Veteran Affairs (USDVA) All Pass-Through Entities Program Name: Research and Development (R&D) Cluster ALN and Program Expenditures: Various ($539,302,615) Federal Award Numbers: Various – See schedule of award numbers Federal Award Year: Various – See schedule of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Condition Found: The University did not review single audit reports received from its subrecipients for the R&D Cluster program on a timely basis. The University’s policy requires review of the single audit reports received from its subrecipients within six months of the date of acceptance of the single audit report by the Federal Audit Clearinghouse (FAC). During our testing of a sample of single audit report reviews for 40 subrecipients (with expenditures of $31,826,626), we noted the University did not review the single audit reports for nine subrecipients (with expenditures of $4,812,867) within six months of the date of acceptance of the single audit report by the FAC. Upon further review, management evaluated all the single audit report reviews performed during fiscal year 2024 for its subrecipients of the R&D Cluster program (195 single audit reviews for subrecipients with expenditures of $81,358,862) and determined that the single audit reports for 70 subrecipients (with expenditures of $48,019,701) were not reviewed within six months of the date of acceptance of the single audit report by the FAC. Specifically, these single audit reports were reviewed 181-392 days after acceptance by the FAC. The University’s subrecipient expenditures under the R&D Cluster program for the year ended June 30, 2024 were $81,358,862. Criteria: According to 2 CFR 200.332(e), a pass-through entity is required to monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR 200.332(e)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision for audit findings pertaining to the Federal Award provided to the subrecipient from the pass-through entity within six months of acceptance of the audit report by the Federal Audit Clearinghouse (FAC) and ensure that the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires nonfederal entities to, among other things, establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include procedures to ensure single audit reports are reviewed in a timely manner in accordance with University policy. Cause: In discussing these conditions with University officials, they stated this delay was an oversight due in part to limited staffing resources to review the single audits while the University was implementing a new financial system. Possible Asserted Effect: Failure to complete and document reviews of subrecipient single audit reports in a timely manner may result in federal funds being expended for unallowable purposes and subrecipients not administering the federal programs in accordance with laws, regulations, and grant agreements. Repeat Finding: A similar finding was not reported in the prior year audit. Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend the University establish procedures to ensure subrecipient single audit report reviews are completed and documented in a timely manner. Views of University Officials The University concurs with the finding and has already begun to address these concerns. Although there was a delay in the review of single audit reports, the University did not miss or delay any required action with said subrecipients as a result. See separate report for planned corrective action.
Finding 2024-002: Untimely Review of Subrecipient Single Audit Reports Federal Agency: The Corporation for National and Community Service U.S. Department of Agriculture (USDA) U.S. Department of Commerce (USDOC) U.S. Department of Defense (USDOD) U.S. Department of Education (USDE) U.S. Department of Energy (USDOE) U.S. Department of Health and Human Services (USDHHS) U.S. Department of Homeland Security (USDHS) U.S. Department of Housing and Urban Development (USHUD) U.S. Department of Interior (USDOI) U.S. Department of Justice (USDOJ) U.S. Department of Transportation (USDOT) U.S. Director of National Intelligence (USDNI) U.S. Environmental Protection Agency (USEPA) National Aeronautics and Space Administration (NASA) National Endowment for the Humanities (NEH) National Science Foundation (NSF) Social Security Administration (SSA) U.S. Department of Veteran Affairs (USDVA) All Pass-Through Entities Program Name: Research and Development (R&D) Cluster ALN and Program Expenditures: Various ($539,302,615) Federal Award Numbers: Various – See schedule of award numbers Federal Award Year: Various – See schedule of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Condition Found: The University did not review single audit reports received from its subrecipients for the R&D Cluster program on a timely basis. The University’s policy requires review of the single audit reports received from its subrecipients within six months of the date of acceptance of the single audit report by the Federal Audit Clearinghouse (FAC). During our testing of a sample of single audit report reviews for 40 subrecipients (with expenditures of $31,826,626), we noted the University did not review the single audit reports for nine subrecipients (with expenditures of $4,812,867) within six months of the date of acceptance of the single audit report by the FAC. Upon further review, management evaluated all the single audit report reviews performed during fiscal year 2024 for its subrecipients of the R&D Cluster program (195 single audit reviews for subrecipients with expenditures of $81,358,862) and determined that the single audit reports for 70 subrecipients (with expenditures of $48,019,701) were not reviewed within six months of the date of acceptance of the single audit report by the FAC. Specifically, these single audit reports were reviewed 181-392 days after acceptance by the FAC. The University’s subrecipient expenditures under the R&D Cluster program for the year ended June 30, 2024 were $81,358,862. Criteria: According to 2 CFR 200.332(e), a pass-through entity is required to monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. Further, 2 CFR 200.332(e)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision for audit findings pertaining to the Federal Award provided to the subrecipient from the pass-through entity within six months of acceptance of the audit report by the Federal Audit Clearinghouse (FAC) and ensure that the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires nonfederal entities to, among other things, establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include procedures to ensure single audit reports are reviewed in a timely manner in accordance with University policy. Cause: In discussing these conditions with University officials, they stated this delay was an oversight due in part to limited staffing resources to review the single audits while the University was implementing a new financial system. Possible Asserted Effect: Failure to complete and document reviews of subrecipient single audit reports in a timely manner may result in federal funds being expended for unallowable purposes and subrecipients not administering the federal programs in accordance with laws, regulations, and grant agreements. Repeat Finding: A similar finding was not reported in the prior year audit. Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend the University establish procedures to ensure subrecipient single audit report reviews are completed and documented in a timely manner. Views of University Officials The University concurs with the finding and has already begun to address these concerns. Although there was a delay in the review of single audit reports, the University did not miss or delay any required action with said subrecipients as a result. See separate report for planned corrective action.
Finding No. 2024-007: Inadequate Internal Controls over Monitoring of Subrecipient Audits Type of Finding: Significant Deficiency and Non-Compliance Assistance Listing Title: Disaster Grants - Public Assistance (Presidentially Declared Disasters) Assistance Listing Number: 97.036 Federal Award Number: 4155DRSDP00000001,4440DRSDP00000001, 4463DRSDP00000001, 4467DRSDP00000001, 4469DRSDP00000001, 4527DRSDP00000001, 4656DRSDP00000001, 4664DRSDP00000001, 4689DRSDP00000001, and 4718DRSDP00000001 Federal Award Year: 2019, 2020, 2021, 2022, 2023, and 2024 Federal Agency: Department of Homeland Security Category of Finding: Subrecipient Monitoring Criteria: 2 CFR section 200.332 requires, among other things, that a pass-through entity verify that subrecipients receive Single Audits as required by 2 CFR 200.501(a), follow-up to ensure that the subrecipient takes timely and appropriate action on audit findings, and issue a management decision on applicable audit findings pertaining to the subaward. 2 CFR 200.521(d) requires this management decision to be issued within six months of acceptance of the audit report by the Federal Audit Clearinghouse (FAC). Condition: The Department of Public Safety (DPS) receives funding under ALN 97.036, Disaster Grants - Public Assistance (Presidentially Declared Disasters) (Public Assistance) and makes subawards to local governments and private nonprofit entities to respond to and recover from presidentially declared disasters. During FY24, DPS did not have adequate controls in place to ensure that Single Audits were obtained for all applicable subrecipients within the required time frame, that those audits were reviewed to ensure timely and appropriate action was taken on any findings, and that a management decision was issued by DPS within the six-month time frame required by federal regulations. Based on our review of funding amounts passed through by DPS, there were seven subrecipients receiving Federal grant payments that would require a Single Audit for the auditee’s fiscal year 2023. These subrecipients had received the required audits and their audit reports were accepted by the FAC, however, two of the audits were not reviewed timely by DPS. Of those two subrecipient audits, one had an audit finding pertaining to the Public Assistance program and DPS had not issued a management decision within the time frame required by 2 CFR 200.521. Cause: Controls were not adequate to identify when subrecipient audits were due and obtain all required audits off the FAC in a timely manner. While DPS personnel did track expenditures to determine which subrecipients were required to have audits under 2 CFR 200.501(a), failure to monitor subrecipient year-ends and the related audit deadlines resulted in some audits not being obtained and reviewed in a timely manner. Effect: This resulted in noncompliance with subrecipient monitoring requirements and increased the risk of subrecipient audit findings not being corrected in a timely manner. Questioned Costs: None. Repeat Finding from Prior Year: No. Recommendation: We recommend the Department implement controls to ensure that audits of subrecipients are obtained and followed up on in a timely manner and that management decisions are issued within the required time frame for all audit findings pertaining to DPS subawards. Views of Responsible Officials: The Department of Public Safety concurs with the audit finding.
Assistance Listings number and name: 84.002 Adult Education—Basic Grants to States Award numbers and years: 24FABASC-412421-01A, July 1, 2023 through June 30, 2024; 24FIELCC-412421-01A, July 1, 2023 through June 30, 2024; 24FIETCO-412421-01A, July 1, 2023 through June 30, 2024; 24FPRLEC-412421-01A, July 1, 2023 through June 30, 2024; 24FIECTC-412421-01A, July 1, 2023 through June 30, 2024 Compliance requirements: Activities Allowed or Unallowed and Allowable Costs / Cost Principles Questioned costs: $52,754 Assistance Listings number and name: 84.031 Higher Education—Institutional Aid Award numbers and years: P031S160090, October 1, 2016 through September 30, 2023; P031S190167, October 1, 2019 through September 30, 2024; P031S200096, October 1, 2020 through September 30, 2025; P031S200281, October 1, 2020 through September 30, 2025; P031C210057, October 1, 2021 through September 30, 2026; P031C210077, October 1, 2021 through September 30, 2026; P031S220015, October 1, 2022 through September 30, 2027; P031S220179, October 1, 2022 through September 30, 2027; P031A230147, October 1, 2023 through September 30, 2028; P031S230158, October 1, 2023 through September 30, 2028 Compliance requirements: Activities allowed or unallowed Questioned costs: $20,411 Federal agency: U.S. Department of Education Total questioned costs: $73,165 Condition—Contrary to federal regulations, State law, and District policies, the District did not always retain documentation supporting the Adult Education—Basic Grants to States and Higher Education—Institutional Aid programs’ payroll costs or approve employee time sheets after the work was performed for these programs. Specifically, the District could not provide documentation to support employees’ pay rates and authorization to perform work for these programs, such as offer letters, contracts, and personnel action forms, or did not approve employee time sheets after the work was performed for 22 of 54 payroll transactions we tested totaling $73,165. See finding 2024-01 in our Report on Internal Controls and Compliance for a similar finding related to the District not reviewing or approving employee timesheets.1 Also, see Table 1 on the next page for further information. Table 1 Summary of the $73,165 of payroll costs the District did not properly support or approve Fiscal year 2024 84.002 Adult Education—Basic Grants to States 84.031 Higher Education—Institutional Aid Total for both programs Total employees tested 35 19 54 Total employees with unsupported pay rates and lack of authorization to perform work for the programs 7 1 8 Total unsupported payroll costs $52,366 $9,636 $62,002 Total employee time sheets lacking approval after the work was performed2 2 12 14 Total unapproved payroll costs $388 $10,775 $11,163 Total number of employees with unsupported or unapproved payroll costs 9 13 22 Total salaries not supported $52,754 $20,411 $73,165 Effect—The District’s failure to retain documentation supporting payroll costs and approve time sheets increased the risk that the $52,754 for the Adult Education—Basic Grants to States and $20,411 for the Higher Education—Institutional Aid programs may not have been spent in accordance with their award terms and conditions. Consequently, the District may be required to return these monies to the federal agency in accordance with federal requirements.3 Further, see Table 2 for information on the overall payroll costs per program during fiscal year 2024 that are at an increased risk of not being spent in accordance with the award terms and conditions. Finally, the District is at risk that this finding applies to other federal programs it administers. Table 2 Calculation of percent of payroll costs to total program expenditures Fiscal year 2024 84.002 Adult Education—Basic Grants to States 84.031 Higher Education—Institutional Aid Total number of employees 279 214 Total payroll costs $3,613,133 $1,984,462 Total program costs $5,026,228 $6,696,263 % of payroll costs to total program costs 72% 30% Cause—The District’s management reported that it did not retain documentation to support employees’ pay rates and authorization to perform work for the federal programs for employees hired prior to 2018 as they were archived and support was no longer available, and some offers for temporary employees were made verbally over the phone and never documented. The District’s policies and procedures lack requirements to document all employment offers, including temporary employment offers. Additionally, as discussed in finding 2024-01 in our Report on Internal Controls and Compliance, some supervisors did not follow District policies and procedures requiring employees’ time sheets to be reviewed and approved either before processing payroll or within 3 business days after receiving a payroll email notification that the employee’s time sheet needed approval.1 Finally, District management did not sufficiently monitor whether each college’s Human Resources Department was enforcing these policies and procedures or verifying that supervisors reviewed and approved employees’ time sheets, as required. Criteria—Federal regulation requires the District to maintain records for salaries and wages charged to federal awards that accurately reflect the work performed to ensure they are accurate, allowable, and properly allocated (2 CFR §200.430[g][1][i]). Also, federal regulation, similar to State law and the District’s record retention policies, requires the District to retain all public records, including those contained in personnel files, related to a federal program for a period of 3 years from the date the program’s final report was submitted to the federal awarding agency or pass-through grantor (2 CFR §200.334).4,5 Further, the District’s written procedures require each employee’s time sheet to be reviewed and approved by the employee’s supervisor either before processing payroll or within 3 business days from receiving a payroll email notification that the employee’s time sheet needs approval. Additionally, each college’s Human Resources Department is responsible for verifying that supervisors review and approve time sheets timely.6 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The District should: 1. Retain documentation for all payroll costs, such as employment agreements or acceptance letters, to demonstrate employees’ salaries and wages are authorized to be charged to federal programs and spent in accordance with the programs’ award terms and conditions. 2. Review the fiscal year 2024 payroll costs for the Adult Education—Basic Grants to States and Higher Education—Institutional Aid programs to ensure they were properly supported and spent in accordance with the award terms and conditions and coordinate with the U.S. Department of Education, as necessary, to adjust future federal reimbursement requests or repay any unallowable costs the District charged to the programs. 3. Enforce and train employees on District written procedures and requirements to: a. Retain all public records, including those contained in personnel files, related to a federal program for a period of 3 years from the date the program’s final report was submitted to the federal awarding agency or pass-through grantor. b. Ensure supervisors review and approve employees’ time sheets, either before payroll is processed or within 3 business days from receiving the payroll email notification that a time sheet needs approval, to verify employees accurately reported their time worked. This review should be performed after the employee performed the work to ensure the payroll costs charged to the programs accurately reflect the work performed and are accurate, allowable, and properly allocated. 4. Update District written procedures to require documentation of all employment offers, including offers for temporary employees. The District’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Arizona Auditor General. (2024). Report on Internal Control and Compliance, June 30, 2024. Phoenix, AZ. https://www.azauditor.gov/sites/default/files/2025-02/MaricopaCountyCommunityCollegeDistrictJune30_2024ReportOnInternalControlAndCompliance.pdf 2 The 14 employee time sheets lacking approval after the work was performed includes 5 time sheets totaling $6,917 for the Higher Education—Institutional Aid program that were never approved by a supervisor and 2 time sheets totaling $388 for the Adult Education—Basic Grants to States program and 7 time sheets totaling $3,858 for the Higher Education—Institutional Aid program that were approved by a supervisor between 1 and 7 days prior to the work being performed by the employee. 3 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the District, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 4 Maricopa County Community College District (MCCCD). (2023). Staff Policy Manual. 5 Arizona State Library, Archives and Public Records. (2023) General Retention Schedule Created for All Public Bodies. Retrieved 3/12/25 from https://apps.azlibrary.gov/files/docs/all_general_schedules_searchable.pdf 6 Maricopa County Community College District (MCCCD). Version 1.1 (2019). Monitoring Time Approvals: Monitoring Procedures.
