Reference Number: 2023-003 Prior Year Finding: No Federal Agency: U.S. Department of Treasury Federal Program: COVID-19 – Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Award Number and Year: ARP17SL1 (5/23/2021 - 12/31/2026) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance (Modified Opinion) Criteria or specific requirement: Compliance: 2 CFR §200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per section 200.414. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters. (2) Performing on-site reviews of the subrecipient's program operations. (3) Arranging for agreed-upon-procedures engagements as described in § 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Prince George’s County (the County) was unable to provide support that subawards it issued contained all required federal information nor that it properly monitored its subrecipients. Context: Five subrecipients were selected for testing, and the following exceptions were noted: • For one of five subrecipients, the County did not have a subaward agreement in place with the subrecipient. As such, all required information was not furnished to the subrecipient. • Five of five subaward agreements were missing the following required information: o Federal Award Identification Number (FAIN) • For two of five subrecipients, the County was unable to provide support that it conducted during the award monitoring. • For one of five subrecipients, the County was unable to provide support that it had verified that the subrecipients were audited as required by Subpart F. Questioned costs: Undetermined. Cause: The County did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis. Recommendation: The County should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed. Views of responsible officials: The Office of Community Relations (OCR) is reviewing and working to enhance internal controls and procedures to ensure all required information is included in the subaward, that proper subrecipient monitoring is conducted, and the evaluation of independent audits are performed. OCR is working with the subrecipient to gather payroll receipts and proof of the disbursement of funds to grantees selected through the RFPs managed by the subrecipient.
Reference Number: 2023-003 Prior Year Finding: No Federal Agency: U.S. Department of Treasury Federal Program: COVID-19 – Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Award Number and Year: ARP17SL1 (5/23/2021 - 12/31/2026) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance (Modified Opinion) Criteria or specific requirement: Compliance: 2 CFR §200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per section 200.414. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters. (2) Performing on-site reviews of the subrecipient's program operations. (3) Arranging for agreed-upon-procedures engagements as described in § 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Prince George’s County (the County) was unable to provide support that subawards it issued contained all required federal information nor that it properly monitored its subrecipients. Context: Five subrecipients were selected for testing, and the following exceptions were noted: • For one of five subrecipients, the County did not have a subaward agreement in place with the subrecipient. As such, all required information was not furnished to the subrecipient. • Five of five subaward agreements were missing the following required information: o Federal Award Identification Number (FAIN) • For two of five subrecipients, the County was unable to provide support that it conducted during the award monitoring. • For one of five subrecipients, the County was unable to provide support that it had verified that the subrecipients were audited as required by Subpart F. Questioned costs: Undetermined. Cause: The County did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis. Recommendation: The County should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed. Views of responsible officials: The Office of Community Relations (OCR) is reviewing and working to enhance internal controls and procedures to ensure all required information is included in the subaward, that proper subrecipient monitoring is conducted, and the evaluation of independent audits are performed. OCR is working with the subrecipient to gather payroll receipts and proof of the disbursement of funds to grantees selected through the RFPs managed by the subrecipient.
Reference Number: 2023-003 Prior Year Finding: No Federal Agency: U.S. Department of Treasury Federal Program: COVID-19 – Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Award Number and Year: ARP17SL1 (5/23/2021 - 12/31/2026) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance (Modified Opinion) Criteria or specific requirement: Compliance: 2 CFR §200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per section 200.414. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters. (2) Performing on-site reviews of the subrecipient's program operations. (3) Arranging for agreed-upon-procedures engagements as described in § 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Prince George’s County (the County) was unable to provide support that subawards it issued contained all required federal information nor that it properly monitored its subrecipients. Context: Five subrecipients were selected for testing, and the following exceptions were noted: • For one of five subrecipients, the County did not have a subaward agreement in place with the subrecipient. As such, all required information was not furnished to the subrecipient. • Five of five subaward agreements were missing the following required information: o Federal Award Identification Number (FAIN) • For two of five subrecipients, the County was unable to provide support that it conducted during the award monitoring. • For one of five subrecipients, the County was unable to provide support that it had verified that the subrecipients were audited as required by Subpart F. Questioned costs: Undetermined. Cause: The County did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis. Recommendation: The County should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed. Views of responsible officials: The Office of Community Relations (OCR) is reviewing and working to enhance internal controls and procedures to ensure all required information is included in the subaward, that proper subrecipient monitoring is conducted, and the evaluation of independent audits are performed. OCR is working with the subrecipient to gather payroll receipts and proof of the disbursement of funds to grantees selected through the RFPs managed by the subrecipient.
