U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
U.S. Department of Transportation, Passed through Nebraska Department of Transportation and Iowa Department of Transportation Highway Planning and Construction Assistance Listing Number 20.205 Subrecipient Monitoring Significant Deficiency in Internal Control over Compliance Criteria: A pass‐through entity (PTE) must: Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). This evaluation of risk may include consideration of such factors as the following: o The subrecipient’s prior experience with the same or similar subawards; o The results of previous audits including whether or not the subrecipient receives single audit in accordance with 2 CFR Part 200, Subpart F, and the extent to which the same or similar subaward has been audited as a major program; o Whether the subrecipient has new personnel or new or substantially changed systems; and o The extent and results of federal awarding agency monitoring (e.g., if the subrecipient also receives federal awards directly from a federal awarding agency). Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: o Reviewing financial and programmatic (performance and special reports) required by the PTE. o Following‐up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on‐site reviews, and other means o Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521.Verify that every subrecipient is audited as required by Uniform Guidance when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Consider whether the results of the subrecipient's audits, on‐site reviews, or other monitoring indicate conditions that necessitate adjustments to the pass‐through entity's own records. Condition: MAPA is the pass‐through entity for several subrecipients. MAPA does not appear to have a formal policy to evaluate each subrecipient’s risk of noncompliance for appropriate subrecipient monitoring. Further, MAPA does not have a formal policy to monitor the activities of the subrecipients to the extent deemed necessary by the federal government, including the verification that subrecipients are audited when they reach Uniform Guidance spending levels and evaluation of those audits. However, the current procedures require a review of the subrecipients’ invoices, including all detailed costs by an appropriate individual at MAPA prior to payment. This process helps reduce risk of inappropriate funding to subrecipients. Cause: MAPA does not appear have formal policies in place for all of the subrecipient monitoring requirements. Effect: MAPA may not have appropriate monitoring levels established for all of its subrecipients and have awareness of where subrecipient deficiencies may exist. Questioned Costs: None reported. Context: We reviewed two of the five subrecipients within this program that did not appear to have any formal risk evaluation and monitoring plan in place. Repeat Finding From Prior Year: No Recommendation: The policy should be updated to include all federal requirements for subrecipient monitoring and updated on a regular basis as those regulations change. Views of Responsible Officials: We agree with the finding.
Cluster name: TRIO Cluster Assistance Listings numbers and names: 84.042 TRIO—Student Support Services 84.047 TRIO—Upward Bound Award numbers and years: P047A171009, September 1, 2017 through August 31, 2022; P047A170820, September 1, 2017 through August 31, 2023; P042A200873, P042A201342, and P042A200859, September 1, 2020 through August 31, 2025; P047A221154 and P047A221160, September 1, 2022 through August 31, 2027 Federal agency: U.S. Department of Education Compliance requirement: Eligibility Questioned costs: $5,612 Condition—We identified 2 issues related to eligibility. First, for 2 of the 3 District colleges that administer the TRIO Cluster, the colleges did not review and approve eligibility determinations for 20 of 60 students we tested.1 Specifically, we found that: • For 10 of 28 students tested, GateWay Community College did not independently review and approve its eligibility determinations before awarding students services, contrary to its policies and procedures. • For 10 of 10 students tested, South Mountain Community College did not independently review and approve its eligibility determinations before awarding students services and lacked procedures to do so. Second, contrary to federal regulation, 1 of the 3 District’s colleges that administers the Student Support Services program awarded 6 of 20 students grant aid when the students did not meet eligibility requirements. Specifically, we found that: • For 6 of 20 students it awarded grant aid, GateWay Community College informed us that it incorrectly awarded grant aid totaling $5,612 to these ineligible students because the students did not receive a federal Pell Grant, which is an eligibility criterion to receive grant aid for the Student Support Services program. Effect—Without performing independent reviews and approvals of eligibility determinations that the colleges’ policies and procedures require, GateWay and South Mountain Community Colleges have an increased risk of ineligible students participating in the program. In addition, GateWay Community College could potentially be required to repay to the federal agency the $5,612 of awards it made to ineligible students.2 Cause—GateWay and South Mountain Community Colleges both experienced turnover in key personnel administering the TRIO Cluster. The new personnel at GateWay Community College were not aware of its policies and procedures requiring review and approval of eligibility determinations and grant aid requirements. South Mountain Community College’s policies and procedures did not address review and approval of student records in determining eligibility. Criteria—GateWay Community College’s written policies and procedures require employees to perform an independent review and approval of their student eligibility determinations before awarding students program services (GateWay Community College—TRIO Upward Bound Eligibility Determination and Intake Process). Also, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The District should: 1. Require all the District colleges that administer the TRIO Cluster to follow or update policies and procedures to require an independent and knowledgeable employee to review and approve student eligibility determinations before awarding program services to them. This includes procedures to verify whether students meet all eligibility requirements, including whether they were awarded federal Pell Grants. 2. Train all employees responsible for administering the TRIO programs at the colleges on the District-wide policies and procedures. 3. Work with Gateway Community College and the U.S. Department of Education to resolve the $5,612 in questioned costs. The District’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-105 and was initially reported in fiscal year 2022. 1 For 22 of the 22 students tested for Mesa Community College, we found that the College performed the eligibility determinations in compliance with federal regulations. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521)