Assistance Listings number and name: 84.002 Adult Education—Basic Grants to States Award numbers and years: 24FABASC-412421-01A, July 1, 2023 through June 30, 2024; 24FIELCC-412421-01A, July 1, 2023 through June 30, 2024; 24FIETCO-412421-01A, July 1, 2023 through June 30, 2024; 24FPRLEC-412421-01A, July 1, 2023 through June 30, 2024; 24FIECTC-412421-01A, July 1, 2023 through June 30, 2024 Compliance requirements: Activities Allowed or Unallowed and Allowable Costs / Cost Principles Questioned costs: $52,754 Assistance Listings number and name: 84.031 Higher Education—Institutional Aid Award numbers and years: P031S160090, October 1, 2016 through September 30, 2023; P031S190167, October 1, 2019 through September 30, 2024; P031S200096, October 1, 2020 through September 30, 2025; P031S200281, October 1, 2020 through September 30, 2025; P031C210057, October 1, 2021 through September 30, 2026; P031C210077, October 1, 2021 through September 30, 2026; P031S220015, October 1, 2022 through September 30, 2027; P031S220179, October 1, 2022 through September 30, 2027; P031A230147, October 1, 2023 through September 30, 2028; P031S230158, October 1, 2023 through September 30, 2028 Compliance requirements: Activities allowed or unallowed Questioned costs: $20,411 Federal agency: U.S. Department of Education Total questioned costs: $73,165 Condition—Contrary to federal regulations, State law, and District policies, the District did not always retain documentation supporting the Adult Education—Basic Grants to States and Higher Education—Institutional Aid programs’ payroll costs or approve employee time sheets after the work was performed for these programs. Specifically, the District could not provide documentation to support employees’ pay rates and authorization to perform work for these programs, such as offer letters, contracts, and personnel action forms, or did not approve employee time sheets after the work was performed for 22 of 54 payroll transactions we tested totaling $73,165. See finding 2024-01 in our Report on Internal Controls and Compliance for a similar finding related to the District not reviewing or approving employee timesheets.1 Also, see Table 1 on the next page for further information. Table 1 Summary of the $73,165 of payroll costs the District did not properly support or approve Fiscal year 2024 84.002 Adult Education—Basic Grants to States 84.031 Higher Education—Institutional Aid Total for both programs Total employees tested 35 19 54 Total employees with unsupported pay rates and lack of authorization to perform work for the programs 7 1 8 Total unsupported payroll costs $52,366 $9,636 $62,002 Total employee time sheets lacking approval after the work was performed2 2 12 14 Total unapproved payroll costs $388 $10,775 $11,163 Total number of employees with unsupported or unapproved payroll costs 9 13 22 Total salaries not supported $52,754 $20,411 $73,165 Effect—The District’s failure to retain documentation supporting payroll costs and approve time sheets increased the risk that the $52,754 for the Adult Education—Basic Grants to States and $20,411 for the Higher Education—Institutional Aid programs may not have been spent in accordance with their award terms and conditions. Consequently, the District may be required to return these monies to the federal agency in accordance with federal requirements.3 Further, see Table 2 for information on the overall payroll costs per program during fiscal year 2024 that are at an increased risk of not being spent in accordance with the award terms and conditions. Finally, the District is at risk that this finding applies to other federal programs it administers. Table 2 Calculation of percent of payroll costs to total program expenditures Fiscal year 2024 84.002 Adult Education—Basic Grants to States 84.031 Higher Education—Institutional Aid Total number of employees 279 214 Total payroll costs $3,613,133 $1,984,462 Total program costs $5,026,228 $6,696,263 % of payroll costs to total program costs 72% 30% Cause—The District’s management reported that it did not retain documentation to support employees’ pay rates and authorization to perform work for the federal programs for employees hired prior to 2018 as they were archived and support was no longer available, and some offers for temporary employees were made verbally over the phone and never documented. The District’s policies and procedures lack requirements to document all employment offers, including temporary employment offers. Additionally, as discussed in finding 2024-01 in our Report on Internal Controls and Compliance, some supervisors did not follow District policies and procedures requiring employees’ time sheets to be reviewed and approved either before processing payroll or within 3 business days after receiving a payroll email notification that the employee’s time sheet needed approval.1 Finally, District management did not sufficiently monitor whether each college’s Human Resources Department was enforcing these policies and procedures or verifying that supervisors reviewed and approved employees’ time sheets, as required. Criteria—Federal regulation requires the District to maintain records for salaries and wages charged to federal awards that accurately reflect the work performed to ensure they are accurate, allowable, and properly allocated (2 CFR §200.430[g][1][i]). Also, federal regulation, similar to State law and the District’s record retention policies, requires the District to retain all public records, including those contained in personnel files, related to a federal program for a period of 3 years from the date the program’s final report was submitted to the federal awarding agency or pass-through grantor (2 CFR §200.334).4,5 Further, the District’s written procedures require each employee’s time sheet to be reviewed and approved by the employee’s supervisor either before processing payroll or within 3 business days from receiving a payroll email notification that the employee’s time sheet needs approval. Additionally, each college’s Human Resources Department is responsible for verifying that supervisors review and approve time sheets timely.6 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The District should: 1. Retain documentation for all payroll costs, such as employment agreements or acceptance letters, to demonstrate employees’ salaries and wages are authorized to be charged to federal programs and spent in accordance with the programs’ award terms and conditions. 2. Review the fiscal year 2024 payroll costs for the Adult Education—Basic Grants to States and Higher Education—Institutional Aid programs to ensure they were properly supported and spent in accordance with the award terms and conditions and coordinate with the U.S. Department of Education, as necessary, to adjust future federal reimbursement requests or repay any unallowable costs the District charged to the programs. 3. Enforce and train employees on District written procedures and requirements to: a. Retain all public records, including those contained in personnel files, related to a federal program for a period of 3 years from the date the program’s final report was submitted to the federal awarding agency or pass-through grantor. b. Ensure supervisors review and approve employees’ time sheets, either before payroll is processed or within 3 business days from receiving the payroll email notification that a time sheet needs approval, to verify employees accurately reported their time worked. This review should be performed after the employee performed the work to ensure the payroll costs charged to the programs accurately reflect the work performed and are accurate, allowable, and properly allocated. 4. Update District written procedures to require documentation of all employment offers, including offers for temporary employees. The District’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Arizona Auditor General. (2024). Report on Internal Control and Compliance, June 30, 2024. Phoenix, AZ. https://www.azauditor.gov/sites/default/files/2025-02/MaricopaCountyCommunityCollegeDistrictJune30_2024ReportOnInternalControlAndCompliance.pdf 2 The 14 employee time sheets lacking approval after the work was performed includes 5 time sheets totaling $6,917 for the Higher Education—Institutional Aid program that were never approved by a supervisor and 2 time sheets totaling $388 for the Adult Education—Basic Grants to States program and 7 time sheets totaling $3,858 for the Higher Education—Institutional Aid program that were approved by a supervisor between 1 and 7 days prior to the work being performed by the employee. 3 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the District, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 4 Maricopa County Community College District (MCCCD). (2023). Staff Policy Manual. 5 Arizona State Library, Archives and Public Records. (2023) General Retention Schedule Created for All Public Bodies. Retrieved 3/12/25 from https://apps.azlibrary.gov/files/docs/all_general_schedules_searchable.pdf 6 Maricopa County Community College District (MCCCD). Version 1.1 (2019). Monitoring Time Approvals: Monitoring Procedures.
Program: Housing Voucher Cluster Federal Financial Assistance Listing No.: 14.871, 14.879 Federal Agency: U.S. Department of Housing and Urban Development Passed-through: n/a – direct award Award Number and Year: CA131, 2023/2024 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Instance of Noncompliance Criteria: 2 CFR 200.331(d) and 2 CFR 200.331(e) establishes the requirement that the pass-through entity must monitor the activities of each subrecipient of program funds to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward and achieves performance goals. 2 CFR 200.331(d) requires that the monitoring activities must include: 1) Reviewing of financial and performance reports as required by the pass-through entity. 2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 Management decision. Condition: We found that although the County performed a risk assessment and monitoring plan for its subrecipient, adherence to the plan was not documented. Pursuant to the County’s risk assessment of the subrecipient, a site visit was required, and quarterly reports were required to be obtained. The County did not formally document and communicate the results of the site visit performed during the year. The County also did not obtain the quarterly reports for the fiscal year until September 5th of the subsequent fiscal year. Further, there was no documented review of the quarterly reports by the County. Cause: Subrecipient monitoring policies and procedures do not require the department to document its review and results of monitoring procedures. Effect: The County did not document the results of the monitoring procedures performed over the subaward. Questioned Costs: None reported. Context/Sampling: We selected 100% of the County’s subrecipients of the program. Repeat Finding from Prior Year(s): Yes, prior year finding 2023-002. Recommendation: We recommend that the County continue to strengthen its policies and procedures over subrecipient monitoring to ensure that that the results of monitoring procedures are documented and reviewed. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
Program: Housing Voucher Cluster Federal Financial Assistance Listing No.: 14.871, 14.879 Federal Agency: U.S. Department of Housing and Urban Development Passed-through: n/a – direct award Award Number and Year: CA131, 2023/2024 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Instance of Noncompliance Criteria: 2 CFR 200.331(d) and 2 CFR 200.331(e) establishes the requirement that the pass-through entity must monitor the activities of each subrecipient of program funds to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward and achieves performance goals. 2 CFR 200.331(d) requires that the monitoring activities must include: 1) Reviewing of financial and performance reports as required by the pass-through entity. 2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 Management decision. Condition: We found that although the County performed a risk assessment and monitoring plan for its subrecipient, adherence to the plan was not documented. Pursuant to the County’s risk assessment of the subrecipient, a site visit was required, and quarterly reports were required to be obtained. The County did not formally document and communicate the results of the site visit performed during the year. The County also did not obtain the quarterly reports for the fiscal year until September 5th of the subsequent fiscal year. Further, there was no documented review of the quarterly reports by the County. Cause: Subrecipient monitoring policies and procedures do not require the department to document its review and results of monitoring procedures. Effect: The County did not document the results of the monitoring procedures performed over the subaward. Questioned Costs: None reported. Context/Sampling: We selected 100% of the County’s subrecipients of the program. Repeat Finding from Prior Year(s): Yes, prior year finding 2023-002. Recommendation: We recommend that the County continue to strengthen its policies and procedures over subrecipient monitoring to ensure that that the results of monitoring procedures are documented and reviewed. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
2024-037 Oregon Business Development Department Assign responsibility to ensure review of subrecipient audit reports Federal Awarding Agency: U.S. Department of the Treasury Assistance Listing Number and Name: 21.027 Coronavirus State and Local Fiscal Recovery Fund (COVID-19) Federal Award Numbers and Years: SLFRP4454, 2020 (COVID-19) Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e)(2), (e)(3), (g), (h), (i); 2 CFR 200.521(a), (c), (d) Federal regulations require recipients of federal awards ensure their subrecipients expending $750,000 or more during fiscal years prior to October 1, 2024, are audited according to requirements in 2 CFR 200 Subpart F, and then to perform certain actions dependent upon audit results. To satisfy this requirement, the Department of Administrative Services assigns Oregon state departments to be audit agencies. An audit agency is to: • Ensure the subrecipient received an audit or consider sanctions per 2 CFR 200.339. • Ensure the subrecipient takes corrective action on all findings negatively affecting subawards. • Issue a management decision within six months of the Federal Audit Clearinghouse’s acceptance of the subrecipient’s audit report if there were findings pertaining to the agency’s subawards. • Contact other state agencies that have also passed through funds to the subrecipients (contributing agencies), alerting them to findings related to their programs. In fiscal year 2024, DAS assigned OBDD to review 24 of the state’s 369 subrecipients’ audits, receiving a total of $42.3 million in pass-through funding from 11 state agencies. OBDD did not review any of these entities due to staff turnover. We reviewed two of these subrecipients and found neither had audit findings. This does not preclude the remaining 22 subrecipients from having audit findings requiring communication We recommend department management complete its review of subrecipient audits as soon as possible to ensure its monitoring procedures are sufficient, and to inform contributing agencies of any deficiencies that may affect their programs.