Reference Number: 2023-015 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Health Federal Program: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), COVID-19 - Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) Assistance Listing Number: 93.323 Award Number and Year: 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525-02-03 (8/1/2020 - 7/31/2024), 5NU50CK000525-03-00 (8/1/2019 – 7/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332 also states that pass-through entities must: (d) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: 1) The subrecipient's prior experience with the same or similar subawards; 2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; 3) Whether the subrecipient has new personnel or new or substantially changed systems; 4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (e) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. Section III – Federal Award Findings and Questioned Costs (Continued) (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501 Audit requirements. Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Documentation of subaward agreements and monitoring activities was not maintained and was not available for audit. Context: The Department of Health (DOH) is the primary recipient of program funding and, therefore, has overall responsibility for activities funded by the program. DOH entered into an agreement with the Department of Education (DOE) to issue subawards to public and non-public schools on their behalf. Six of twenty-six subrecipients selected for testing received subawards issued by DOE. DOE was unable to provide copies of subaward agreements or documentation that subrecipient monitoring activities had been performed. Therefore, auditors were unable to verify compliance with Federal requirements for these subawards. Questioned costs: Undetermined. Cause: The agreement between DOH and DOE did not clearly state DOE’s responsibilities for subaward issuance and monitoring. As a result, DOE did not maintain copies of subaward agreements, nor was it able to provide documentation that it had performed risk assessments or monitoring activities for these subrecipients. In its oversight role, DOH did not review documentation maintained by DOE to ensure compliance with Federal subrecipient monitoring requirements. Effect: Auditors were unable to verify that subawards were issued in accordance with Federal requirements, that the subrecipients were eligible to receive program funding, nor that the subrecipients had been adequately monitored. Section III – Federal Award Findings and Questioned Costs (Continued) Recommendation: DOH should review and enhance internal controls and procedures regarding agreements with other State departments to issue subawards on its behalf. Agreements should clearly define the responsibilities of other departments to ensure compliance with all Federal requirements. DOH should also periodically review the documentation maintained by other departments that issue subawards on its behalf to ensure it is adequate and is available for audit. DOE should review and enhance internal controls and procedures to ensure that it maintains copies of all subaward agreements, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed for all subrecipients. Documentation of subrecipient monitoring activities should be readily available for audit. Views of responsible officials: The Department of Health (DOH) will enhance its internal controls and procedures, regarding federal subawards issued by other New Jersey State departments and agencies on behalf of DOH. The Department’s Memorandum of Agreement (MOA) and Memorandum of Understanding (MOU) documents will be updated and enhanced to list and define the specific responsibilities and requirements of other departments and pass-through entities more clearly when issuing subawards with federal funding derived from DOH. If necessary, the updated MOA/MOU documents may also include an Exhibit specific to Subrecipient Monitoring, containing the federal Uniform Guidance compliance requirements including mandatory reporting of subgrantee performance indicators and listing records retention requirements for all documentation of monitored subrecipient activities.