Cluster name: TRIO Cluster Assistance Listings numbers and names: 84.042 TRIO—Student Support Services 84.047 TRIO—Upward Bound Award numbers and years: P047A171009, September 1, 2017 through August 31, 2022; P047A170820, September 1, 2017 through August 31, 2023; P042A200873, P042A201342, and P042A200859, September 1, 2020 through August 31, 2025; P047A221154 and P047A221160, September 1, 2022 through August 31, 2027 Federal agency: U.S. Department of Education Compliance requirement: Eligibility Questioned costs: $5,612 Condition—We identified 2 issues related to eligibility. First, for 2 of the 3 District colleges that administer the TRIO Cluster, the colleges did not review and approve eligibility determinations for 20 of 60 students we tested.1 Specifically, we found that: • For 10 of 28 students tested, GateWay Community College did not independently review and approve its eligibility determinations before awarding students services, contrary to its policies and procedures. • For 10 of 10 students tested, South Mountain Community College did not independently review and approve its eligibility determinations before awarding students services and lacked procedures to do so. Second, contrary to federal regulation, 1 of the 3 District’s colleges that administers the Student Support Services program awarded 6 of 20 students grant aid when the students did not meet eligibility requirements. Specifically, we found that: • For 6 of 20 students it awarded grant aid, GateWay Community College informed us that it incorrectly awarded grant aid totaling $5,612 to these ineligible students because the students did not receive a federal Pell Grant, which is an eligibility criterion to receive grant aid for the Student Support Services program. Effect—Without performing independent reviews and approvals of eligibility determinations that the colleges’ policies and procedures require, GateWay and South Mountain Community Colleges have an increased risk of ineligible students participating in the program. In addition, GateWay Community College could potentially be required to repay to the federal agency the $5,612 of awards it made to ineligible students.2 Cause—GateWay and South Mountain Community Colleges both experienced turnover in key personnel administering the TRIO Cluster. The new personnel at GateWay Community College were not aware of its policies and procedures requiring review and approval of eligibility determinations and grant aid requirements. South Mountain Community College’s policies and procedures did not address review and approval of student records in determining eligibility. Criteria—GateWay Community College’s written policies and procedures require employees to perform an independent review and approval of their student eligibility determinations before awarding students program services (GateWay Community College—TRIO Upward Bound Eligibility Determination and Intake Process). Also, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The District should: 1. Require all the District colleges that administer the TRIO Cluster to follow or update policies and procedures to require an independent and knowledgeable employee to review and approve student eligibility determinations before awarding program services to them. This includes procedures to verify whether students meet all eligibility requirements, including whether they were awarded federal Pell Grants. 2. Train all employees responsible for administering the TRIO programs at the colleges on the District-wide policies and procedures. 3. Work with Gateway Community College and the U.S. Department of Education to resolve the $5,612 in questioned costs. The District’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year finding 2022-105 and was initially reported in fiscal year 2022. 1 For 22 of the 22 students tested for Mesa Community College, we found that the College performed the eligibility determinations in compliance with federal regulations. 2 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521)
Finding Reference Number: 2023-005 NH Department of Justice NH Department of Health and Human Services NH Department of Environmental Services NH Department of Business and Economic Affairs COVID-19 Coronavirus State and Local Fiscal Recovery Funds (Assistance Listing #21.027) Federal Award Numbers: SLFRP0145 Federal Award Year: 2021 U.S. Department of Treasury Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-008 Statistically Valid Sample: No Criteria A pass-through entity must: 1. Clearly identify to the subrecipient required award information and applicable requirements described in 2 CFR section 200.332(a); 2. Evaluate each subrecipient’s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 300.332(b)); 3. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorization purposes, complies with the terms and conditions of the subaward 4. Issuing a management decision for audit findings pertaining to federal award provided to the subrecipient from the subrecipient as required by 2 CFR section 200.521. Additionally, per 2 CFR section 200.303, non-federal entities must establish and maintain effective internal control over federal awards that provide reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition As part of the Coronavirus State and Local Fiscal Recovery Funds program, the State of New Hampshire (the State) entered into grant agreements with local entities to support allowable activities under the federal program. During the year ended June 30, 2022, the State passed through $73,337,682 to subrecipients. As part of our testwork over the subrecipient monitoring process, we identified the following breakdown of internal controls: A. As part of our testwork over subrecipient monitoring, we selected a sample of 49 items from the listing of subrecipients provided by the State that reconciled to the amount reported on the Schedule of Expenditures of Federal Awards. Of the 49 items selected for testwork, 6 items were contracts and were not subrecipient agreements. As such, we were unable to determine the completeness and accuracy of the subrecipient population. As a result of our audit, the State identified that this error resulted in the amount reported on the Schedule of Expenditures of Federal Awards as pass-through expenditures to be overstated by $7,261,684. The State has corrected the Schedule of Expenditures of Federal Awards so that the amount reported is accurate. B. The State communicates award information to subrecipients through the approved grant agreement. For 19 of the 43 remaining subrecipients selected for testwork, the State did not communicate all the required award information as outlined in 2 CFR section 200.332. Specifically, the following elements were not communicated: a. Indirect cost rate for federal awards (including if the deminimus rate is charged per 2 CFR section 200.414) was not communicated for 19 of the 43 remaining subrecipients selected for testwork. b. Identification of whether the award is R&D was not communicated for 17 of the remaining 43 subrecipients selected for testwork. C. As part of our testwork over during the award monitoring, it was identified that subrecipient monitoring activities include the review and approval of invoices submitted for reimbursement from the subrecipient. During our testwork over the invoice review we identified the following: a. For 6 of the remaining 43 subrecipients selected for testwork, we were unable to obtain the invoices paid by the State to verify that they were reviewed and approved. While the invoices were not provided to us, we noted that other monitoring procedures were performed for 4 of the 6 subrecipients. b. For 10 of the remaining 43 subrecipients selected for testwork, while we were able to obtain the invoices paid by the State, we were unable to properly identify who the appropriate reviewer was for the invoice to ensure that the individual who approved the invoice had the appropriate knowledge and competency to perform the review process. As a result, we were unable to verify if the invoice was appropriately reviewed. While we were unable to verify this, we noted that other monitoring procedures were performed for 9 of the 10 subrecipients. D. As part of our testwork over during the award monitoring, for 9 of the 43 remaining subrecipients selected for testwork, no documentation was provided to support that during the award monitoring procedures had been performed during the audit period. As such, we could not verify that appropriate monitoring procedures were performed as outlined by the subrecipient’s risk assessment. E. As part of our testwork over the review of Uniform Guidance Reports, we identified the following: a. For 6 of the remaining 43 subrecipients selected for testwork, the State provided the subrecipients Uniform Guidance report, however there was no