2024-040 Oregon Department of Emergency Management Assign responsibility to ensure review of subrecipient audit reports Federal Awarding Agency: U.S. Department of Homeland Security Assistance Listing Number and Name: 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) Federal Award Numbers and Years: Multiple Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e)(2), (e)(3), (g), (h), (i); 2 CFR 200.521(a), (c), (d) Federal regulations require recipients of federal awards ensure its subrecipients expending $750,000 or more during fiscal years prior to October 1, 2024, are audited according to requirements in 2 CFR 200 Subpart F, and then to perform certain actions dependent upon audit results. To satisfy this requirement, the Department of Administrative Services assigns Oregon state departments to be audit agencies. An audit agency is to: • Ensure the subrecipient received an audit or consider sanctions per 2 CFR 200.339. • Ensure the subrecipient takes corrective action on all findings negatively affecting subawards. • Issue a management decision within six months of the Federal Audit Clearinghouse’s acceptance of the subrecipient’s audit report if there were findings pertaining to the agency’s subawards. • Contact other state agencies that have also passed through funds to the subrecipients (contributing agencies), alerting them to findings related to their programs. In fiscal year 2024, DAS assigned the Oregon Department of Emergency Management (department) to review 27 of the state’s 369 subrecipients’ audits, receiving a total of $176.2 million in pass-through funding from 20 state agencies. The department did not review any of these entities because they determined their other commitments were higher priorities. We reviewed two of these subrecipients and found one expended a total of $36 million and had one audit finding that may affect various federal programs. This subrecipient received pass-through funding from five other contributing agencies who were not informed of the finding. This does not preclude the remaining 25 subrecipients from having audit findings requiring communication to the contributing agencies. We recommend department management complete its review of subrecipient audits as soon as possible to ensure its monitoring procedures are sufficient, and to inform contributing agencies of any deficiencies that may affect their programs.
2024-037 Oregon Business Development Department Assign responsibility to ensure review of subrecipient audit reports Federal Awarding Agency: U.S. Department of the Treasury Assistance Listing Number and Name: 21.027 Coronavirus State and Local Fiscal Recovery Fund (COVID-19) Federal Award Numbers and Years: SLFRP4454, 2020 (COVID-19) Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e)(2), (e)(3), (g), (h), (i); 2 CFR 200.521(a), (c), (d) Federal regulations require recipients of federal awards ensure their subrecipients expending $750,000 or more during fiscal years prior to October 1, 2024, are audited according to requirements in 2 CFR 200 Subpart F, and then to perform certain actions dependent upon audit results. To satisfy this requirement, the Department of Administrative Services assigns Oregon state departments to be audit agencies. An audit agency is to: • Ensure the subrecipient received an audit or consider sanctions per 2 CFR 200.339. • Ensure the subrecipient takes corrective action on all findings negatively affecting subawards. • Issue a management decision within six months of the Federal Audit Clearinghouse’s acceptance of the subrecipient’s audit report if there were findings pertaining to the agency’s subawards. • Contact other state agencies that have also passed through funds to the subrecipients (contributing agencies), alerting them to findings related to their programs. In fiscal year 2024, DAS assigned OBDD to review 24 of the state’s 369 subrecipients’ audits, receiving a total of $42.3 million in pass-through funding from 11 state agencies. OBDD did not review any of these entities due to staff turnover. We reviewed two of these subrecipients and found neither had audit findings. This does not preclude the remaining 22 subrecipients from having audit findings requiring communication We recommend department management complete its review of subrecipient audits as soon as possible to ensure its monitoring procedures are sufficient, and to inform contributing agencies of any deficiencies that may affect their programs.
2024-040 Oregon Department of Emergency Management Assign responsibility to ensure review of subrecipient audit reports Federal Awarding Agency: U.S. Department of Homeland Security Assistance Listing Number and Name: 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) Federal Award Numbers and Years: Multiple Compliance Requirements: Subrecipient Monitoring Type of Finding: Significant Deficiency; Noncompliance Prior Year Findings: N/A Questioned Costs: N/A Criteria: 2 CFR 200.332(e)(2), (e)(3), (g), (h), (i); 2 CFR 200.521(a), (c), (d) Federal regulations require recipients of federal awards ensure its subrecipients expending $750,000 or more during fiscal years prior to October 1, 2024, are audited according to requirements in 2 CFR 200 Subpart F, and then to perform certain actions dependent upon audit results. To satisfy this requirement, the Department of Administrative Services assigns Oregon state departments to be audit agencies. An audit agency is to: • Ensure the subrecipient received an audit or consider sanctions per 2 CFR 200.339. • Ensure the subrecipient takes corrective action on all findings negatively affecting subawards. • Issue a management decision within six months of the Federal Audit Clearinghouse’s acceptance of the subrecipient’s audit report if there were findings pertaining to the agency’s subawards. • Contact other state agencies that have also passed through funds to the subrecipients (contributing agencies), alerting them to findings related to their programs. In fiscal year 2024, DAS assigned the Oregon Department of Emergency Management (department) to review 27 of the state’s 369 subrecipients’ audits, receiving a total of $176.2 million in pass-through funding from 20 state agencies. The department did not review any of these entities because they determined their other commitments were higher priorities. We reviewed two of these subrecipients and found one expended a total of $36 million and had one audit finding that may affect various federal programs. This subrecipient received pass-through funding from five other contributing agencies who were not informed of the finding. This does not preclude the remaining 25 subrecipients from having audit findings requiring communication to the contributing agencies. We recommend department management complete its review of subrecipient audits as soon as possible to ensure its monitoring procedures are sufficient, and to inform contributing agencies of any deficiencies that may affect their programs.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings numbers and names: 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award numbers and years: DI21-002286, April 1, 2022 through June 30, 2024; Alert 23-001, July 1, 2023 through June 30, 2024; Alert 23-003, July 1, 2023 through June 30, 2024; Alert 24-002, July 1, 2023 through May 31, 2024 Federal agency: U.S. Department of Labor Pass-through grantor: Arizona Department of Economic Security Questioned costs: N/A Assistance Listings number and name: 21.027 COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Award numbers and years: 1505-0271, March 3, 2021 through December 31, 2024; 19418, May 31, 2023 through September 30, 2023 Federal agency: U.S. Department of the Treasury Pass-through grantors: Arizona Criminal Justice Commission, City of Tucson, Arizona Housing Coalition, and Arizona Department of Public Safety Questioned costs: N/A Assistance Listings number and name: 97.024 COVID-19 - Emergency Food and Shelter National Board Program Award numbers and years: 027200-048, November 1, 2021 through December 30, 2024; 027200-056, April 1, 2023 through February 29, 2024; 23*115, March 1, 2023 through February 29, 2024; 23*154, April 1, 2023 through February 29, 2024 Federal agency: U.S. Department of Homeland Security Pass-through grantor: United Way EFSP Questioned costs: $347,345 Assistance Listings number and name: 97.141 Shelter and Services Program Award number and year: 24*039, March 1, 2023 through September 30, 2025 Federal agency: U.S. Department of Homeland Security Questioned costs: N/A Compliance requirement: Subrecipient monitoring Total questioned costs: $347,345 Condition—The County’s Grants Management and Innovation Department (Department) awarded over $29 million to 27 subrecipients during fiscal year 2024, or 29% of the County’s total federal expenditures for the federal programs shown in Table 1 below, but did not perform all the required monitoring of its subrecipients’ activities or compliance with award terms and program requirements. Table 1 Summary of subrecipients by federal program Fiscal year 2024 Federal program name Subrecipient information Total number Number tested Total awards Total federal expenditures Subrecipient awards as a percentage of total federal expenditures Workforce Innovation and Opportunity Act (WIOA) Cluster 4 4 $ 568,095 $12,253,972 4.6% Coronavirus State and Local Fiscal Recovery Funds (SLFRF) 17 7 17,241,445 56,862,338 30.3% Emergency Food and Shelter National Board Program (EFS) 4 4 7,810,673 22,622,229 34.5% Shelter and Services Program (SSP) 2 2 3,560,449 8,172,063 43.5% Total 27 17 $29,180,662 $99,910,602 29.2% While the Department performed some monitoring procedures during the year, those procedures were not sufficient to evaluate its subrecipients’ use of program monies in accordance with the award terms, program requirements, and federal regulations. Specifically, contrary to federal regulations, the Department did not perform the following required monitoring procedures: • Perform monitoring activities based on risk assessments performed—The Department did not perform monitoring activities based on risk assessments performed. Specifically, the Department’s risk assessment procedures identified 7 high-risk and 4 moderate-risk subrecipients, but it did not modify its monitoring activities to address the risks identified. Additional monitoring activities could include providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures like reviewing the subrecipient’s policies and procedures obtained to ensure the subrecipients complied with award terms, program requirements, and federal regulations. • Document monitoring procedures, results, and actions taken—For 4 of 4 WIOA subrecipients, 7 of 7 SLFRF subrecipients, 3 of 4 EFS subrecipients, and 1 of 2 SSP subrecipients we tested, while the Department completed and maintained a checklist of subrecipient monitoring procedures, it did not document monitoring results or Department actions taken for these subrecipients based on the checklist results. • Verify subrecipient single audits were conducted timely—The Department did not verify whether 1 of its 4 WIOA subrecipients had a single audit performed. Effect—The Department’s failure to perform required monitoring contributed to $347,345 of misspent EFS program monies that the Department may be required to return to the federal agency in accordance with federal requirements.1 Specifically, the Department’s not reviewing subrecipient procurement policies and procedures aided in allowing 1 EFS subrecipient to render services for which conflicts of interest existed. Specifically, the EFS subrecipient, Catholic Community Services (CCS), began having laundry services provided by a vendor, Amado Laundry, in April 2023, for which it then self-reported to the County a conflict-of-interest violation in May 2024. This violation was a result of a CCS employee forming a vendor relationship with Amado Laundry, which was owned by the employee’s mother. After the Department’s management was made aware of the conflict of interest, they performed monitoring procedures over CCS and identified noncompliance with federal procurement guidelines totaling $347,345, including determining that Amado Laundry charged a rate double the average rates charged by competitors. The County issued a management letter to CCS on September 27, 2024, communicating a conflict-of-interest finding and a procurement standards finding. The conflict-of-interest finding required CCS to develop new, written procurement-related conflict-of-interest procedures in compliance with federal regulations and to create and maintain an ongoing training program related to these federally compliant conflict-of-interest procedures for employees. Further, there is an increased risk that $29 million of program monies the Department awarded to subrecipients may not be spent in accordance with the award terms, program requirements, and federal regulations. If monies are spent inconsistent with program requirements, those who intended to benefit from the program may not receive all the services or other benefits they otherwise would have received. Also, the Department’s not verifying subrecipient single audits were conducted may result in the Department’s not following up on and ensuring corrective action is taken on audit findings that could potentially affect the program and/or issue management decisions for audit findings pertaining to the federal award. Finally, the County is at risk that this finding applies to other federal programs it administers. Cause—The Department’s management reported that they did not always follow County policies and procedures and only performed limited procedures because their subrecipient monitoring policies and procedures were outdated, the number of subrecipients increased significantly during the fiscal year, and they did not have sufficient staff to monitor all subrecipients. The Department’s management also reported that it prioritized transitioning to a new enterprise resource planning (ERP) system rather than monitoring all subrecipients. Further, the County’s policies lacked requirements to perform monitoring activities based on risk assessments performed and to review subrecipients’ policies and procedures to ensure the subrecipients complied with award terms, program requirements, and federal regulations. Criteria—Federal regulation requires the County to monitor subrecipients, which includes required monitoring procedures for (2 CFR §200.332): • Assessing the risk of each subrecipient’s noncompliance and performing monitoring activities based on those risk assessments, such as providing training or technical assistance on program-related matters and performing on-site reviews, selective audits, and/or other monitoring procedures. • Reviewing financial and performance reports. • Verifying single audits were conducted timely. • Following up on and ensuring corrective action is taken on audit findings that could potentially affect the program. • Issuing a management decision for audit findings pertaining to the federal award. In addition, County policies require the County to: • Assess subrecipient risk and establish a monitoring plan and perform monitoring procedures at least every 2 years, including verification of internal controls.2,3 • Review the Federal Audit Clearinghouse at least quarterly to review subrecipient single audits and issue management decision letters, as necessary.2 • Maintain documentation of monitoring procedures, including the monitoring procedure’s results and any Department actions taken.3 Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations to the County— 1. Perform required monitoring of its subrecipients and their compliance with the award terms, program requirements, and federal regulations. 2. Follow its established policies and procedures for performing and documenting monitoring reviews of subrecipients to: a. Maintain documentation of monitoring procedures demonstrating they were performed, including the monitoring procedures’ results and any Department actions taken, if appropriate. b. Verify subrecipients receive timely single audits, follow up on and ensure that corrective action is taken on audit findings that could potentially affect the program, and issue management decisions for audit findings pertaining to the federal award. 3. Update its policies and procedures to include: a. A process to determine the appropriate monitoring activities to perform based on subrecipient risk assessments performed, such as providing training or technical assistance on program-related matters, and performing on-site reviews, selective audits, and/or other monitoring procedures. b. Review subrecipients’ policies and procedures, including procurement processes, to ensure the subrecipients complied with award terms, program requirements, and federal regulations. 4. Prioritize and allocate sufficient resources, such as staffing, to comply with the award terms, program requirements, federal regulations, and its updated policies, and designate an individual(s) to perform necessary subrecipient-monitoring procedures. 5. Work with U.S. Department of Homeland Security to determine if it will require the Department to reimburse $347,345 in questioned costs. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-101 and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-04: Subrecipient Risk Assessment / Management Decisions. 3 Pima County. (2018, June). Grants Management & Innovation Policy number GMI-28: Subrecipient Monitoring.