Reference Number: 2023-015 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Health Federal Program: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), COVID-19 - Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) Assistance Listing Number: 93.323 Award Number and Year: 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525-02-03 (8/1/2020 - 7/31/2024), 5NU50CK000525-03-00 (8/1/2019 – 7/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332 also states that pass-through entities must: (d) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: 1) The subrecipient's prior experience with the same or similar subawards; 2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; 3) Whether the subrecipient has new personnel or new or substantially changed systems; 4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (e) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. Section III – Federal Award Findings and Questioned Costs (Continued) (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501 Audit requirements. Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Documentation of subaward agreements and monitoring activities was not maintained and was not available for audit. Context: The Department of Health (DOH) is the primary recipient of program funding and, therefore, has overall responsibility for activities funded by the program. DOH entered into an agreement with the Department of Education (DOE) to issue subawards to public and non-public schools on their behalf. Six of twenty-six subrecipients selected for testing received subawards issued by DOE. DOE was unable to provide copies of subaward agreements or documentation that subrecipient monitoring activities had been performed. Therefore, auditors were unable to verify compliance with Federal requirements for these subawards. Questioned costs: Undetermined. Cause: The agreement between DOH and DOE did not clearly state DOE’s responsibilities for subaward issuance and monitoring. As a result, DOE did not maintain copies of subaward agreements, nor was it able to provide documentation that it had performed risk assessments or monitoring activities for these subrecipients. In its oversight role, DOH did not review documentation maintained by DOE to ensure compliance with Federal subrecipient monitoring requirements. Effect: Auditors were unable to verify that subawards were issued in accordance with Federal requirements, that the subrecipients were eligible to receive program funding, nor that the subrecipients had been adequately monitored. Section III – Federal Award Findings and Questioned Costs (Continued) Recommendation: DOH should review and enhance internal controls and procedures regarding agreements with other State departments to issue subawards on its behalf. Agreements should clearly define the responsibilities of other departments to ensure compliance with all Federal requirements. DOH should also periodically review the documentation maintained by other departments that issue subawards on its behalf to ensure it is adequate and is available for audit. DOE should review and enhance internal controls and procedures to ensure that it maintains copies of all subaward agreements, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed for all subrecipients. Documentation of subrecipient monitoring activities should be readily available for audit. Views of responsible officials: The Department of Health (DOH) will enhance its internal controls and procedures, regarding federal subawards issued by other New Jersey State departments and agencies on behalf of DOH. The Department’s Memorandum of Agreement (MOA) and Memorandum of Understanding (MOU) documents will be updated and enhanced to list and define the specific responsibilities and requirements of other departments and pass-through entities more clearly when issuing subawards with federal funding derived from DOH. If necessary, the updated MOA/MOU documents may also include an Exhibit specific to Subrecipient Monitoring, containing the federal Uniform Guidance compliance requirements including mandatory reporting of subgrantee performance indicators and listing records retention requirements for all documentation of monitored subrecipient activities.
Reference Number: 2023-021 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Human Services Federal Program: CCDF Cluster, COVID-19 – CCDF Cluster Assistance Listing Number: 93.575, 93.596 Award Number and Year: 2301NJCCDD (10/1/2022 – 9/30/2025) 2301NJCCDF (10/1/2022 – 9/30/2025) 2201NJCCDF (10/1/2021 – 9/30/2024) 2201NJCCDD (10/1/2021 – 9/30/2024) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2019 – 9/30/2022) 2001NJCCDF (10/1/2019 – 9/30/2022) 2101NJCSC6 (10/1/2020 – 9/30/2023) 2101NJCDC6 (10/1/2020 – 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332(d) states that pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (4) Reviewing financial and performance reports required by the pass-through entity. (5) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (6) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Section III – Federal Award Findings and Questioned Costs (Continued) Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Human Services (Department) did not comply with subrecipient monitoring requirements for the program. Context: Eight subawards were selected for testing and the following exceptions were noted: • For 2 of 8 subawards selected for testing, the subaward did not include all required Federal Award information. The subawards were missing the Federal Award Date of award to the recipient by the Federal agency. • For 1 of 8 subawards selected for testing, the Department did not conduct an annual desk review for the award as required by the Department’s procedures. Questioned costs: None noted. Cause: The Department’s procedures were not effective to ensure that subawards were issued in compliance with Federal requirements, nor that subrecipient monitoring was performed timely in accordance with Departmental procedures. Internal controls did not prevent or detect the errors. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in subaward agreements and that proper subrecipient monitoring is performed. Section III – Federal Award Findings and Questioned Costs (Continued) Views of responsible officials: In accordance with the audit finding recommendation, the Department of Human Services’ Division of Family Development (DFD) will ensure that the applicable federal award date will be included with the contract award information as required by Uniform Guidance pass-through entity requirements. Subrecipient monitoring was performed in a timely manner in compliance with DHS Contract Policy with the exception of one subrecipient, NJSACC. NJSACC’s fiscal review documents are due back to DFD on April 15, 2024. Once received, DFD will schedule a fiscal review meeting with the agency and the entire process should be completed within one (1) month of receipt. In addition, DFD will review the current policy for clarity, reasonableness, and to ensure compliance.