evidence that the reports were reviewed to determine if a management decision letter needed to be issued. As part of our audit, we reviewed the 6 uniform guidance reports and did not identify any findings that would have required to be followed up on by the State. b. For 7 of the remaining 43 subrecipients selected for testwork, the subrecipient’s uniform guidance report was not provided. We reviewed the FAC to determine if a report was submitted during the audit period and identified that all 7 subrecipients had submitted a uniform guidance report. Of the 7 subrecipients, 1 report contained findings reported within Section III of the report. There was no evidence provided that the State had issued a management decision related to this subrecipient. Cause The cause of the condition found is primarily due to insufficient internal controls and procedures to ensure that award identification information is communicated, that appropriate during the award monitoring is performed based on the risk assessments and that all subrecipients are reviewed to determine if a uniform guidance audit was issued regardless of amount awarded to the subrecipient. Given the nature of this program, several Departments within the State entered into subrecipient grants resulting in a decentralized process. Not all Departments within the State are experienced with subrecipient relationships and may not have had developed policies to comply with subrecipient monitoring requirements. Finally, the State does not have sufficient internal controls in place to properly classify contracts and subrecipient relationships. Effect The effect of the condition found is that the State may not have properly monitored subrecipients in accordance with State policies and federal requirements. In addition, improper identification of contracts and subrecipients could lead to noncompliance with the State’s procurement policy or the proper monitoring of subrecipients. Questioned Costs None. Recommendation We recommend that the State review its existing internal controls, policies, and procedures to ensure that the State complies with the provisions of 2 CFR section 200.332(a), 2 CFR section 200.332(d through (f), and 2 CFR section 200.251. This would include ensuring that: 1. All required award information is communicated to subrecipients; 2. Ensure that appropriate during the award monitoring is performed as outlined within the subrecipient’s risk assessment; and 3. All subrecipients are reviewed regardless of the amount awarded to determine if a uniform guidance report was issued and if a management decision letter should be issued. In addition, the State should continue to review its vendor determination policy to ensure that the policy is consistently applied across all Department’s within the State. View of Responsible Officials: Management concurs with the finding above.
Finding Reference Number: 2023-011 NH Department of Health and Human Services Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (Assistance Listing #93.323) Federal Award Numbers: NUK50CK000522 Federal Award Year: 2019 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-018 Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $5,070,789 of federal funding to subrecipient. As part of our testing related subrecipient monitoring, we noted the following: A. As part of our during the award monitoring testwork, we were unable to obtain documentation to support that that the Department had performed the suggested monitoring procedures for 3 of the 4 subrecipients selected for testwork based upon the subrecipients most recent risk assessment performed. For the remaining 1 subrecipient, the risk assessment form did not indicate the required frequency of the suggested type of monitoring. As a result, we were not able to verify that the Department had performed the appropriate monitoring procedures as outlined by the risk assessment performed for each subrecipient. B. The Department’s during the award monitoring for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. Per review of the risk assessment for each of the 4 subrecipients, the risk assessment did not provide for specific monitoring procedures that would address compliance with the subrecipients grant agreement beyond the period review of expenditure data. Taking into consideration that for each of the 4 subrecipients selected the testwork, if an Uniform Guidance report was issued for the subrecipient, this program was not audited as a major program, it does not appear that either the procedures suggested within the risk assessment or the procedures performed by the Department would be able to identify noncompliance incurred at the subrecipient level. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified the following: • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report. We noted however there were no findings identified within the uniform guidance report that would have required corrective action. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials: Management partially concurs with the finding above. Rejoinder As it relates to Bullet B above, for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. As it relates to Bullet C above, we were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued for 1 of 3 items selected for testwork. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. In addition, for 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report.
Finding Reference Number: 2023-011 NH Department of Health and Human Services Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (Assistance Listing #93.323) Federal Award Numbers: NUK50CK000522 Federal Award Year: 2019 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-018 Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $5,070,789 of federal funding to subrecipient. As part of our testing related subrecipient monitoring, we noted the following: A. As part of our during the award monitoring testwork, we were unable to obtain documentation to support that that the Department had performed the suggested monitoring procedures for 3 of the 4 subrecipients selected for testwork based upon the subrecipients most recent risk assessment performed. For the remaining 1 subrecipient, the risk assessment form did not indicate the required frequency of the suggested type of monitoring. As a result, we were not able to verify that the Department had performed the appropriate monitoring procedures as outlined by the risk assessment performed for each subrecipient. B. The Department’s during the award monitoring for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. Per review of the risk assessment for each of the 4 subrecipients, the risk assessment did not provide for specific monitoring procedures that would address compliance with the subrecipients grant agreement beyond the period review of expenditure data. Taking into consideration that for each of the 4 subrecipients selected the testwork, if an Uniform Guidance report was issued for the subrecipient, this program was not audited as a major program, it does not appear that either the procedures suggested within the risk assessment or the procedures performed by the Department would be able to identify noncompliance incurred at the subrecipient level. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified the following: • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report. We noted however there were no findings identified within the uniform guidance report that would have required corrective action. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials: Management partially concurs with the finding above. Rejoinder As it relates to Bullet B above, for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. As it relates to Bullet C above, we were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued for 1 of 3 items selected for testwork. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. In addition, for 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report.