Finding No. 2024-038 Federal Awarding Agency: USDHS Impact: Noncompliance AL Number and Title: 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) – COVID-19 Federal Award Number: 4094DRAKP00000001, 4413DRAKP00000001, 4533DRAKP00000001 Applicable Compliance Requirement: Subrecipient Monitoring Condition: DMVA management did not issue a management decision for a finding relating to one subrecipient's single audit. Context: Under federal regulations, pass-through entities are responsible for issuing a management decision for audit findings relating to federal awards provided to subrecipients. The management decisions must clearly state whether or not the audit finding is substantiated, the reason for the decision, and the adequacy of the recipient’s proposed corrective actions to address the finding. If the subrecipient has not completed corrective action, a timetable for follow-up should be given. One Disaster Grants subrecipient’s single audit contained a finding and DMVA management did not issue a management decision to the subrecipient. The finding related to the subrecipient not submitting a single audit to the federal audit clearinghouse within nine months after the end of the subrecipient’s fiscal year as required by federal regulations. Cause: DMVA has controls to ensure a management decision is issued on a subrecipient’s single audit finding. However, due to staff not following procedures, the management decision was not issued. Criteria: Title 2 CFR 200.521 states the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. Furthermore, Title 2 CFR 200.1 defines a management decision as a pass-through entity’s written determination, provided to the auditee, of the adequacy of the auditee’s proposed corrective actions to address the findings, based on its evaluation of the audit findings and proposed corrective actions. Effect: The lack of management decisions may result in the subrecipient not taking appropriate corrective action on findings. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements or withholding/terminating funding. Questioned Costs: None Recommendation: DMVA’s finance officer should ensure procedures are followed and a management decision is issued for all subrecipient single audit findings within six months of a subrecipient audit report’s acceptance by the federal audit clearinghouse. Views of Responsible Officials: Management agrees with this finding.
Finding No. 2024-038 Federal Awarding Agency: USDHS Impact: Noncompliance AL Number and Title: 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) 97.036 Disaster Grants – Public Assistance (Presidentially Declared Disasters) – COVID-19 Federal Award Number: 4094DRAKP00000001, 4413DRAKP00000001, 4533DRAKP00000001 Applicable Compliance Requirement: Subrecipient Monitoring Condition: DMVA management did not issue a management decision for a finding relating to one subrecipient's single audit. Context: Under federal regulations, pass-through entities are responsible for issuing a management decision for audit findings relating to federal awards provided to subrecipients. The management decisions must clearly state whether or not the audit finding is substantiated, the reason for the decision, and the adequacy of the recipient’s proposed corrective actions to address the finding. If the subrecipient has not completed corrective action, a timetable for follow-up should be given. One Disaster Grants subrecipient’s single audit contained a finding and DMVA management did not issue a management decision to the subrecipient. The finding related to the subrecipient not submitting a single audit to the federal audit clearinghouse within nine months after the end of the subrecipient’s fiscal year as required by federal regulations. Cause: DMVA has controls to ensure a management decision is issued on a subrecipient’s single audit finding. However, due to staff not following procedures, the management decision was not issued. Criteria: Title 2 CFR 200.521 states the pass-through entity must be responsible for issuing a management decision for audit findings that relate to Federal awards it makes to subrecipients. Furthermore, Title 2 CFR 200.1 defines a management decision as a pass-through entity’s written determination, provided to the auditee, of the adequacy of the auditee’s proposed corrective actions to address the findings, based on its evaluation of the audit findings and proposed corrective actions. Effect: The lack of management decisions may result in the subrecipient not taking appropriate corrective action on findings. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements or withholding/terminating funding. Questioned Costs: None Recommendation: DMVA’s finance officer should ensure procedures are followed and a management decision is issued for all subrecipient single audit findings within six months of a subrecipient audit report’s acceptance by the federal audit clearinghouse. Views of Responsible Officials: Management agrees with this finding.
Criteria or specific requirement: Title 2 – Grants and Agreements. Subtitle A – Office of Management and Budget Guidance for Grants and Agreements. Chapter II – Office of Management and Budget Guidance. Part 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D – Post Federal Award Requirements. Standards for Financial and Program Management. §200.303 Internal controls (2 CFR 200.303): The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Title 2 – Grants and Agreements. Subtitle A – Office of Management and Budget Guidance for Grants and Agreements. Chapter II – Office of Management and Budget Guidance. Part 200 – Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards. Subpart D – Post Federal Award Requirements. Subrecipient Monitoring and Management. §200.332 Requirements for pass-through entities (2 CFR 200.332): A pass-through entity must: (c) Evaluate each subrecipient’s fraud risk and risk of noncompliance with a subaward to determine the appropriate subrecipient monitoring described in paragraph (f) of this section. When evaluating a subrecipient’s risk, a passthrough entity should consider the following: (1) The subrecipient’s prior experience with the same or similar subawards; (2) The results of previous audits. This includes considering whether or not the subrecipient receives a Single Audit in accordance with subpart F and the extent to which the same or similar subawards have been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; and (4) The extent and results of any Federal agency monitoring (for example, if the subrecipient also receives Federal awards directly from the Federal agency). (e) Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: (1) Review financial and performance reports. (2) Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the pass-through entity with information on their plan for corrective action and any assistance needed to resolve the situation. (3) Issue a management decision for audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) Resolve audit findings specifically related to the subaward. However, the pass-through entity is not responsible for resolving cross-cutting audit findings that apply to the subaward and other Federal awards or subawards. If a subrecipient has a current Single Audit report and has not been excluded from receiving Federal funding (meaning, has not been debarred or suspended), the pass-through entity may rely on the subrecipient’s cognizant agency for audit or oversight agency for audit to perform audit follow-up and make management decisions related to crosscutting audit findings in accordance with section §200.513(a)(4)(viii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. California Code of Regulations. Title 5 Education. § 18023. Compliance Reviews of Contractors. (b) At least once every three (3) years and as resources permit, the California Department of Education shall conduct reviews at the contractor's office(s) and operating facility(ies) to determine the contractor's compliance with applicable laws, regulations or contractual provisions. Child Care and Development Fund (CCDF) Plan for State/Territory California FFY 2022-24, Amendment 4. Chapter 8 Ensure Grantee Program Integrity and Accountability. 8.1 Internal Controls and Accountability Measures to Help Ensure Program Integrity. 8.1.1 Process to train about CCDF requirements and program integrity. States and territories are required to describe effective internal controls that are in place to ensure program integrity and accountability (98.68(a)), including processes to train child care providers and staff of the Lead Agency and other agencies engaged in the administration of CCDF about program requirements and integrity. v. Monitor and assess policy implementation on an ongoing basis. The Lead Agency conducts announced Categorical Program Monitoring (CPM)/Contract Monitoring Reviews (CMRs) for each contractor on a three- or four-year cycle for non-LEAs and LEAs respectively. The Lead Agency’s Governance and Administration Unit (GAU) conducts ongoing review of individual contractors by sampling the eligibility and need documentation in family files to estimate and reduce error rates. Additionally, the Lead Agency provides ongoing training and technical assistance to contractors in regional sessions, in one-on-one sessions, and/or in cluster with webinars or during face to-face presentations. These sessions address CCDF program administration, requirements, and integrity Condition: We selected 60 subrecipient contracts (21 local educational agency (LEA) contracts and 39 non-LEA contracts) from 60 subrecipient entities and tested compliance with subrecipient monitoring requirements. We noted the following: LEA • 2 LEA contracts/contractors had no record of on-site monitoring over five years. Non-LEA • 3 non-LEA contracts/contractors had no records available to demonstrate risk assessment of the contractor. • 11 non-LEA contracts/contractors had no record of on-site monitoring over five years. Questioned costs: None Context: See “Condition.” Cause: In fiscal year 2021, the administration of the CCDF Cluster program was transitioned from the California Department of Education (CDE) to CDSS. CDSS has been in the process of revising certain policies and procedures, including contractor monitoring. In addition, certain records related to CDE monitoring activities for the contracts selected were unavailable for review. Effect: CDSS is at risk for contractor noncompliance if monitoring procedures are not properly designed or executed, and/or documents demonstrating monitoring are not maintained. Repeat Finding: This was reported in the previous year as finding 2023-012. Recommendation: To enhance the effectiveness of the annual risk assessment process, we recommend a thorough evaluation that focuses on the identification and inclusion of all subrecipients and defined risk criteria as mandated in 2 CFR 200.332. Furthermore, it is crucial to establish and document a transparent basis for risk profiling that directly correlates such profiles with compliance monitoring activities across fiscal, program, and single audit requirements. Furthermore, we recommend CDSS perform a comprehensive post-transition review to ensure all monitoring responsibilities transferred from CDE have been fully identified and assigned. This review should validate robust mechanisms are in place for the accurate documentation and proper retention of records. Views of responsible officials: Management’s response is reported in “Management’s Response and Corrective Action Plan” included in a separate section at the end of this report.
Assistance Listing 93.914 HIV Emergency Relief Project Grants Condition: The Office of Health and Human Services' (HHS) Audit Unit failed to issue a management decision for audit findings related to two subrecipients of the city, who each had audit findings reported in their respective single audits. The fiscal year 2023 single audit of Bebashi and the fiscal year 2024 single audit of The Children's Hospital of Pennsylvania had a significant deficiency reported under the HIV Emergency Relief Program (ALN 93.914) in the Internal Controls over Major Programs section of the Schedule of Findings and Questioned Costs. Funding for HIV Emergency Relief program is received directly from the U.S. Department of Health and Human Services. Criteria: 2 CFR section 200.332(e) states that the pass-through entity must issue a management decision for audit findings pertaining only to the federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. Effect: The management decision serves to confirm the audit findings and outline a corrective action plan for the subrecipient. Failure to issue a management decision could lead to unresolved findings at the subrecipient level. Cause: HHS incorrectly relies on the auditing firms that perform subrecipient single audits to issue a management decision per 2 CFR section 200.312(e). Recommendation: We recommend that HHS management modifies and/or strengthens its current policies and procedures to ensure that a management decision letter will be issued for audit findings relating to any federal awards that were provided to subrecipients. Views of the Responsible Officials and Corrective Action Plan: HHS acknowledges the Controller’s finding that management decision letters were not issued for specific subrecipient audit findings under ALN 93.914, as required under 2 CFR 200.332(e) and 200.521. While the formal letters were not issued, HHS did review the audit findings, obtained and evaluated the subrecipients’ corrective action plans and confirmed that no questioned costs or additional risks remained. These steps ensured that the underlying corrective actions were completed. To strengthen documentation and ensure consistency across all federal programs, HHS will adopt the following corrective measures: 1. Standard management Decision Template • HHS will adopt a simple, uniform management decision template and clear steps for documenting decisions within the required federal timelines. 2. Central Location for Documentation • HHS will store all management decision letters and related materials in one designated shared location to ensure accessibility and consistent record-keeping. 3. Brief Staff Guidance • HHS will provide concise written guidance to staff outlining: o When a management decision is required, o How to complete it using the template, and o What documentation must be retained? These corrective actions will ensure consistent compliance with federal requirements while supporting the City’s long-term goal of standardizing financial processes across departments. Contact Person: Landuleni Shipanga, Controller, City of Philadelphia Office of Children and Families, 215-683-6366