Reference Number: 2023-021 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Human Services Federal Program: CCDF Cluster, COVID-19 – CCDF Cluster Assistance Listing Number: 93.575, 93.596 Award Number and Year: 2301NJCCDD (10/1/2022 – 9/30/2025) 2301NJCCDF (10/1/2022 – 9/30/2025) 2201NJCCDF (10/1/2021 – 9/30/2024) 2201NJCCDD (10/1/2021 – 9/30/2024) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2019 – 9/30/2022) 2001NJCCDF (10/1/2019 – 9/30/2022) 2101NJCSC6 (10/1/2020 – 9/30/2023) 2101NJCDC6 (10/1/2020 – 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332(d) states that pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (4) Reviewing financial and performance reports required by the pass-through entity. (5) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (6) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Section III – Federal Award Findings and Questioned Costs (Continued) Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Human Services (Department) did not comply with subrecipient monitoring requirements for the program. Context: Eight subawards were selected for testing and the following exceptions were noted: • For 2 of 8 subawards selected for testing, the subaward did not include all required Federal Award information. The subawards were missing the Federal Award Date of award to the recipient by the Federal agency. • For 1 of 8 subawards selected for testing, the Department did not conduct an annual desk review for the award as required by the Department’s procedures. Questioned costs: None noted. Cause: The Department’s procedures were not effective to ensure that subawards were issued in compliance with Federal requirements, nor that subrecipient monitoring was performed timely in accordance with Departmental procedures. Internal controls did not prevent or detect the errors. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in subaward agreements and that proper subrecipient monitoring is performed. Section III – Federal Award Findings and Questioned Costs (Continued) Views of responsible officials: In accordance with the audit finding recommendation, the Department of Human Services’ Division of Family Development (DFD) will ensure that the applicable federal award date will be included with the contract award information as required by Uniform Guidance pass-through entity requirements. Subrecipient monitoring was performed in a timely manner in compliance with DHS Contract Policy with the exception of one subrecipient, NJSACC. NJSACC’s fiscal review documents are due back to DFD on April 15, 2024. Once received, DFD will schedule a fiscal review meeting with the agency and the entire process should be completed within one (1) month of receipt. In addition, DFD will review the current policy for clarity, reasonableness, and to ensure compliance.
Reference Number: 2023-021 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Human Services Federal Program: CCDF Cluster, COVID-19 – CCDF Cluster Assistance Listing Number: 93.575, 93.596 Award Number and Year: 2301NJCCDD (10/1/2022 – 9/30/2025) 2301NJCCDF (10/1/2022 – 9/30/2025) 2201NJCCDF (10/1/2021 – 9/30/2024) 2201NJCCDD (10/1/2021 – 9/30/2024) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2019 – 9/30/2022) 2001NJCCDF (10/1/2019 – 9/30/2022) 2101NJCSC6 (10/1/2020 – 9/30/2023) 2101NJCDC6 (10/1/2020 – 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332(d) states that pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (4) Reviewing financial and performance reports required by the pass-through entity. (5) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (6) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Section III – Federal Award Findings and Questioned Costs (Continued) Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Human Services (Department) did not comply with subrecipient monitoring requirements for the program. Context: Eight subawards were selected for testing and the following exceptions were noted: • For 2 of 8 subawards selected for testing, the subaward did not include all required Federal Award information. The subawards were missing the Federal Award Date of award to the recipient by the Federal agency. • For 1 of 8 subawards selected for testing, the Department did not conduct an annual desk review for the award as required by the Department’s procedures. Questioned costs: None noted. Cause: The Department’s procedures were not effective to ensure that subawards were issued in compliance with Federal requirements, nor that subrecipient monitoring was performed timely in accordance with Departmental procedures. Internal controls did not prevent or detect the errors. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in subaward agreements and that proper subrecipient monitoring is performed. Section III – Federal Award Findings and Questioned Costs (Continued) Views of responsible officials: In accordance with the audit finding recommendation, the Department of Human Services’ Division of Family Development (DFD) will ensure that the applicable federal award date will be included with the contract award information as required by Uniform Guidance pass-through entity requirements. Subrecipient monitoring was performed in a timely manner in compliance with DHS Contract Policy with the exception of one subrecipient, NJSACC. NJSACC’s fiscal review documents are due back to DFD on April 15, 2024. Once received, DFD will schedule a fiscal review meeting with the agency and the entire process should be completed within one (1) month of receipt. In addition, DFD will review the current policy for clarity, reasonableness, and to ensure compliance.