Finding Reference Number: 2023-015 NH Department of Energy Low Income Home Energy Assistance and COVID-19 Low Income Home Energy Assistance (Assistance Listing #93.568) Federal Award Numbers: 2001NHLEA, 2001NHLIE4, 2001NH5C3, 2101NHLIEA, 2101NHE5C6, 2201NHLIEA, 2101NHLIE4, 2201NHLIEE, 2201NHLIEI, 2301NHLIEA, 2301NHLIEE, 2301NHLIEI Federal Award Year: 2020, 2021, 2022, 2023 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-025 Statistically Valid Sample: No Criteria A pass-through entity must: 1. Clearly identify to the subrecipient required award information and applicable requirements described in 2 CFR section 200.332(a); 2. Evaluate each subrecipient’s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 300.332(b)); 3. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required through the terms and conditions of the award, subaward monitoring must include following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means; and 4. Issuing a management decision for audit findings pertaining to federal award provided to the subrecipient from the subrecipient as required by 2 CFR section 200.521. Additionally, Title 45 U.S. Code of Federal Regulation Part 75 (45 CFR section 75), Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HS Awards, section 75.303(a), Internal Controls, states the non-Federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-Federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition As part of the Low-Income Home Energy Assistance program (LIHEAP), the New Hampshire Department of Energy (the Department) enters into grant agreements with local entities to provide services related to the eligibility determination process for the LIHEAP program (including the calculation of participant benefits) and payment of benefits to fuel providers. During the year ended June 30, 2023, $52,485,098 was passed through to subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following as of the year ending June 30, 2023: A. The Department communicates award information to subrecipients through the approved grant agreement. Per review of the grant agreement, for each of the 3 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332. Specifically, the following elements were not communicated: a. Federal Award Identification Number (FAIN) b. Federal award date c. Indirect cost rate for federal awards (including if the deminimus rate is charged per 2 CFR section 200.414) d. Identification of whether the award is R&D B. For the 1 programmatic monitoring review completed by the Department during the period under audit, the Department did not issue its programmatic monitoring report to the subrecipient timely after the monitoring review was completed. As a result, there was a delay in the subrecipient implementing its corrective action plan to address the findings identified during the programmatic monitoring review. Specifically, we noted the following: a. For the 1 programmatic monitoring review, the monitoring review took place on May 4, 2023, but the report to the subrecipient was not issued until September 23, 2023. Per review of the report that was issued, there were findings identified by the Department that warranted corrective action. Due to the delay in issuing the report, a corrective action plan was not obtained from the subrecipient until almost 5 months after the date of that the monitoring review took place. C. For 3 of 3 subrecipients selected for testwork, the Department did not complete its annual fiscal monitoring review during the audit period as required by their monitoring policy. D. During our testwork over the Department’s review of subrecipient uniform guidance reports, we noted the following: a. The Department does not track the receipt of uniform guidance reports. As a result, we were unable to determine when the uniform guidance reports were received by the Department to ensure they are reviewed timely. Specifically, we noted: i. For all 3 subrecipients selected, the subrecipient’s uniform guidance appeared to have been reviewed, but as the Department does not track the receipt of uniform guidance reports, it was unclear if it was reviewed timely. We did note based on the date that the uniform guidance report was issued, the management decision letter was not issued within 6 months of the date of the report being issued as required by 2 CRF 200.521 (d). ii. For 1 subrecipient in which the UG report had a finding, we were unable to obtain evidence to support that the Department had obtained and reviewed the subrecipient’s uniform guidance report, including management’s response to findings letter as well as the related Corrective Action Plan, as this subrecipient’s uniform guidance report noted a material weakness. E. The Annual Report on Households Assisted by LIHEAP contains data that is specific to benefits paid to eligible participants. The data that is used to compile the annual report is obtained from case data that is reported to the New Hampshire Department of Energy (the Department) from its subrecipients as the Department has entered into grant agreements with third parties who are responsible for the eligibility determination and benefit payment process. As part of our subrecipient monitoring testwork, we were unable to verify that the Department had performed any monitoring procedures over the data provided by each subrecipient to ensure that the data reported within the annual report was complete and accurate. Cause The cause of the condition found was primarily due to insufficient documented subrecipient policies and procedures to ensure that adequate monitoring is performed over subrecipients to align with the risk assessments performed. The monitoring procedures that are in place do not include the completeness and accuracy of the data submitted by the subrecipient utilized to compile federal reports. Further, the Department does not have sufficient internal controls and procedures to ensure results of monitoring visits are performed and results communicated timely to subrecipient or to ensure that subrecipient uniform guidance reports are obtained and reviewed timely. In addition, there are insufficient internal controls in place to review the grant agreements to ensure that all required data elements are communicated to the subrecipient in accordance with 2 CFR section 300.332(b). Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a), section 200.332(b) and 2 CFR section 200.521. Questioned Costs None. Recommendation We recommend that the Department formalize, policies and procedures and implement the necessary internal controls to ensure that the Department complies with the provisions of 2 CFR section 200.332(a), 2 CFR section 200.332(b) and 2 CFR section 200.251. This would include ensuring that: 1. All required award information is communicated to subrecipients; 2. As a result of the risk assessment performed, monitoring activities are performed over subrecipients to ensure compliance with the terms and conditions of its subrecipient grant agreement. The results of all monitoring reviews should be timely communicated in accordance with the Department’s policies to the subrecipient and actions requiring corrective action plan should be followed up on to ensure that the matter is resolved; and 3. Ensure that all uniform guidance reports are collected and reviewed timely so that a management decision letter can be issued within the time period required by federal regulations. Retain evidence of Department review of uniform guidance reports and management letters issued as a result of their review. View of Responsible Officials: Management partially concurs with the finding above Rejoinder As it relates to Bullet C above, for 3 of 3 subrecipients selected for testwork, the Department did not complete its annual fiscal monitoring review during the audit period as required by their monitoring policy