State Agency: Illinois Governor’s Office of Management and Budget (GOMB) Federal Agency: U.S. Department of Agriculture (USDA), U.S. Department of Justice (DOJ), U.S. Department of Labor (DOL), U.S. Department of Transportation (DOT), U.S. Department of the Treasury (TREAS), U.S. Department of Education (USDE), U.S. Department of Health and Human Services (USDHHS), U.S. Department of Homeland Security (USDHS) Program Name: WIC Special Supplemental Nutrition Program for Women, Infants and Children, Cild and Adult Care Food Program (CACFP), Crime Victims Assistance Program (CVA), WIOA Cluster (WIOA), Highway Planning and Construction (Highway Planning), Coronavirus State and Local Fiscal Recovery Funds (SLFRF),Title I Grants to Local Educational Agencies (Title I), Special Education Cluster (IDEA), Twenty-First Century Community Learning Centers (Twenty-First Century), Supporting Effective Instruction State Grants (SEISG) Education Stabilization Fund (ESF), Aging Cluster, Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), Temporary Assistance for Needy Families (TANF), Child Support Services, Low-Income Home Energy Assistance (LIHEAP), Child Care and Development Fund (CCDF) Cluster, Social Services Block Grant (SSBG), Block Grants for Prevention and Treatment of Substance Abuse (SAPT), Homeland Security Grant Program (Homeland Security) ALN and Program Expenditures: 10.557 ($181,526,312), 10.558 ($170,354,298), 16.575 ($53,095,634), 17.258/17.259/17.278 ($142,310,788), 20.205 ($2,192,857,212), 21.027 ($230,448,761), 84.010A ($696,900,040), 84.027/84.173 ($639,950,722), 84.287C ($61,131,992), 84.367A ($79,837,486), 84.425 ($2,176,294,000), 93.044/93.045/93.053 ($68,210,944), 93.323 ($94,269,102), 93.558 ($583,126,272), 93.563 ($135,029,923), 93.568 ($205,171,791), 93.575/93.596 ($747,612,292), 93.667 ($55,634,435), 93.959 ($114,897,412), 97.067 ($78,892,342) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-002: Inadequate Monitoring of Subrecipient Single Audit Reviews Condition Found: The State of Illinois did not establish adequate controls to monitor the completion and documentation of the review of single audit reports for its subrecipients of the Special Supplemental Nutrition Program for Women, Infants, and Children (WIC), Child and Adult Care Food Program (CACFP), Crime Victims Assistance Program (CVA), WIOA Cluster (WIOA), Highway and Planning Construction (Highway), Coronavirus State and Local Fiscal Recovery Funds (SLFRF), Title I Grants to Local Education Agencies (Title I), Special Education Cluster (IDEA), Twenty-First Century Community Learning Centers (Twenty-First Century), Supporting Effective Instruction State Grants (SEISG), Education Stabilization Funds (ESF), Aging Cluster (Aging), Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), Temporary Assistance for Needy Families (TANF), Child Support Services (CSS), Low-Income Home Energy Assistance (LIHEAP), Child Care and Development Fund (CCDF) Cluster, Social Services Block Grant (SSBG), Block Grants for Prevention and Treatment of Substance Abuse (SAPT), and Homeland Security Grant (Homeland Security) programs in the State's Grant Accountability and Transparency Act (GATA) Audit Report Review Management System (ARRMS). The State of Illinois established the Grant Accountability Transparency Unit (GATU) to implement the provisions of GATA on a centralized basis. GATU has established standardized reporting requirements for subrecipients of the various Federal programs administered by the State through its various departments. Subrecipients of the State are required to certify whether they expended more than $750,000 in federal awards during the fiscal year and submit their single audit reporting packages to the Federal Audit Clearinghouse (if required). GATU is then responsible for obtaining the single audit reporting package, verifying the report meets the single audit requirements, and assigning, to the applicable state agency, any findings attributable to amounts passed through to the subrecipient(s) by the State and working with program personnel to issue management decisions on findings. The State utilizes a contractor to perform the centralized functions of obtaining the single audit report, verifying the report meets the requirements, and assigning findings to the applicable State agency. During our testing of subrecipient single audit desk review files for our 2024 major programs, we noted instances where single audit desk reviews were still in process and had not been finalized within GATA ARRMS as of the date of our testing (July 10, 2025). Upon further review of data contained within GATA ARRMS, we identified 637 single audit reviews were identified as incomplete in GATA ARRMS for grantees who: (1) reported expenditures under fiscal year 2024 major programs, (2) had an audit report with a Federal Audit Clearinghouse acceptance date between January 2, 2023 and January 2, 2024 (requiring the report to be reviewed during fiscal year 2024) and (3) were not sanctioned (placed on the Illinois Stop Payment List) by the State for noncompliance with reporting requirements. These 637 reviews were in varying stages of completion with the majority (587 audits) pending documentation supporting the issuance of a final completion letter by the cognizant agency. The remaining 50 audits (7.8%) were pending receipt of documentation, pending a review, or had another error requiring follow-up. These 637 audits included 295 audits (46.3%) with one or more findings potentially requiring a management decision to be issued. We noted the cognizant agencies for the 637 incomplete single audit reviews in GATA ARRMS were as follows: "See Table in the Audit Report" The 637 incomplete single audit reviews in GATA ARRMS pertained to subrecipients of the following major programs: "See Table in the Audit Report" While in many instances there was evidence the State agencies had completed the necessary procedures outside of GATA ARRMS, the purpose of GATA ARRMS is to reduce the duplication of effort across State agencies and to provide a single submission point for the State’s subrecipients. The lack of monitoring controls around this centralized process may result in noncompliance with subrecipient single audit desk review requirements. The State’s subrecipient expenditures under the federal programs for the year ended June 30, 2024 were as follows: "See Table in the Audit Report" Criteria or Requirement: According to 2 CFR 200.332(d), a pass-through entity is required to monitor the activities of subrecipients as necessary to ensure the federal awards are used for authorized purposes in compliance with laws, regulations, and the provisions of contracts or grant agreements and that performance goals are achieved. Further, 2 CFR 200.332(d)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision on audit findings within six months of acceptance of the audit report by the FAC and ensure that the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires nonfederal entities to, among other things, establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include implementing procedures to monitor whether single audit reports are reviewed, management decision letters are issued, and single audit desk review files are closed out in GATA ARRMS in a timely manner. Cause: In discussing these conditions with GOMB officials, management stated that the incompleteness of the State’s audit reviews in GATA ARRMS was due to oversight. Possible Asserted Effect: Failure to complete and document reviews of subrecipient single audit reports in GATA ARRMS in a timely manner may result in noncompliance with the State’s obligation as a pass-through entity to appropriately monitor its subrecipients. Repeat Finding: A similar finding was reported in the prior year audit as finding number 2024-002. (Finding Code 2024-002, 2023-002) Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend GOMB establish procedures to monitor the completion and documentation of single audit report reviews in GATA ARRMS to ensure the State complies with its obligation as a pass-through entity. Views of GOMB Officials: GOMB agrees with the finding.
State Agency: Illinois Criminal Justice Information Authority (ICJIA) Federal Agency: U.S. Department of Justice (USDOJ) Program Name: Crime Victim Assistance ALN and Program Expenditures: 16.575 ($53,095,634) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-043: Inadequate Review of Subrecipient Single Audit Reports Condition Found: ICJIA did not adequately review single audit reports received from its subrecipients for the Crime Victim Assistance Program (CVA) program on a timely basis. The State of Illinois established the Grant Accountability and Transparency Unit (GATU) to implement the provisions of the State’s Grant Accountability and Transparency Act (GATA) on a centralized basis. GATU has established standardized reporting requirements for subrecipients of the various Federal and State programs administered by the State through its various departments. Subrecipients of the State are required to certify whether they expended more than $750,000 in federal awards during the fiscal year and submit their single audit reporting packages to the Federal Audit Clearinghouse (if required). GATU is then responsible for obtaining the single audit reporting package, verifying the report meets the single audit requirements, and assigning, to the applicable state agency, any findings attributable to amounts passed through to the subrecipient(s) by the State. As a State agency, ICJIA is responsible for reviewing the reports assigned to them by GATU and determining whether Federal funds reported in the consolidated year-end financial report (CYEFR) reconcile to ICJIA records. Additionally, as the cognizant State agency, ICJIA is responsible for issuing management decisions on findings reported and applying sanctions to subrecipients who do not comply with reporting requirements (i.e. stop pay process). During our testing of a sample of single audit desk review files for 14 subrecipients (with expenditures of $37,884,972 in the fiscal year), we noted the following: • For five subrecipients (with expenditures totaling $19,501,158), ICJIA did not issue a management decision letter in a timely manner. The delays in issuing management decision letters ranged from 61 to 128 days beyond the required timeframe. • For 11 subrecipients (with expenditures totaling $24,680,412), ICJIA did not reconcile the CYEFR to ICJIA’s records as required. As of the date we communicated our findings to ICJIA (January 27, 2026), ICJIA had still not reconciled the CYEFR to ICJIA’s records for 10 subrecipients (with expenditures totaling $24,097,663). • For one subrecipient (with expenditures of $295,572), the subrecipient single audit reporting package was not submitted within the required timeframe, and ICJIA did not follow up with the subrecipient or invoke the stop pay process. ICJIA has not established controls over subrecipient single audit reviews at an adequate level of precision to ensure single audit reporting requirements, including obtaining and reviewing single audit reporting packages, issuing management decision letters, reconciling CYEFRs to agency records, and invoking stop payment actions, are performed within required timeframes. ICJIA passed through $50,412,108 to subrecipients of the CVA program during the year ended June 30, 2024. Criteria or Requirement: According to 2 CFR 200.332(e), a pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations and the terms and conditions of the subaward, and that the subaward performance goals are achieved. Additionally, 2 CFR 200.332(e)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision on federal awards audit findings within six months of the acceptance of the report by the Federal Audit Clearinghouse and ensure the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires non-Federal entities to, among other things, establish and maintain internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include procedures to ensure Single Audit reports are reviewed in a timely manner and management decisions are issued within required timeframes. Cause: In discussing these conditions with ICJIA officials, they stated this GATA responsibility has not been performed as consistently as other responsibilities due to competing priorities and staff shortages. Possible Asserted Effect: Failure to complete and document reviews of subrecipient single audit reports in a timely manner may result in federal funds being expended for unallowable purposes and subrecipients not administering the federal programs in accordance with laws, regulations, and the grant agreement. Repeat Finding: A similar finding was reported in the prior year audit as finding number 2023-034. (Finding Code 2024-043, 2023-034) Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend ICJIA establish procedures to ensure subrecipient single audit report reviews are completed and documented in a timely manner. Additionally, ICJIA should implement procedures to ensure timely reconciliation of funds, issuance of management decision letters, and initiation of the stop pay process. Views of ICJIA Officials: ICJIA agrees with the finding and the cause. Staffing continues to be a priority for resolving the single audit review process.
State Agency: Illinois Department on Aging (IDOA) Federal Agency: U.S. Department of Health and Human Services (USDHHS) Program Name: Aging Cluster ALN and Program Expenditures: 93.044/93.045/93.053 ($68,210,944) Award Numbers: Various – see table of award numbers Federal Award Year: Various – see table of award numbers Questioned Costs: None Compliance Requirement: Subrecipient Monitoring Finding 2024-049: Inadequate Review of Subrecipient Single Audit Reports Condition Found: IDOA did not adequately document review of single audit reports received from its subrecipients for the Aging Cluster program on a timely basis. The State of Illinois established the Grant Accountability and Transparency Unit (GATU) to implement the provisions of the State’s Grant Accountability and Transparency Act (GATA) on a centralized basis. GATU has established standardized reporting requirements for subrecipients of the various Federal and State programs administered by the State through its various departments. Subrecipients of the State are required to certify whether they expended more than $750,000 in federal awards during the fiscal year and submit their single audit reporting packages to the Federal Audit Clearinghouse (if required). GATU is then responsible for obtaining the single audit reporting package, verifying the report meets the single audit requirements, and assigning to the applicable state agency any findings attributable to amounts passed through to the subrecipient(s) by the State. IDOA staff are responsible for reviewing the reports assigned to them by GATU and determining whether: (1) federal funds reported in the schedule of expenditures of federal awards reconcile to IDOA records; (2) issuing management decisions on findings reported within required timeframes; and (3) applying sanctions to subrecipients who do not comply with reporting requirements (i.e. stop pay process). During our testing of a sample of single audit desk review files for seven subrecipients (with expenditures of $40,522,841 in the fiscal year), we noted the following: • For five subrecipients (with expenditures totaling $23,626,549), IDOA did not issue a management decision letter. • For one subrecipient (with expenditures totaling $2,117,589), IDOA did not issue a management decision letter over the subrecipient’s single audit that was received during state fiscal year 2024. In addition, the subrecipient did not file a single audit for the prior year with the Federal Audit Clearinghouse. While IDOA received a copy of the unfiled single audit report, a review was not performed and funding was not suspended in accordance with the State’s established policies. IDOA has not established controls over subrecipient single audit reviews at an adequate level of precision to ensure single audit reporting requirements, including obtaining and reviewing single audit reporting packages, issuing management decision letters, and invoking stop payment actions are performed within required timeframes. IDOA passed through $66,724,826 to subrecipients of the Aging Cluster program during the year ended June 30, 2024. Criteria or Requirement: According to 2 CFR 200.332(d), a pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statues, regulations and the terms and conditions of the subaward, and that the subaward performance goals are achieved. Additionally, 2 CFR 200.332(d)(3) and 2 CFR 200.521 state that a pass-through entity is required to issue a management decision on federal award audit findings within six months of the acceptance of the report by the Federal Audit Clearinghouse and ensure the subrecipient takes timely and appropriate corrective action on all audit findings. In addition, 2 CFR 200.303 requires non-Federal entities to, among other things, establish and maintain internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Effective internal controls should include procedures to ensure Single Audit reports are reviewed in a timely manner and management decisions are issued within required timeframes. Cause: In discussing these conditions with IDOA officials, they stated competing priorities and limited resources have impacted the Department’s ability to comply with this requirement. Possible Asserted Effect: Failure to complete and document reviews of subrecipient single audit reports in a timely manner may result in federal funds being expended for unallowable purposes and subrecipients not administering the federal programs in accordance with laws, regulations, and the grant agreement. Additionally, failure to issue management decision letters within six months of acceptance of the single audit report by the FAC results in noncompliance with federal regulations. Repeat Finding: A similar finding was not reported in the prior year audit. (Finding Code 2024-049) Statistical Sampling: The sample was not intended to be, and was not, a statistically valid sample. Recommendation: We recommend IDOA establish procedures to ensure (1) subrecipient single audit report reviewed within established deadlines, (2) management decision letters are issued for all findings affecting its federal programs in accordance with the Uniform Guidance, and (3) follow up procedures are performed to ensure subrecipients have taken timely and appropriate corrective action. Views of IDOA Officials: The Department agrees with this finding. Although the Department shows that all the Area Agency on Aging single audits were received in the audit report review management system (ARRMS), there is one pending approval by the Audit Clearinghouse. The Department did not get the audits reconciled during state fiscal year 2024. The Department did not issue any management decision letters for those audits.