Federal Awarding Agency: USDOT Impact: Significant Deficiency, Noncompliance AL Number and Title: 20.509 FGRA Federal Award Number: AK-2022-027 Applicable Compliance Requirement: Subrecipient Monitoring Condition: DOTPF management did not issue a management decision for the one single audit finding requiring follow-up in FY 23 within six months as required by federal law. Context: Under federal regulations, pass-through entities are responsible for issuing a management decision for audit findings relating to federal awards provided to subrecipients. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the adequacy of the subrecipient’s proposed corrective actions to address the finding. If the subrecipient has not completed corrective action, a timetable for follow-up should be given. Cause: DOTPF has no procedures to ensure a management decision is issued in a timely manner for a subrecipient’s single audit finding. DOTPF management believed it was not necessary to track subrecipients that require single audit follow-up as there was only one subrecipient with a finding during FY 23. Criteria: Title 2 CFR 200.332(d)(3) states that pass-through entities’ monitoring of subrecipients must include issuing a management decision for audit findings that relate to the federal award provided to the subrecipient from the pass-through entity. Title 2 CFR 200.521(d) states a management decision must be issued within six months of acceptance of the audit report by the federal audit clearinghouse. Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Effect: Untimely management decisions may result in the subrecipient not taking appropriate corrective action on findings. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements or withholding/terminating funding. Questioned Costs: None Recommendation: DOTPF’s Division of Administrative Services (DAS) director should develop and implement procedures to ensure management decisions for all subrecipient single audit findings are issued within six months of the audit report’s acceptance by the federal audit clearinghouse. View of Responsible Officials: Management agrees with this finding.
Federal Awarding Agency: USDOT Impact: Significant Deficiency, Noncompliance AL Number and Title: 20.509 FGRA Federal Award Number: AK-2022-027 Applicable Compliance Requirement: Subrecipient Monitoring Condition: DOTPF management did not issue a management decision for the one single audit finding requiring follow-up in FY 23 within six months as required by federal law. Context: Under federal regulations, pass-through entities are responsible for issuing a management decision for audit findings relating to federal awards provided to subrecipients. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the adequacy of the subrecipient’s proposed corrective actions to address the finding. If the subrecipient has not completed corrective action, a timetable for follow-up should be given. Cause: DOTPF has no procedures to ensure a management decision is issued in a timely manner for a subrecipient’s single audit finding. DOTPF management believed it was not necessary to track subrecipients that require single audit follow-up as there was only one subrecipient with a finding during FY 23. Criteria: Title 2 CFR 200.332(d)(3) states that pass-through entities’ monitoring of subrecipients must include issuing a management decision for audit findings that relate to the federal award provided to the subrecipient from the pass-through entity. Title 2 CFR 200.521(d) states a management decision must be issued within six months of acceptance of the audit report by the federal audit clearinghouse. Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Effect: Untimely management decisions may result in the subrecipient not taking appropriate corrective action on findings. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements or withholding/terminating funding. Questioned Costs: None Recommendation: DOTPF’s Division of Administrative Services (DAS) director should develop and implement procedures to ensure management decisions for all subrecipient single audit findings are issued within six months of the audit report’s acceptance by the federal audit clearinghouse. View of Responsible Officials: Management agrees with this finding.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Reference Number: 2023-012 Prior Year Finding: 2022-013 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster, Employment Service Cluster Assistance Listing Number: 17.258, 17.259, 17.278, 17.207, 17.801 Award Number and Year: AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024), AA-34774-20-55-A-25 (4/1/2020 – 6/30/2023) ES333991955A25 (7/1/2019 – 9/30/2022), ES353492055A25 (7/1/2020 – 9/30/2023), ES367612155A25 (7/1/2021 – 9/30/2024), ES387362255A25 (7/1/2022 – 9/30/2025) DV-35786-21-55-5-25 (10/1/2020 – 12/31/2022), DV-37859-22-55-5-25 (10/1/2021 – 12/31/2023), 23555DV000008 (10/1/2022 – 12/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: Per 2 CFR section 200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Per 2 CFR section 200.331 - Subrecipient and contractor determinations states, in part, that a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued from the programs and did not adequately monitor subrecipients. Context: WIOA Cluster: Six out of eighteen subrecipients were selected for testing. The following exceptions were noted: • For 6 of 6 subawards issued, the Federal Award Identification Number (FAIN) and Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. • For 1 of 6 subrecipients selected for testing, no subaward monitoring was performed during the audit period. • For 1 of 6 subrecipients selected for testing, subaward monitoring was not completed in accordance with the Department’s policy. • For 1 of 6 subrecipients selected for testing, a determination on whether the entity was a subrecipient was unable to be made based on the documentation provided. • One subrecipient was excluded from subrecipient testing based on auditor analysis that the entity did not meet the definition of a subrecipient. The Schedule of Expenditures of Federal Awards was not adjusted to reflect the classification change. Employment Service Cluster: Five out of sixteen subrecipients were selected for testing. The following exceptions were noted: • For 5 of 5 subawards issued, the Federal Award Identification Number (FAIN) and the Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information nor that subrecipient monitoring was completed in accordance with the requirements of the federal programs. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Failure to conduct adequate subrecipient monitoring may result in a failure of the Department to detect that subawards were used for unauthorized purposes, were managed in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. There is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Department personnel on a timely basis. Questioned costs: WIOA Cluster: Undetermined Employment Service Cluster: None Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. We also recommend the Department review and enhance its internal controls and procedures to ensure subrecipient monitoring is performed in compliance with the requirements of the federal programs. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-012 Prior Year Finding: 2022-013 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster, Employment Service Cluster Assistance Listing Number: 17.258, 17.259, 17.278, 17.207, 17.801 Award Number and Year: AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024), AA-34774-20-55-A-25 (4/1/2020 – 6/30/2023) ES333991955A25 (7/1/2019 – 9/30/2022), ES353492055A25 (7/1/2020 – 9/30/2023), ES367612155A25 (7/1/2021 – 9/30/2024), ES387362255A25 (7/1/2022 – 9/30/2025) DV-35786-21-55-5-25 (10/1/2020 – 12/31/2022), DV-37859-22-55-5-25 (10/1/2021 – 12/31/2023), 23555DV000008 (10/1/2022 – 12/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: Per 2 CFR section 200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Per 2 CFR section 200.331 - Subrecipient and contractor determinations states, in part, that a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued from the programs and did not adequately monitor subrecipients. Context: WIOA Cluster: Six out of eighteen subrecipients were selected for testing. The following exceptions were noted: • For 6 of 6 subawards issued, the Federal Award Identification Number (FAIN) and Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. • For 1 of 6 subrecipients selected for testing, no subaward monitoring was performed during the audit period. • For 1 of 6 subrecipients selected for testing, subaward monitoring was not completed in accordance with the Department’s policy. • For 1 of 6 subrecipients selected for testing, a determination on whether the entity was a subrecipient was unable to be made based on the documentation provided. • One subrecipient was excluded from subrecipient testing based on auditor analysis that the entity did not meet the definition of a subrecipient. The Schedule of Expenditures of Federal Awards was not adjusted to reflect the classification change. Employment Service Cluster: Five out of sixteen subrecipients were selected for testing. The following exceptions were noted: • For 5 of 5 subawards issued, the Federal Award Identification Number (FAIN) and the Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information nor that subrecipient monitoring was completed in accordance with the requirements of the federal programs. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Failure to conduct adequate subrecipient monitoring may result in a failure of the Department to detect that subawards were used for unauthorized purposes, were managed in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. There is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Department personnel on a timely basis. Questioned costs: WIOA Cluster: Undetermined Employment Service Cluster: None Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. We also recommend the Department review and enhance its internal controls and procedures to ensure subrecipient monitoring is performed in compliance with the requirements of the federal programs. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-012 Prior Year Finding: 2022-013 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster, Employment Service Cluster Assistance Listing Number: 17.258, 17.259, 17.278, 17.207, 17.801 Award Number and Year: AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024), AA-34774-20-55-A-25 (4/1/2020 – 6/30/2023) ES333991955A25 (7/1/2019 – 9/30/2022), ES353492055A25 (7/1/2020 – 9/30/2023), ES367612155A25 (7/1/2021 – 9/30/2024), ES387362255A25 (7/1/2022 – 9/30/2025) DV-35786-21-55-5-25 (10/1/2020 – 12/31/2022), DV-37859-22-55-5-25 (10/1/2021 – 12/31/2023), 23555DV000008 (10/1/2022 – 12/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: Per 2 CFR section 200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Per 2 CFR section 200.331 - Subrecipient and contractor determinations states, in part, that a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued from the programs and did not adequately monitor subrecipients. Context: WIOA Cluster: Six out of eighteen subrecipients were selected for testing. The following exceptions were noted: • For 6 of 6 subawards issued, the Federal Award Identification Number (FAIN) and Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. • For 1 of 6 subrecipients selected for testing, no subaward monitoring was performed during the audit period. • For 1 of 6 subrecipients selected for testing, subaward monitoring was not completed in accordance with the Department’s policy. • For 1 of 6 subrecipients selected for testing, a determination on whether the entity was a subrecipient was unable to be made based on the documentation provided. • One subrecipient was excluded from subrecipient testing based on auditor analysis that the entity did not meet the definition of a subrecipient. The Schedule of Expenditures of Federal Awards was not adjusted to reflect the classification change. Employment Service Cluster: Five out of sixteen subrecipients were selected for testing. The following exceptions were noted: • For 5 of 5 subawards issued, the Federal Award Identification Number (FAIN) and the Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information nor that subrecipient monitoring was completed in accordance with the requirements of the federal programs. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Failure to conduct adequate subrecipient monitoring may result in a failure of the Department to detect that subawards were used for unauthorized purposes, were managed in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. There is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Department personnel on a timely basis. Questioned costs: WIOA Cluster: Undetermined Employment Service Cluster: None Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. We also recommend the Department review and enhance its internal controls and procedures to ensure subrecipient monitoring is performed in compliance with the requirements of the federal programs. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-012 Prior Year Finding: 2022-013 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster, Employment Service Cluster Assistance Listing Number: 17.258, 17.259, 17.278, 17.207, 17.801 Award Number and Year: AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024), AA-34774-20-55-A-25 (4/1/2020 – 6/30/2023) ES333991955A25 (7/1/2019 – 9/30/2022), ES353492055A25 (7/1/2020 – 9/30/2023), ES367612155A25 (7/1/2021 – 9/30/2024), ES387362255A25 (7/1/2022 – 9/30/2025) DV-35786-21-55-5-25 (10/1/2020 – 12/31/2022), DV-37859-22-55-5-25 (10/1/2021 – 12/31/2023), 23555DV000008 (10/1/2022 – 12/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: Per 2 CFR section 200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Per 2 CFR section 200.331 - Subrecipient and contractor determinations states, in part, that a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued from the programs and did not adequately monitor subrecipients. Context: WIOA Cluster: Six out of eighteen subrecipients were selected for testing. The following exceptions were noted: • For 6 of 6 subawards issued, the Federal Award Identification Number (FAIN) and Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. • For 1 of 6 subrecipients selected for testing, no subaward monitoring was performed during the audit period. • For 1 of 6 subrecipients selected for testing, subaward monitoring was not completed in accordance with the Department’s policy. • For 1 of 6 subrecipients selected for testing, a determination on whether the entity was a subrecipient was unable to be made based on the documentation provided. • One subrecipient was excluded from subrecipient testing based on auditor analysis that the entity did not meet the definition of a subrecipient. The Schedule of Expenditures of Federal Awards was not adjusted to reflect the classification change. Employment Service Cluster: Five out of sixteen subrecipients were selected for testing. The following exceptions were noted: • For 5 of 5 subawards issued, the Federal Award Identification Number (FAIN) and the Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information nor that subrecipient monitoring was completed in accordance with the requirements of the federal programs. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Failure to conduct adequate subrecipient monitoring may result in a failure of the Department to detect that subawards were used for unauthorized purposes, were managed in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. There is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Department personnel on a timely basis. Questioned costs: WIOA Cluster: Undetermined Employment Service Cluster: None Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. We also recommend the Department review and enhance its internal controls and procedures to ensure subrecipient monitoring is performed in compliance with the requirements of the federal programs. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-012 Prior Year Finding: 2022-013 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster, Employment Service Cluster Assistance Listing Number: 17.258, 17.259, 17.278, 17.207, 17.801 Award Number and Year: AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024), AA-34774-20-55-A-25 (4/1/2020 – 6/30/2023) ES333991955A25 (7/1/2019 – 9/30/2022), ES353492055A25 (7/1/2020 – 9/30/2023), ES367612155A25 (7/1/2021 – 9/30/2024), ES387362255A25 (7/1/2022 – 9/30/2025) DV-35786-21-55-5-25 (10/1/2020 – 12/31/2022), DV-37859-22-55-5-25 (10/1/2021 – 12/31/2023), 23555DV000008 (10/1/2022 – 12/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: Per 2 CFR section 200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Per 2 CFR section 200.331 - Subrecipient and contractor determinations states, in part, that a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued from the programs and did not adequately monitor subrecipients. Context: WIOA Cluster: Six out of eighteen subrecipients were selected for testing. The following exceptions were noted: • For 6 of 6 subawards issued, the Federal Award Identification Number (FAIN) and Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. • For 1 of 6 subrecipients selected for testing, no subaward monitoring was performed during the audit period. • For 1 of 6 subrecipients selected for testing, subaward monitoring was not completed in accordance with the Department’s policy. • For 1 of 6 subrecipients selected for testing, a determination on whether the entity was a subrecipient was unable to be made based on the documentation provided. • One subrecipient was excluded from subrecipient testing based on auditor analysis that the entity did not meet the definition of a subrecipient. The Schedule of Expenditures of Federal Awards was not adjusted to reflect the classification change. Employment Service Cluster: Five out of sixteen subrecipients were selected for testing. The following exceptions were noted: • For 5 of 5 subawards issued, the Federal Award Identification Number (FAIN) and the Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information nor that subrecipient monitoring was completed in accordance with the requirements of the federal programs. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Failure to conduct adequate subrecipient monitoring may result in a failure of the Department to detect that subawards were used for unauthorized purposes, were managed in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. There is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Department personnel on a timely basis. Questioned costs: WIOA Cluster: Undetermined Employment Service Cluster: None Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. We also recommend the Department review and enhance its internal controls and procedures to ensure subrecipient monitoring is performed in compliance with the requirements of the federal programs. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-022 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Elders Affairs Federal Program: Aging Cluster Assistance Listing Number: 93.044, 93.045, 93.053 Award Number and Year: 2101MASSC6, 2101MACMC6, 2101MAHDC6 and 2021 (COVID-19) 2001MAHDC3, 2001MASSC3 and 2020 (COVID-19) 2201MAOANS-03 and 2022 2301MAOANS-03 and 2023 2201MAOASS and 2022 2301MAOASS and 2023 2201MAOACM and 2022 2301MAOACM and 2023 2201MAOAHD and 2022 2301MAOAHD and 2023 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Elders Affairs’ (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award dates were not provided to the subrecipients. Context: Seven of the seven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None noted. Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-022 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Elders Affairs Federal Program: Aging Cluster Assistance Listing Number: 93.044, 93.045, 93.053 Award Number and Year: 2101MASSC6, 2101MACMC6, 2101MAHDC6 and 2021 (COVID-19) 2001MAHDC3, 2001MASSC3 and 2020 (COVID-19) 2201MAOANS-03 and 2022 2301MAOANS-03 and 2023 2201MAOASS and 2022 2301MAOASS and 2023 2201MAOACM and 2022 2301MAOACM and 2023 2201MAOAHD and 2022 2301MAOAHD and 2023 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Elders Affairs’ (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award dates were not provided to the subrecipients. Context: Seven of the seven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None noted. Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of Responsible Officials: Management agrees with the finding.