Finding Reference Number: 2023-015 NH Department of Energy Low Income Home Energy Assistance and COVID-19 Low Income Home Energy Assistance (Assistance Listing #93.568) Federal Award Numbers: 2001NHLEA, 2001NHLIE4, 2001NH5C3, 2101NHLIEA, 2101NHE5C6, 2201NHLIEA, 2101NHLIE4, 2201NHLIEE, 2201NHLIEI, 2301NHLIEA, 2301NHLIEE, 2301NHLIEI Federal Award Year: 2020, 2021, 2022, 2023 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-025 Statistically Valid Sample: No Criteria A pass-through entity must: 1. Clearly identify to the subrecipient required award information and applicable requirements described in 2 CFR section 200.332(a); 2. Evaluate each subrecipient’s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 300.332(b)); 3. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required through the terms and conditions of the award, subaward monitoring must include following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means; and 4. Issuing a management decision for audit findings pertaining to federal award provided to the subrecipient from the subrecipient as required by 2 CFR section 200.521. Additionally, Title 45 U.S. Code of Federal Regulation Part 75 (45 CFR section 75), Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HS Awards, section 75.303(a), Internal Controls, states the non-Federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-Federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition As part of the Low-Income Home Energy Assistance program (LIHEAP), the New Hampshire Department of Energy (the Department) enters into grant agreements with local entities to provide services related to the eligibility determination process for the LIHEAP program (including the calculation of participant benefits) and payment of benefits to fuel providers. During the year ended June 30, 2023, $52,485,098 was passed through to subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following as of the year ending June 30, 2023: A. The Department communicates award information to subrecipients through the approved grant agreement. Per review of the grant agreement, for each of the 3 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332. Specifically, the following elements were not communicated: a. Federal Award Identification Number (FAIN) b. Federal award date c. Indirect cost rate for federal awards (including if the deminimus rate is charged per 2 CFR section 200.414) d. Identification of whether the award is R&D B. For the 1 programmatic monitoring review completed by the Department during the period under audit, the Department did not issue its programmatic monitoring report to the subrecipient timely after the monitoring review was completed. As a result, there was a delay in the subrecipient implementing its corrective action plan to address the findings identified during the programmatic monitoring review. Specifically, we noted the following: a. For the 1 programmatic monitoring review, the monitoring review took place on May 4, 2023, but the report to the subrecipient was not issued until September 23, 2023. Per review of the report that was issued, there were findings identified by the Department that warranted corrective action. Due to the delay in issuing the report, a corrective action plan was not obtained from the subrecipient until almost 5 months after the date of that the monitoring review took place. C. For 3 of 3 subrecipients selected for testwork, the Department did not complete its annual fiscal monitoring review during the audit period as required by their monitoring policy. D. During our testwork over the Department’s review of subrecipient uniform guidance reports, we noted the following: a. The Department does not track the receipt of uniform guidance reports. As a result, we were unable to determine when the uniform guidance reports were received by the Department to ensure they are reviewed timely. Specifically, we noted: i. For all 3 subrecipients selected, the subrecipient’s uniform guidance appeared to have been reviewed, but as the Department does not track the receipt of uniform guidance reports, it was unclear if it was reviewed timely. We did note based on the date that the uniform guidance report was issued, the management decision letter was not issued within 6 months of the date of the report being issued as required by 2 CRF 200.521 (d). ii. For 1 subrecipient in which the UG report had a finding, we were unable to obtain evidence to support that the Department had obtained and reviewed the subrecipient’s uniform guidance report, including management’s response to findings letter as well as the related Corrective Action Plan, as this subrecipient’s uniform guidance report noted a material weakness. E. The Annual Report on Households Assisted by LIHEAP contains data that is specific to benefits paid to eligible participants. The data that is used to compile the annual report is obtained from case data that is reported to the New Hampshire Department of Energy (the Department) from its subrecipients as the Department has entered into grant agreements with third parties who are responsible for the eligibility determination and benefit payment process. As part of our subrecipient monitoring testwork, we were unable to verify that the Department had performed any monitoring procedures over the data provided by each subrecipient to ensure that the data reported within the annual report was complete and accurate. Cause The cause of the condition found was primarily due to insufficient documented subrecipient policies and procedures to ensure that adequate monitoring is performed over subrecipients to align with the risk assessments performed. The monitoring procedures that are in place do not include the completeness and accuracy of the data submitted by the subrecipient utilized to compile federal reports. Further, the Department does not have sufficient internal controls and procedures to ensure results of monitoring visits are performed and results communicated timely to subrecipient or to ensure that subrecipient uniform guidance reports are obtained and reviewed timely. In addition, there are insufficient internal controls in place to review the grant agreements to ensure that all required data elements are communicated to the subrecipient in accordance with 2 CFR section 300.332(b). Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a), section 200.332(b) and 2 CFR section 200.521. Questioned Costs None. Recommendation We recommend that the Department formalize, policies and procedures and implement the necessary internal controls to ensure that the Department complies with the provisions of 2 CFR section 200.332(a), 2 CFR section 200.332(b) and 2 CFR section 200.251. This would include ensuring that: 1. All required award information is communicated to subrecipients; 2. As a result of the risk assessment performed, monitoring activities are performed over subrecipients to ensure compliance with the terms and conditions of its subrecipient grant agreement. The results of all monitoring reviews should be timely communicated in accordance with the Department’s policies to the subrecipient and actions requiring corrective action plan should be followed up on to ensure that the matter is resolved; and 3. Ensure that all uniform guidance reports are collected and reviewed timely so that a management decision letter can be issued within the time period required by federal regulations. Retain evidence of Department review of uniform guidance reports and management letters issued as a result of their review. View of Responsible Officials: Management partially concurs with the finding above Rejoinder As it relates to Bullet C above, for 3 of 3 subrecipients selected for testwork, the Department did not complete its annual fiscal monitoring review during the audit period as required by their monitoring policy