Finding Number: 2023-001 Internal Control over Compliance and Compliance with the Subrecipient Monitoring Compliance Requirement, Repeat Finding, Finding No. 2022-001 Identification of the Major Federal Program: Programs: Government Agency: Inclusion Across the Nation of Communities of Learners of Underrepresented Discoverers in Engineering and Science Assistance Listing Number: 47.076 Award Number: HRD-1834540 Award Years: 09/01/2018 – 02/28/2025 PhysTEC: Building a Solution to the National Physics Teacher Shortage Assistance Listing Number: 47.049 Award Number: PHY-1707990 Award Years: 07/01/2017 – 06/30/2023 National Science Foundation (NSF) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331, a pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. reviewing financial and programmatic (performance and special reports) required by the PTE; 2. following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means; 3. issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Furthermore, under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Public Law 110-252, hereafter referred as the “Transparency Act” that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). If a subaward/subcontract was subject to reporting under the Transparency Act, the action was required to be reported in FSRS no later than the last day of the month following the month in which the subaward/subcontract amendment obligation was made or in the subcontract award/subcontract modification was made. Conditions – Our examination of the program’s subrecipient monitoring requirements includes the review and approval of financial and performance quarterly reports by the program managers. The quarterly reports are prepared by APS’ grants administrator with inputs provided by the subrecipient submitted to the program managers. Of the program’s twenty (20) subrecipients, we examined eight (8) subrecipients and observed that although the respective program managers had monitoring oversight of the various grant’s financial and programmatic activities, there was no formal evidentiary documentation to support the monitoring oversight process performed by the program managers. Furthermore, our examination of the program’s subrecipient monitoring requirements includes follow-ups by APS to ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to federal awards provided to the subrecipients which have been detected through reviews of audits, on-site reviews, and other means. We selected six (6) subrecipients for testing and noted that for two (2) samples selected APS was unable to provide evidence that it monitored the subrecipients through review of its single audit reports, on-site reviews, and other means. We also tested a sample of three (3) subrecipients and our examination of the monitoring and reporting requirements revealed that APS did not report the information on a subaward of $30,000 or more in federal funds timely and on one (1) of the sub awards reported, the contract award amount reported is less than the actual expenditures incurred by the subrecipient. APS began implementation of its corrective action plan on June 5, 2023, and the exceptions identified above is as a result of the fact that APS was still in the implementation process of its corrective action plan. Cause - Management does not have adequate internal controls and policies and procedures in place to ensure that a review is performed on the financial and programmatic reports in a timely manner and to ensure that its subrecipients do not have any audit deficiencies relating to federal award programs and if any deficiencies are detected, that the subrecipients takes timely and appropriate action to resolve the deficiencies identified. There is also a lack of established monitoring and internal control procedures in place to ensure that reports required under the Transparency Act are prepared and submitted timely in FSRS Reporting System resulted in APS’ noncompliance with the reporting requirements. Effect or potential effect – APS is not in compliance with the subrecipient monitoring requirements as it did not maintain consistent documented evidence of its monitoring of subrecipients. In addition, failure to comply with the reporting requirements of the Uniform Guidance could result in the awarding agency taking action such as reducing future funding. Questioned Costs – None. Context – These are conditions identified per review of APS compliance with specified compliance requirements using a statistically valid sample. Recommendations – BDO recommends that APS continue to apply the implemented policies, procedures and controls that will ensure that all requisite reports are reviewed, and evidence of review are documented and maintained. Furthermore, APS should continue to implement policies to obtain and review single audit reports of its subrecipients in order to ensure compliance with all the required laws, guidelines and requirement under the award. BDO recommends that APS continues to implement established policies and procedure over the preparation and timely submission of reports required under the Transparency Act to ensure compliance with reporting requirements. Views of Responsible Officials - APS concurs with this finding. APS’ corrective action is described in the Management’s Corrective Action Plan included below.
Finding Number: 2023-001 Internal Control over Compliance and Compliance with the Subrecipient Monitoring Compliance Requirement, Repeat Finding, Finding No. 2022-001 Identification of the Major Federal Program: Programs: Government Agency: Inclusion Across the Nation of Communities of Learners of Underrepresented Discoverers in Engineering and Science Assistance Listing Number: 47.076 Award Number: HRD-1834540 Award Years: 09/01/2018 – 02/28/2025 PhysTEC: Building a Solution to the National Physics Teacher Shortage Assistance Listing Number: 47.049 Award Number: PHY-1707990 Award Years: 07/01/2017 – 06/30/2023 National Science Foundation (NSF) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331, a pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. reviewing financial and programmatic (performance and special reports) required by the PTE; 2. following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means; 3. issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Furthermore, under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Public Law 110-252, hereafter referred as the “Transparency Act” that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). If a subaward/subcontract was subject to reporting under the Transparency Act, the action was required to be reported in FSRS no later than the last day of the month following the month in which the subaward/subcontract amendment obligation was made or in the subcontract award/subcontract modification was made. Conditions – Our examination of the program’s subrecipient monitoring requirements includes the review and approval of financial and performance quarterly reports by the program managers. The quarterly reports are prepared by APS’ grants administrator with inputs provided by the subrecipient submitted to the program managers. Of the program’s twenty (20) subrecipients, we examined eight (8) subrecipients and observed that although the respective program managers had monitoring oversight of the various grant’s financial and programmatic activities, there was no formal evidentiary documentation to support the monitoring oversight process performed by the program managers. Furthermore, our examination of the program’s subrecipient monitoring requirements includes follow-ups by APS to ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to federal awards provided to the subrecipients which have been detected through reviews of audits, on-site reviews, and other means. We selected six (6) subrecipients for testing and noted that for two (2) samples selected APS was unable to provide evidence that it monitored the subrecipients through review of its single audit reports, on-site reviews, and other means. We also tested a sample of three (3) subrecipients and our examination of the monitoring and reporting requirements revealed that APS did not report the information on a subaward of $30,000 or more in federal funds timely and on one (1) of the sub awards reported, the contract award amount reported is less than the actual expenditures incurred by the subrecipient. APS began implementation of its corrective action plan on June 5, 2023, and the exceptions identified above is as a result of the fact that APS was still in the implementation process of its corrective action plan. Cause - Management does not have adequate internal controls and policies and procedures in place to ensure that a review is performed on the financial and programmatic reports in a timely manner and to ensure that its subrecipients do not have any audit deficiencies relating to federal award programs and if any deficiencies are detected, that the subrecipients takes timely and appropriate action to resolve the deficiencies identified. There is also a lack of established monitoring and internal control procedures in place to ensure that reports required under the Transparency Act are prepared and submitted timely in FSRS Reporting System resulted in APS’ noncompliance with the reporting requirements. Effect or potential effect – APS is not in compliance with the subrecipient monitoring requirements as it did not maintain consistent documented evidence of its monitoring of subrecipients. In addition, failure to comply with the reporting requirements of the Uniform Guidance could result in the awarding agency taking action such as reducing future funding. Questioned Costs – None. Context – These are conditions identified per review of APS compliance with specified compliance requirements using a statistically valid sample. Recommendations – BDO recommends that APS continue to apply the implemented policies, procedures and controls that will ensure that all requisite reports are reviewed, and evidence of review are documented and maintained. Furthermore, APS should continue to implement policies to obtain and review single audit reports of its subrecipients in order to ensure compliance with all the required laws, guidelines and requirement under the award. BDO recommends that APS continues to implement established policies and procedure over the preparation and timely submission of reports required under the Transparency Act to ensure compliance with reporting requirements. Views of Responsible Officials - APS concurs with this finding. APS’ corrective action is described in the Management’s Corrective Action Plan included below.
Cluster: Research and Development Agency: Department of Human and Health Services Award Names: Safety and Health Risks in Energy Transition for the Commercial Fishing Industry Award Numbers: U01OH012502 Assistance Listing Title: Center for Disease Control and Prevention (CDC) Assistance Listing Number: 93.262 Award Year: FY 2023 Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Condition Through our testing of 4 subrecipients out of a total subrecipient population of 10, we were able to obtain a documented initial risk assessment for each subrecipient selected and other evidence of monitoring such as meetings with the subrecipients. However, we were unable to obtain evidence that the Company obtained and reviewed the annual Uniform Guidance report or annual audited financial statements (if the entity was not subject to a Uniform Guidance audit) for 1 out of 4 subrecipients selected for testing. Cause The Company failed to ensure that their subrecipient monitoring process included obtaining and reviewing every subrecipient’s annual Uniform Guidance report or annual audited financial statements during FY 2023. Effect The lack of an annual review of subrecipient audits may result in ineligible subrecipients receiving federal awards, subrecipient findings not being fully remediated and other monitoring procedures (based on risk level) not being performed. Questioned Costs None noted. Recommendation We recommend the Company follow their policy, which includes obtaining and reviewing Uniform Guidance reports (or audited financial statements to the extent Uniform Guidance reports are not available) for every subrecipient on an annual basis and ensure that it is completed for all applicable awards. When reviewing the reports, they should understand the type of opinion(s) expressed and whether there were any findings associated with their awards, document their review and assess whether there is any change in the risk assessment and subsequent monitoring needed of each subrecipient. We also recommend a supervisory review over subrecipient monitoring to be included in the process to ensure it gets completed completely and accurately for all awards. This supervisory review should also be evidenced through documentation. This is a repeat finding of 2022-001, which continued to remain open during FY2023. Management’ Views and Corrective Action Plan Management’s Views and Corrective Action Plan are included at the end of this report.
FINDING 2023-003 Subject: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds - Subrecipient Monitoring Federal Agency: Department of the Treasury Federal Program: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Assistance Listings Number: 21.027 Federal Award Number and Year (or Other Identifying Number): FY 2023 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Modified Opinion Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-005. Condition and Context The County received a total State and Local Fiscal Recovery Funds (SLFRF) allocation of $13,177,707. During the audit period, the County provided subawards of SLFRF funds to other entities. As a pass-through entity, the County must: Identify the award and the applicable requirements to each subrecipient. Evaluate each subrecipient's risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for an authorized purpose, complies with the terms and conditions of the subaward, and achieves performance goals. Subawards, totaling $290,000, were provided to two different entities. Both subrecipient agreements associated with the subawards were selected for testing. For the two agreements tested, the following information was incomplete or missing: The federal award identification number (FAIN). The federal award date of award to the recipient by the federal agency. The name of the federal awarding agency, pass-through entity (auditee), and contact information for awarding official of the pass-through entity (auditee). The Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each federal award and the Assistance Listings Number at time of disbursement. Furthermore, the County did not have an evaluation of the subrecipients' risk of noncompliance or monitoring activities demonstrating compliance with the subrecipient monitoring requirement. The County did not request any financial or audit documentation from the subrecipients. The lack of internal controls and noncompliance were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 21 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.331(a) states: "Subrecipients. A subaward is for the purpose of carrying out a portion of a Federal award and creates a Federal assistance relationship with the subrecipient. See definition for Subaward in § 200.1 of this part. Characteristics which support the classification of the non-Federal entity as a subrecipient include when the non-Federal entity: (1) Determines who is eligible to receive what Federal assistance; (2) Has its performance measured in relation to whether objectives of a Federal program were met; (3) Has responsibility for programmatic decision-making; (4) Is responsible for adherence to applicable Federal program requirements specified in the Federal award; and (5) In accordance with its agreement, uses the Federal funds to carry out a program for a public purpose specified in authorizing statute, as opposed to providing goods or services for the benefit of the pass-through entity." 2 CFR 200.332 states in part: "All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward . . . (1) Federal award identification. (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; INDIANA STATE BOARD OF ACCOUNTS 22 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the passthrough entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the passthrough entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; (4) (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the passthrough entity must determine the appropriate rate in collaboration with the subrecipient, which is either: (A) The negotiated indirect cost rate between the pass-through entity and the subrecipient; which can be based on a prior negotiated rate between a different PTE and the same subrecipient. If basing the rate on a previously negotiated rate, the pass-through entity is not required to collect information justifying this rate, but may elect to do so; (B) The de minimis indirect cost rate. INDIANA STATE BOARD OF ACCOUNTS 23 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. Subrecipients can elect to use the cost allocation method to account for indirect costs in accordance with § 200.405(d). (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient's risk of noncompliance with Federal statues, regulations, and the terms and conditions of the subaward for purposes of determined the appropriate subrecipient monitoring . . . (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. . . ." Cause The system of internal controls as established by the management of the County was not properly designed nor implemented. The County was unable to provide documentation that monitoring procedures were in place over subrecipients. Effect Without the proper implementation of an effectively designed system of internal controls, the County cannot be sure subrecipients are provided an adequate subaward agreement, with all required elements and are adequately monitored. As such, subaward agreements entered into by the County did not include all the required elements. In addition, the County did not properly monitor the non-profit to ensure proper spending of the federal funds. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the County. INDIANA STATE BOARD OF ACCOUNTS 24 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the County design and implement a proper system of internal controls and develop policies and procedures to ensure subrecipients are provided with an adequate subaward agreement and monitored as appropriate. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2023-001 - Internal Controls over Subrecipient Monitoring (SD, NC) Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds Federal Catalog Number: 21.027 Federal Agency: U.S. Department of Treasury Category of Finding: Subrecipient Monitoring Criteria: Pursuant to the Office of Management and Budget (OMB) 2 CFR Part 200, Appendix XI, Compliance Supplement May 2023, sections 3-M-1 and 3-M-2: A recipient must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. Reviewing financial and programmatic (performance and special reports) required by the PTE. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. 3. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Condition: While the Society currently has policies and procedures for monitoring subrecipients, it does not have a policy specifically relating to subaward agreements between the Society and its subrecipients that is compliant with applicable Federal statutes per 2 CFR part 200, Appendix XI, Compliance Supplement May 2023, sections 3-M-1 and 3-M-2. No formal subaward agreement was drafted by the Society and its subrecipient. Cause: Lack of formal policies specifically addressing federal requirements for subaward agreements. Effect or Potential Effect: Although the Society has existing policies and procedures for monitoring, the absence of a formal subaward agreement compliant with federal regulations may potentially result in the Society sending funds to subrecipients for activities and services that are nonconforming to allowed costs under the Uniform Guidance. Questioned Cost: None Context: During the audit, we did not receive a copy of the subaward between the Society and its subrecipient. Repeat of a Prior-Year Finding: No.
Criteria: 2 CFR 200.332 notes, “All pass-through entities must… (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Condition: The Organization noted they do not request and review audited financial statements for all subrecipients. Questioned Costs: N/A Cause and Effect: Without reviewing audited financial statements, subrecipients may have deficiencies in internal control or compliance which could lead to future unallowable expenditures to be incurred. Recommendation: We recommend ACT evaluates policies and procedures to ensure appropriate monitoring is performed over all subrecipients and reviews audited financial statements for those subrecipients that are required to have an audit performed. Views of Responsible Officials and Planned Corrective Actions: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Criteria: 2 CFR 200.332 notes, “All pass-through entities must… (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Condition: The Organization noted they do not request and review audited financial statements for all subrecipients. Questioned Costs: N/A Cause and Effect: Without reviewing audited financial statements, subrecipients may have deficiencies in internal control or compliance which could lead to future unallowable expenditures to be incurred. Recommendation: We recommend ACT evaluates policies and procedures to ensure appropriate monitoring is performed over all subrecipients and reviews audited financial statements for those subrecipients that are required to have an audit performed. Views of Responsible Officials and Planned Corrective Actions: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
2023-004: Subrecipient Monitoring Criteria: The Code of Federal Regulations 2 CFR 200.332 states that all pass-through entities (PTE) must: Identify the Award and Applicable Requirements - Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.331(a)(1); (2)all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.331(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.331(a)(3)). Evaluate Risk - Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). Monitor - Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: (1) Reviewing financial and programmatic (performance and special reports) required by the PTE. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Condition: The Organization did not clearly communicate the required federal award information and applicable requirements to the subrecipients. The Organization did not evaluate the risk of non-compliance of the subrecipients in order to identify the appropriate monitoring procedures. Statistical sampling was not used in making sample selections. Cause: The Organization has not implemented policies or procedures, to the degree necessary, to ensure that federal award monitoring compliance requirements are being met. Effect: The Organization did not perform adequate monitoring procedures on the subrecipients. Without communication of required information, subrecipients may overspend award amounts or incur unallowable expenses towards the grant. Questioned Costs: N/A Statistical Sampling: Statistical sampling was not used in making sample selections. Recommendation: We recommend that management of the Organization implement policies, procedures, and internal controls to evaluate the subrecipient risk of noncompliance to ensure subrecipients are being appropriately monitored in compliance with federal regulations. Views of Responsible Officials: Management agrees with this finding and their response is included in the corrective action plan.
Finding Number: 2023-007 Repeat Finding: Yes Type of Finding: Material Weakness in Internal Control and Material Noncompliance Description: Subrecipient Monitoring and Management Major Program: AL#93.772 - Tribal Public Health Capacity Building and Quality Improvement Umbrella Cooperative Agreement – Direct Award (DHHS) – Award numbers: 1 NU38TO000023-01-00, 6 NU38TO000023- 01-01, 6 NU38OT000257-05-03 and 6 NU38OT000257C3 Questioned Costs: None How the questioned costs were computed: N/A Compliance Requirement: Subrecipient Monitoring Condition: The Organization did not comply with any of the subrecipient monitoring and management requirements in accordance with 2 CFR Part 200.332. Criteria: The subrecipient monitoring and management requirements that are codified in 2 CFR Part 200.332 requires the pass-through entity must: a. Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes: 1. Federal award identification; 2. All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; 3. Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports. 4. (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the passthrough entity must determine the appropriate rate in collaboration with the subrecipient, which is either: 1. The negotiated indirect cost rate between the pass-through entity and the subrecipient; 2. The de minimis indirect cost rate (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. (iii) 5. A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient’s records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and 6. Appropriate terms and conditions concerning closeout of the subaward. b. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. c. Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. 4. The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the passthrough entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. e. Depending upon the pass-through entity's assessment of risk posed by the subrecipient, the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: 1. Providing subrecipients with training and technical assistance on program-related matters; and 2. Performing on-site reviews of the subrecipient's program operations; 3. Arranging for agreed-upon-procedures engagements as described in § 200.425. f. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. g. Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. h. Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations. Cause: The Organization’s management was not aware of the subrecipient monitoring and management requirements. Effect: The Organization was not in compliance with any of the subrecipient monitoring and management requirements, resulting in a material noncompliance and a material weakness in internal controls over compliance. Recommendation: We recommend the Organization implement systems and procedures to ensure compliance with the subrecipient monitoring and management compliance requirements. View of Responsible Officials: Management agrees with the finding and has committed to a corrective action plan.
Finding Number: 2023-007 Repeat Finding: Yes Type of Finding: Material Weakness in Internal Control and Material Noncompliance Description: Subrecipient Monitoring and Management Major Program: AL#93.772 - Tribal Public Health Capacity Building and Quality Improvement Umbrella Cooperative Agreement – Direct Award (DHHS) – Award numbers: 1 NU38TO000023-01-00, 6 NU38TO000023- 01-01, 6 NU38OT000257-05-03 and 6 NU38OT000257C3 Questioned Costs: None How the questioned costs were computed: N/A Compliance Requirement: Subrecipient Monitoring Condition: The Organization did not comply with any of the subrecipient monitoring and management requirements in accordance with 2 CFR Part 200.332. Criteria: The subrecipient monitoring and management requirements that are codified in 2 CFR Part 200.332 requires the pass-through entity must: a. Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes: 1. Federal award identification; 2. All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; 3. Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports. 4. (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the passthrough entity must determine the appropriate rate in collaboration with the subrecipient, which is either: 1. The negotiated indirect cost rate between the pass-through entity and the subrecipient; 2. The de minimis indirect cost rate (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. (iii) 5. A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient’s records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and 6. Appropriate terms and conditions concerning closeout of the subaward. b. Evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. c. Consider imposing specific subaward conditions upon a subrecipient if appropriate as described in § 200.208. d. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. 4. The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the passthrough entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. e. Depending upon the pass-through entity's assessment of risk posed by the subrecipient, the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: 1. Providing subrecipients with training and technical assistance on program-related matters; and 2. Performing on-site reviews of the subrecipient's program operations; 3. Arranging for agreed-upon-procedures engagements as described in § 200.425. f. Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. g. Consider whether the results of the subrecipient's audits, on-site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass-through entity's own records. h. Consider taking enforcement action against noncompliant subrecipients as described in § 200.339 of this part and in program regulations. Cause: The Organization’s management was not aware of the subrecipient monitoring and management requirements. Effect: The Organization was not in compliance with any of the subrecipient monitoring and management requirements, resulting in a material noncompliance and a material weakness in internal controls over compliance. Recommendation: We recommend the Organization implement systems and procedures to ensure compliance with the subrecipient monitoring and management compliance requirements. View of Responsible Officials: Management agrees with the finding and has committed to a corrective action plan.
2023-008 - Uniform Guidance Subrecipient Monitoring - Significant Deficiency/Noncompliance Federal Program: Assistance Listing #21.027, Coronavirus State and Local Fiscal Recovery Funds, U.S. Department of Treasury, Pass Through Entity Identifying Number: Not Available Assistance Listing #21.023, Emergency Rental Assistance Program, U.S. Department of Treasury, Passed through the Pennsylvania Department of Human Services, Pass-Through Entity Identifying Number: N/A Prior Year Finding Number 2022-004 Criteria: The requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards (Uniform Guidance), §200.331 Requirements for Pass-through Entities, requires entities who pass federal funding through to subrecipients evaluate each subrecipient's risk of noncompliance. As detailed in 2 CFR sections 200.331(d) through (f), the Uniform Guidance requires pass-through entities to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. This includes issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient, as detailed in 2 CFR section 200.521. Condition/Context: As part of our follow-up on previous audit findings and based on our current year testing, it was noted that the County is not formally documenting its monitoring activities over its subrecipients in compliance with the Uniform Guidance. Questioned Costs: N/A Cause: While the County has monitoring processes in place for subrecipients, it is not currently documenting certain of the initial risk assessment decisions or the occurrence of ongoing monitoring activities for its subrecipient, representing a significant deficiency in internal control over compliance. Effect: The County is not in compliance with certain requirements of the Uniform Guidance. Recommendation: We recommend that County management perform and document the various monitoring activities performed with regard to its subrecipients. Views of Responsible Officials and Planned Corrective Actions: Management understands and is working to provide better oversight and monitoring of entities that receive pass-through grant dollars. See corrective action plan.
2023-008 - Uniform Guidance Subrecipient Monitoring - Significant Deficiency/Noncompliance Federal Program: Assistance Listing #21.027, Coronavirus State and Local Fiscal Recovery Funds, U.S. Department of Treasury, Pass Through Entity Identifying Number: Not Available Assistance Listing #21.023, Emergency Rental Assistance Program, U.S. Department of Treasury, Passed through the Pennsylvania Department of Human Services, Pass-Through Entity Identifying Number: N/A Prior Year Finding Number 2022-004 Criteria: The requirements of Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards (Uniform Guidance), §200.331 Requirements for Pass-through Entities, requires entities who pass federal funding through to subrecipients evaluate each subrecipient's risk of noncompliance. As detailed in 2 CFR sections 200.331(d) through (f), the Uniform Guidance requires pass-through entities to monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. This includes issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient, as detailed in 2 CFR section 200.521. Condition/Context: As part of our follow-up on previous audit findings and based on our current year testing, it was noted that the County is not formally documenting its monitoring activities over its subrecipients in compliance with the Uniform Guidance. Questioned Costs: N/A Cause: While the County has monitoring processes in place for subrecipients, it is not currently documenting certain of the initial risk assessment decisions or the occurrence of ongoing monitoring activities for its subrecipient, representing a significant deficiency in internal control over compliance. Effect: The County is not in compliance with certain requirements of the Uniform Guidance. Recommendation: We recommend that County management perform and document the various monitoring activities performed with regard to its subrecipients. Views of Responsible Officials and Planned Corrective Actions: Management understands and is working to provide better oversight and monitoring of entities that receive pass-through grant dollars. See corrective action plan.
Finding Number: 2023-001 Internal Control over Compliance and Compliance with the Subrecipient Monitoring Compliance Requirement, Repeat Finding, Finding No. 2022-001 Identification of the Major Federal Program: Programs: Government Agency: Inclusion Across the Nation of Communities of Learners of Underrepresented Discoverers in Engineering and Science Assistance Listing Number: 47.076 Award Number: HRD-1834540 Award Years: 09/01/2018 – 02/28/2025 PhysTEC: Building a Solution to the National Physics Teacher Shortage Assistance Listing Number: 47.049 Award Number: PHY-1707990 Award Years: 07/01/2017 – 06/30/2023 National Science Foundation (NSF) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331, a pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. reviewing financial and programmatic (performance and special reports) required by the PTE; 2. following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means; 3. issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Furthermore, under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Public Law 110-252, hereafter referred as the “Transparency Act” that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). If a subaward/subcontract was subject to reporting under the Transparency Act, the action was required to be reported in FSRS no later than the last day of the month following the month in which the subaward/subcontract amendment obligation was made or in the subcontract award/subcontract modification was made. Conditions – Our examination of the program’s subrecipient monitoring requirements includes the review and approval of financial and performance quarterly reports by the program managers. The quarterly reports are prepared by APS’ grants administrator with inputs provided by the subrecipient submitted to the program managers. Of the program’s twenty (20) subrecipients, we examined eight (8) subrecipients and observed that although the respective program managers had monitoring oversight of the various grant’s financial and programmatic activities, there was no formal evidentiary documentation to support the monitoring oversight process performed by the program managers. Furthermore, our examination of the program’s subrecipient monitoring requirements includes follow-ups by APS to ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to federal awards provided to the subrecipients which have been detected through reviews of audits, on-site reviews, and other means. We selected six (6) subrecipients for testing and noted that for two (2) samples selected APS was unable to provide evidence that it monitored the subrecipients through review of its single audit reports, on-site reviews, and other means. We also tested a sample of three (3) subrecipients and our examination of the monitoring and reporting requirements revealed that APS did not report the information on a subaward of $30,000 or more in federal funds timely and on one (1) of the sub awards reported, the contract award amount reported is less than the actual expenditures incurred by the subrecipient. APS began implementation of its corrective action plan on June 5, 2023, and the exceptions identified above is as a result of the fact that APS was still in the implementation process of its corrective action plan. Cause - Management does not have adequate internal controls and policies and procedures in place to ensure that a review is performed on the financial and programmatic reports in a timely manner and to ensure that its subrecipients do not have any audit deficiencies relating to federal award programs and if any deficiencies are detected, that the subrecipients takes timely and appropriate action to resolve the deficiencies identified. There is also a lack of established monitoring and internal control procedures in place to ensure that reports required under the Transparency Act are prepared and submitted timely in FSRS Reporting System resulted in APS’ noncompliance with the reporting requirements. Effect or potential effect – APS is not in compliance with the subrecipient monitoring requirements as it did not maintain consistent documented evidence of its monitoring of subrecipients. In addition, failure to comply with the reporting requirements of the Uniform Guidance could result in the awarding agency taking action such as reducing future funding. Questioned Costs – None. Context – These are conditions identified per review of APS compliance with specified compliance requirements using a statistically valid sample. Recommendations – BDO recommends that APS continue to apply the implemented policies, procedures and controls that will ensure that all requisite reports are reviewed, and evidence of review are documented and maintained. Furthermore, APS should continue to implement policies to obtain and review single audit reports of its subrecipients in order to ensure compliance with all the required laws, guidelines and requirement under the award. BDO recommends that APS continues to implement established policies and procedure over the preparation and timely submission of reports required under the Transparency Act to ensure compliance with reporting requirements. Views of Responsible Officials - APS concurs with this finding. APS’ corrective action is described in the Management’s Corrective Action Plan included below.