Finding Reference Number: 2023-017 NH Department of Health and Human Services Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) and COVID-19 Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) Federal Award Numbers: 1B08Ti084659-01, 1B08TI085821-01 Federal Award Year: 2022, 2023 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $7,720,172 of federal funding to subrecipients. As part of our testing related subrecipient monitoring, we identified the following: A. The Department provided the most recent risk assessment performed for each of the 7 subrecipients selected for testwork. Per review of the risk assessments provided, we identified the following: 1. For 5 of the subrecipients, the risk assessment indicated that the subrecipients expenditure detail should be examined monthly to ensure compliance with contract requirements and applicable laws and rules. We were unable to determine if this procedure had been performed as part of the Department’s subrecipient monitoring process. 2. For the remaining 2 subrecipients the recommended monitoring procedures was left blank on the risk assessment and as such we are unable to verify what type of monitoring procedures should have been performed. B. The Department’s during the award monitoring for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified that for 2 of 7 subrecipients selected for testwork, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department review its existing policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials Management partially concurs with the finding above. Rejoinder As it relates to Bullet A above, we were not able to obtain documentation to support that the suggested procedures outlined within the risk assessment was performed. As it relates to Bullet B above, for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement.
Finding Reference Number: 2023-017 NH Department of Health and Human Services Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) and COVID-19 Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) Federal Award Numbers: 1B08Ti084659-01, 1B08TI085821-01 Federal Award Year: 2022, 2023 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $7,720,172 of federal funding to subrecipients. As part of our testing related subrecipient monitoring, we identified the following: A. The Department provided the most recent risk assessment performed for each of the 7 subrecipients selected for testwork. Per review of the risk assessments provided, we identified the following: 1. For 5 of the subrecipients, the risk assessment indicated that the subrecipients expenditure detail should be examined monthly to ensure compliance with contract requirements and applicable laws and rules. We were unable to determine if this procedure had been performed as part of the Department’s subrecipient monitoring process. 2. For the remaining 2 subrecipients the recommended monitoring procedures was left blank on the risk assessment and as such we are unable to verify what type of monitoring procedures should have been performed. B. The Department’s during the award monitoring for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified that for 2 of 7 subrecipients selected for testwork, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department review its existing policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials Management partially concurs with the finding above. Rejoinder As it relates to Bullet A above, we were not able to obtain documentation to support that the suggested procedures outlined within the risk assessment was performed. As it relates to Bullet B above, for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement.
Finding Reference Number: 2023-023 NH Department of Safety Disaster Grants – Public Assistance (Presidentially Declared Disasters) and COVID-19 Public Assistance (Presidentially Declared Disasters) (Assistance Listing #97.036) Federal Award Numbers: FEMA-4622-DR-NH, FEMA-4624-DR-NH, FEMA-4457-DR-NH, FEMA-4370-DR, FEMA-4693-DR, FEMA-4355-DR, FEMA-4329-DR, FEMA-4516-DR-NH Federal Award Year: July 17-19, 2021, July 29-30, 2021, July 11-12, 2019, March 2-8, 2018, December 22-December 25, 2022, October 29-November 1, 2017, July 1-2, 2017, January 20, 2020 U.S. Department of Homeland Security Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Identify the Award and Applicable Requirements – Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). 2. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 3. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition As part of the Disaster Grants - Public Assistance program (DGPA), the New Hampshire Department of Safety - Homeland Security and Emergency Management (the Department) enters into grant agreements with local municipalities to provide reimbursement for expenditures incurred as a result of New Hampshire declared disasters. During the year ended June 30, 2023, $27,041,873 was passed through to 85 subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following: A. The Department communicates award information to subrecipients through the approved agreement. Per review of the agreement, for each of the 27 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332(a). Specifically, the following elements were not communicated: - Subrecipient unique entity identifier (not communicated for 19/27); - Federal Award Identification Number (FAIN) (not communicated for 27/27); - Identification of whether the award is R&D (not communicated for 27/27); and - Indirect cost rate for the federal award (including if the de minimis rate is charged) (not communicated for 27/27) B. The Department evaluated the subrecipient risk of noncompliance through a risk assessment for each of the 13 subrecipients selected for testwork. However, there was no formal risk assessment policy in place that indicated how frequently risk assessments should be performed. As a result, 5 subrecipients did not have risk assessments performed during the current year for purposes of determining the appropriate subrecipient monitoring response. These prior fiscal year(s) risk assessments were performed as of the following dates: September 2019, October and December 2021, May and June 2022. C. For each of the 13 subrecipients selected for testwork, the Department did not perform any during the award monitoring. D. During our testwork over the Department’s review of subrecipient uniform guidance reports, we noted there were no UG report review policies and procedures in place. For the 13 subrecipients selected for testwork, 6 subrecipients were identified in which the Department did not review the most recent uniform guidance report issued. Specifically, we noted: • For 5 of 13 subrecipients, the subrecipient’s uniform guidance was not reviewed due to updated risk assessments not being performed in the current year (refer to item 2 above) • For 1 of 13 subrecipients, the current year risk assessment was performed prior to the receipt of the subrecipient’s uniform guidance report and management did not go back to review the report Cause The cause of the condition found was primarily due to the Department not performing their sub monitoring internal controls in accordance with written formal policies and procedures. Questioned Costs None. Recommendation We recommend that the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(a-h) and 2 CFR section 200.501(h). View of Responsible Officials: Management concurs with the finding above.
Finding Reference Number: 2023-023 NH Department of Safety Disaster Grants – Public Assistance (Presidentially Declared Disasters) and COVID-19 Public Assistance (Presidentially Declared Disasters) (Assistance Listing #97.036) Federal Award Numbers: FEMA-4622-DR-NH, FEMA-4624-DR-NH, FEMA-4457-DR-NH, FEMA-4370-DR, FEMA-4693-DR, FEMA-4355-DR, FEMA-4329-DR, FEMA-4516-DR-NH Federal Award Year: July 17-19, 2021, July 29-30, 2021, July 11-12, 2019, March 2-8, 2018, December 22-December 25, 2022, October 29-November 1, 2017, July 1-2, 2017, January 20, 2020 U.S. Department of Homeland Security Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Identify the Award and Applicable Requirements – Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). 2. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 3. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition As part of the Disaster Grants - Public Assistance program (DGPA), the New Hampshire Department of Safety - Homeland Security and Emergency Management (the Department) enters into grant agreements with local municipalities to provide reimbursement for expenditures incurred as a result of New Hampshire declared disasters. During the year ended June 30, 2023, $27,041,873 was passed through to 85 subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following: A. The Department communicates award information to subrecipients through the approved agreement. Per review of the agreement, for each of the 27 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332(a). Specifically, the following elements were not communicated: - Subrecipient unique entity identifier (not communicated for 19/27); - Federal Award Identification Number (FAIN) (not communicated for 27/27); - Identification of whether the award is R&D (not communicated for 27/27); and - Indirect cost rate for the federal award (including if the de minimis rate is charged) (not communicated for 27/27) B. The Department evaluated the subrecipient risk of noncompliance through a risk assessment for each of the 13 subrecipients selected for testwork. However, there was no formal risk assessment policy in place that indicated how frequently risk assessments should be performed. As a result, 5 subrecipients did not have risk assessments performed during the current year for purposes of determining the appropriate subrecipient monitoring response. These prior fiscal year(s) risk assessments were performed as of the following dates: September 2019, October and December 2021, May and June 2022. C. For each of the 13 subrecipients selected for testwork, the Department did not perform any during the award monitoring. D. During our testwork over the Department’s review of subrecipient uniform guidance reports, we noted there were no UG report review policies and procedures in place. For the 13 subrecipients selected for testwork, 6 subrecipients were identified in which the Department did not review the most recent uniform guidance report issued. Specifically, we noted: • For 5 of 13 subrecipients, the subrecipient’s uniform guidance was not reviewed due to updated risk assessments not being performed in the current year (refer to item 2 above) • For 1 of 13 subrecipients, the current year risk assessment was performed prior to the receipt of the subrecipient’s uniform guidance report and management did not go back to review the report Cause The cause of the condition found was primarily due to the Department not performing their sub monitoring internal controls in accordance with written formal policies and procedures. Questioned Costs None. Recommendation We recommend that the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(a-h) and 2 CFR section 200.501(h). View of Responsible Officials: Management concurs with the finding above.