Finding Number: 2023-001 Internal Control over Compliance and Compliance with the Subrecipient Monitoring Compliance Requirement, Repeat Finding, Finding No. 2022-001 Identification of the Major Federal Program: Programs: Government Agency: Inclusion Across the Nation of Communities of Learners of Underrepresented Discoverers in Engineering and Science Assistance Listing Number: 47.076 Award Number: HRD-1834540 Award Years: 09/01/2018 – 02/28/2025 PhysTEC: Building a Solution to the National Physics Teacher Shortage Assistance Listing Number: 47.049 Award Number: PHY-1707990 Award Years: 07/01/2017 – 06/30/2023 National Science Foundation (NSF) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331, a pass-through entity (PTE) must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. reviewing financial and programmatic (performance and special reports) required by the PTE; 2. following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means; 3. issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Furthermore, under the requirements of the Federal Funding Accountability and Transparency Act (FFATA) (Pub. L. No. 109-282), as amended by Section 6202 of Public Law 110-252, hereafter referred as the “Transparency Act” that are codified in 2 CFR Part 170, recipients (i.e., direct recipients) of grants or cooperative agreements are required to report first-tier subawards of $30,000 or more to the Federal Funding Accountability and Transparency Act Subaward Reporting System (FSRS). If a subaward/subcontract was subject to reporting under the Transparency Act, the action was required to be reported in FSRS no later than the last day of the month following the month in which the subaward/subcontract amendment obligation was made or in the subcontract award/subcontract modification was made. Conditions – Our examination of the program’s subrecipient monitoring requirements includes the review and approval of financial and performance quarterly reports by the program managers. The quarterly reports are prepared by APS’ grants administrator with inputs provided by the subrecipient submitted to the program managers. Of the program’s twenty (20) subrecipients, we examined eight (8) subrecipients and observed that although the respective program managers had monitoring oversight of the various grant’s financial and programmatic activities, there was no formal evidentiary documentation to support the monitoring oversight process performed by the program managers. Furthermore, our examination of the program’s subrecipient monitoring requirements includes follow-ups by APS to ensure the subrecipients take timely and appropriate action on all deficiencies pertaining to federal awards provided to the subrecipients which have been detected through reviews of audits, on-site reviews, and other means. We selected six (6) subrecipients for testing and noted that for two (2) samples selected APS was unable to provide evidence that it monitored the subrecipients through review of its single audit reports, on-site reviews, and other means. We also tested a sample of three (3) subrecipients and our examination of the monitoring and reporting requirements revealed that APS did not report the information on a subaward of $30,000 or more in federal funds timely and on one (1) of the sub awards reported, the contract award amount reported is less than the actual expenditures incurred by the subrecipient. APS began implementation of its corrective action plan on June 5, 2023, and the exceptions identified above is as a result of the fact that APS was still in the implementation process of its corrective action plan. Cause - Management does not have adequate internal controls and policies and procedures in place to ensure that a review is performed on the financial and programmatic reports in a timely manner and to ensure that its subrecipients do not have any audit deficiencies relating to federal award programs and if any deficiencies are detected, that the subrecipients takes timely and appropriate action to resolve the deficiencies identified. There is also a lack of established monitoring and internal control procedures in place to ensure that reports required under the Transparency Act are prepared and submitted timely in FSRS Reporting System resulted in APS’ noncompliance with the reporting requirements. Effect or potential effect – APS is not in compliance with the subrecipient monitoring requirements as it did not maintain consistent documented evidence of its monitoring of subrecipients. In addition, failure to comply with the reporting requirements of the Uniform Guidance could result in the awarding agency taking action such as reducing future funding. Questioned Costs – None. Context – These are conditions identified per review of APS compliance with specified compliance requirements using a statistically valid sample. Recommendations – BDO recommends that APS continue to apply the implemented policies, procedures and controls that will ensure that all requisite reports are reviewed, and evidence of review are documented and maintained. Furthermore, APS should continue to implement policies to obtain and review single audit reports of its subrecipients in order to ensure compliance with all the required laws, guidelines and requirement under the award. BDO recommends that APS continues to implement established policies and procedure over the preparation and timely submission of reports required under the Transparency Act to ensure compliance with reporting requirements. Views of Responsible Officials - APS concurs with this finding. APS’ corrective action is described in the Management’s Corrective Action Plan included below.
Cluster: Research and Development Agency: Department of Human and Health Services Award Names: Safety and Health Risks in Energy Transition for the Commercial Fishing Industry Award Numbers: U01OH012502 Assistance Listing Title: Center for Disease Control and Prevention (CDC) Assistance Listing Number: 93.262 Award Year: FY 2023 Criteria 2 CFR 200.332(d) notes that pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by 2 CFR 200.521. 2 CFR 200.332(f) notes that a pass-through entity must verify that every subrecipient is audited as required by the Uniform Guidance when it is expected that the subrecipient’s Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in 2 CFR 200.501. Condition Through our testing of 4 subrecipients out of a total subrecipient population of 10, we were able to obtain a documented initial risk assessment for each subrecipient selected and other evidence of monitoring such as meetings with the subrecipients. However, we were unable to obtain evidence that the Company obtained and reviewed the annual Uniform Guidance report or annual audited financial statements (if the entity was not subject to a Uniform Guidance audit) for 1 out of 4 subrecipients selected for testing. Cause The Company failed to ensure that their subrecipient monitoring process included obtaining and reviewing every subrecipient’s annual Uniform Guidance report or annual audited financial statements during FY 2023. Effect The lack of an annual review of subrecipient audits may result in ineligible subrecipients receiving federal awards, subrecipient findings not being fully remediated and other monitoring procedures (based on risk level) not being performed. Questioned Costs None noted. Recommendation We recommend the Company follow their policy, which includes obtaining and reviewing Uniform Guidance reports (or audited financial statements to the extent Uniform Guidance reports are not available) for every subrecipient on an annual basis and ensure that it is completed for all applicable awards. When reviewing the reports, they should understand the type of opinion(s) expressed and whether there were any findings associated with their awards, document their review and assess whether there is any change in the risk assessment and subsequent monitoring needed of each subrecipient. We also recommend a supervisory review over subrecipient monitoring to be included in the process to ensure it gets completed completely and accurately for all awards. This supervisory review should also be evidenced through documentation. This is a repeat finding of 2022-001, which continued to remain open during FY2023. Management’ Views and Corrective Action Plan Management’s Views and Corrective Action Plan are included at the end of this report.
FINDING 2023-003 Subject: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds - Subrecipient Monitoring Federal Agency: Department of the Treasury Federal Program: COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Assistance Listings Number: 21.027 Federal Award Number and Year (or Other Identifying Number): FY 2023 Compliance Requirement: Subrecipient Monitoring Audit Findings: Material Weakness, Modified Opinion Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-005. Condition and Context The County received a total State and Local Fiscal Recovery Funds (SLFRF) allocation of $13,177,707. During the audit period, the County provided subawards of SLFRF funds to other entities. As a pass-through entity, the County must: Identify the award and the applicable requirements to each subrecipient. Evaluate each subrecipient's risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for an authorized purpose, complies with the terms and conditions of the subaward, and achieves performance goals. Subawards, totaling $290,000, were provided to two different entities. Both subrecipient agreements associated with the subawards were selected for testing. For the two agreements tested, the following information was incomplete or missing: The federal award identification number (FAIN). The federal award date of award to the recipient by the federal agency. The name of the federal awarding agency, pass-through entity (auditee), and contact information for awarding official of the pass-through entity (auditee). The Assistance Listings Number and Title; the pass-through entity must identify the dollar amount made available under each federal award and the Assistance Listings Number at time of disbursement. Furthermore, the County did not have an evaluation of the subrecipients' risk of noncompliance or monitoring activities demonstrating compliance with the subrecipient monitoring requirement. The County did not request any financial or audit documentation from the subrecipients. The lack of internal controls and noncompliance were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 21 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.331(a) states: "Subrecipients. A subaward is for the purpose of carrying out a portion of a Federal award and creates a Federal assistance relationship with the subrecipient. See definition for Subaward in § 200.1 of this part. Characteristics which support the classification of the non-Federal entity as a subrecipient include when the non-Federal entity: (1) Determines who is eligible to receive what Federal assistance; (2) Has its performance measured in relation to whether objectives of a Federal program were met; (3) Has responsibility for programmatic decision-making; (4) Is responsible for adherence to applicable Federal program requirements specified in the Federal award; and (5) In accordance with its agreement, uses the Federal funds to carry out a program for a public purpose specified in authorizing statute, as opposed to providing goods or services for the benefit of the pass-through entity." 2 CFR 200.332 states in part: "All pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes the following information at the time of the subaward . . . (1) Federal award identification. (i) Subrecipient name (which must match the name associated with its unique entity identifier); (ii) Subrecipient's unique entity identifier; (iii) Federal Award Identification Number (FAIN); (iv) Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; INDIANA STATE BOARD OF ACCOUNTS 22 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (v) Subaward Period of Performance Start and End Date; (vi) Subaward Budget Period Start and End Date; (vii) Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; (viii) Total Amount of Federal Funds Obligated to the subrecipient by the passthrough entity including the current financial obligation; (ix) Total Amount of the Federal Award committed to the subrecipient by the passthrough entity; (x) Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); (xi) Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; (xii) Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; (xiii) Identification of whether the award is R&D; and (xiv) Indirect cost rate for the Federal award (including if the de minimis rate is charged) per § 200.414. (2) All requirements imposed by the pass-through entity on the subrecipient so that the Federal award is used in accordance with Federal statutes, regulations and the terms and conditions of the Federal award; (3) Any additional requirements that the pass-through entity imposes on the subrecipient in order for the pass-through entity to meet its own responsibility to the Federal awarding agency including identification of any required financial and performance reports; (4) (i) An approved federally recognized indirect cost rate negotiated between the subrecipient and the Federal Government. If no approved rate exists, the passthrough entity must determine the appropriate rate in collaboration with the subrecipient, which is either: (A) The negotiated indirect cost rate between the pass-through entity and the subrecipient; which can be based on a prior negotiated rate between a different PTE and the same subrecipient. If basing the rate on a previously negotiated rate, the pass-through entity is not required to collect information justifying this rate, but may elect to do so; (B) The de minimis indirect cost rate. INDIANA STATE BOARD OF ACCOUNTS 23 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (ii) The pass-through entity must not require use of a de minimis indirect cost rate if the subrecipient has a Federally approved rate. Subrecipients can elect to use the cost allocation method to account for indirect costs in accordance with § 200.405(d). (5) A requirement that the subrecipient permit the pass-through entity and auditors to have access to the subrecipient's records and financial statements as necessary for the pass-through entity to meet the requirements of this part; and (6) Appropriate terms and conditions concerning closeout of the subaward. (b) Evaluate each subrecipient's risk of noncompliance with Federal statues, regulations, and the terms and conditions of the subaward for purposes of determined the appropriate subrecipient monitoring . . . (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. . . ." Cause The system of internal controls as established by the management of the County was not properly designed nor implemented. The County was unable to provide documentation that monitoring procedures were in place over subrecipients. Effect Without the proper implementation of an effectively designed system of internal controls, the County cannot be sure subrecipients are provided an adequate subaward agreement, with all required elements and are adequately monitored. As such, subaward agreements entered into by the County did not include all the required elements. In addition, the County did not properly monitor the non-profit to ensure proper spending of the federal funds. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the County. INDIANA STATE BOARD OF ACCOUNTS 24 BOONE COUNTY SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the County design and implement a proper system of internal controls and develop policies and procedures to ensure subrecipients are provided with an adequate subaward agreement and monitored as appropriate. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2023-001 - Internal Controls over Subrecipient Monitoring (SD, NC) Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds Federal Catalog Number: 21.027 Federal Agency: U.S. Department of Treasury Category of Finding: Subrecipient Monitoring Criteria: Pursuant to the Office of Management and Budget (OMB) 2 CFR Part 200, Appendix XI, Compliance Supplement May 2023, sections 3-M-1 and 3-M-2: A recipient must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. Reviewing financial and programmatic (performance and special reports) required by the PTE. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. 3. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Condition: While the Society currently has policies and procedures for monitoring subrecipients, it does not have a policy specifically relating to subaward agreements between the Society and its subrecipients that is compliant with applicable Federal statutes per 2 CFR part 200, Appendix XI, Compliance Supplement May 2023, sections 3-M-1 and 3-M-2. No formal subaward agreement was drafted by the Society and its subrecipient. Cause: Lack of formal policies specifically addressing federal requirements for subaward agreements. Effect or Potential Effect: Although the Society has existing policies and procedures for monitoring, the absence of a formal subaward agreement compliant with federal regulations may potentially result in the Society sending funds to subrecipients for activities and services that are nonconforming to allowed costs under the Uniform Guidance. Questioned Cost: None Context: During the audit, we did not receive a copy of the subaward between the Society and its subrecipient. Repeat of a Prior-Year Finding: No.
Criteria: 2 CFR 200.332 notes, “All pass-through entities must… (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Condition: The Organization noted they do not request and review audited financial statements for all subrecipients. Questioned Costs: N/A Cause and Effect: Without reviewing audited financial statements, subrecipients may have deficiencies in internal control or compliance which could lead to future unallowable expenditures to be incurred. Recommendation: We recommend ACT evaluates policies and procedures to ensure appropriate monitoring is performed over all subrecipients and reviews audited financial statements for those subrecipients that are required to have an audit performed. Views of Responsible Officials and Planned Corrective Actions: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.
Criteria: 2 CFR 200.332 notes, “All pass-through entities must… (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Condition: The Organization noted they do not request and review audited financial statements for all subrecipients. Questioned Costs: N/A Cause and Effect: Without reviewing audited financial statements, subrecipients may have deficiencies in internal control or compliance which could lead to future unallowable expenditures to be incurred. Recommendation: We recommend ACT evaluates policies and procedures to ensure appropriate monitoring is performed over all subrecipients and reviews audited financial statements for those subrecipients that are required to have an audit performed. Views of Responsible Officials and Planned Corrective Actions: Management agrees with this Single Audit Finding and response is included in the Corrective Action Plan.