Program: Housing Voucher Cluster Federal Financial Assistance Listing No.: 14.871, 14.879 Federal Agency: U.S. Department of Housing and Urban Development Passed-through: n/a – direct award Award Number and Year: CA131, 2022/2023 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria: 2 CFR 200.331(a) establishes the required elements that the pass-through entity (County) must include in their subrecipient agreements. 2 CFR 200.331(b) establishes the requirement that the pass-through entity must evaluate the risk of noncompliance with Federal statutes, regulations, and terms and conditions of the program for each subaward for the purpose of determining the appropriate subrecipient monitoring activities. 2 CFR 200.331(d) and 2 CFR 200.331(e) establishes the requirement that the pass-through entity must monitor the activities of each subrecipient of program funds to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward and achieves performance goals. 2 CFR 200.331(d) requires that the monitoring activities must include: 1) Reviewing of financial and performance reports as required by the pass-through entity. 2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 Management decision. Condition: In 1 out of 1 instance selected, we found that the subrecipient agreement did not contain the federal award identification elements required to be communicated by the County. We found that the County does have documented policies and procedures for the evaluation of the subrecipient’s risk of noncompliance and subrecipient monitoring procedures; however, the risk assessment was performed in November 2022, which was after the agreement was in effect for the fiscal year 2023, and the review of the risk assessment was not documented until March 2023. Based on the County’s policy for monitoring of the subrecipient based on the assessed level of risk, the County was required to obtain and review quarterly reports and perform a site visit. There was no documentation supporting the receipt, review, and results of the review of the quarterly reports. There was also no evidence of the review and communication of the results of the site visit to the subrecipient. Cause: The County was unable to finalize the revised subrecipient agreement prior to fiscal year 2023, the County department adopted the policies and procedures to perform the risk assessment after the beginning of fiscal year 2023, and the subrecipient monitoring policies and procedures do not require the department to document its review and results of monitoring procedures. Effect: The County did not include all the required elements in their subaward, did not perform a risk assessment prior to the fiscal year 2023 subaward, and did not document the results of the monitoring procedures performed over the subaward. Questioned Costs: None reported. Context/Sampling: We selected 100% of the County’s subrecipients of the program. Repeat Finding from Prior Year(s): Yes, prior year finding 2022-003. Recommendation: We recommend that the County continue to strengthen its policies and procedures over subrecipient monitoring to ensure that a risk assessment is completed prior to the start of the annual award and reviewed timely, and strengthen its policies and procedures to ensure that the results of monitoring procedures are documented and review. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
Program: Housing Voucher Cluster Federal Financial Assistance Listing No.: 14.871, 14.879 Federal Agency: U.S. Department of Housing and Urban Development Passed-through: n/a – direct award Award Number and Year: CA131, 2022/2023 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria: 2 CFR 200.331(a) establishes the required elements that the pass-through entity (County) must include in their subrecipient agreements. 2 CFR 200.331(b) establishes the requirement that the pass-through entity must evaluate the risk of noncompliance with Federal statutes, regulations, and terms and conditions of the program for each subaward for the purpose of determining the appropriate subrecipient monitoring activities. 2 CFR 200.331(d) and 2 CFR 200.331(e) establishes the requirement that the pass-through entity must monitor the activities of each subrecipient of program funds to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward and achieves performance goals. 2 CFR 200.331(d) requires that the monitoring activities must include: 1) Reviewing of financial and performance reports as required by the pass-through entity. 2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 Management decision. Condition: In 1 out of 1 instance selected, we found that the subrecipient agreement did not contain the federal award identification elements required to be communicated by the County. We found that the County does have documented policies and procedures for the evaluation of the subrecipient’s risk of noncompliance and subrecipient monitoring procedures; however, the risk assessment was performed in November 2022, which was after the agreement was in effect for the fiscal year 2023, and the review of the risk assessment was not documented until March 2023. Based on the County’s policy for monitoring of the subrecipient based on the assessed level of risk, the County was required to obtain and review quarterly reports and perform a site visit. There was no documentation supporting the receipt, review, and results of the review of the quarterly reports. There was also no evidence of the review and communication of the results of the site visit to the subrecipient. Cause: The County was unable to finalize the revised subrecipient agreement prior to fiscal year 2023, the County department adopted the policies and procedures to perform the risk assessment after the beginning of fiscal year 2023, and the subrecipient monitoring policies and procedures do not require the department to document its review and results of monitoring procedures. Effect: The County did not include all the required elements in their subaward, did not perform a risk assessment prior to the fiscal year 2023 subaward, and did not document the results of the monitoring procedures performed over the subaward. Questioned Costs: None reported. Context/Sampling: We selected 100% of the County’s subrecipients of the program. Repeat Finding from Prior Year(s): Yes, prior year finding 2022-003. Recommendation: We recommend that the County continue to strengthen its policies and procedures over subrecipient monitoring to ensure that a risk assessment is completed prior to the start of the annual award and reviewed timely, and strengthen its policies and procedures to ensure that the results of monitoring procedures are documented and review. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
Program: Highway Planning and Construction Federal Financial Assistance Listing No.: 20.205 Federal Agency: U.S. Department of Transportation Passed-through: California Department of Transportation Award Number and Year: 5923, 2022/2023 Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria: 2 CFR 200.331(a) establishes the required elements that the pass-through entity (County) must include in their subrecipient agreements. 2 CFR 200.331(b) establishes the requirement that the pass-through entity must evaluate the risk of noncompliance with Federal statutes, regulations, and terms and conditions of the program for each subaward for the purpose of determining the appropriate subrecipient monitoring activities. 2 CFR 200.331(d) and 2 CFR 200.331(e) establishes the requirement that the pass-through entity must monitor the activities of each subrecipient of program funds to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward and achieves performance goals. 2 CFR 200.331(d) requires that the monitoring activities must include: 1) Reviewing of financial and performance reports as required by the pass-through entity. 2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. 3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 Management decision. 2 CRF 200.331(f) establishes the requirement for the pass-through entity to verify whether the subrecipient is subject to a single audit when the subrecipient’s expenditures are expected to exceed the threshold set forth in 2 CRF 200.501. Condition: In 1 out of 1 instance selected, we found that the subrecipient agreement did not contain the federal award identification elements required to be communicated by the County, no risk assessment was performed, and no subrecipient monitoring was performed. In this same instance, a documented review of whether the subrecipient was subject to a single audit was also not performed. single audit in the period the expenditures were incurred. Cause: The County improperly identified the subrecipient as a contractor. The County did not perform an evaluation of the agreement to determine whether the vendor was a contractor or a subrecipient. Effect: The County did not comply with the subrecipient monitoring compliance requirements. Questioned Costs: None reported. Context/Sampling: We selected 100% of the County’s subrecipients of the program. Repeat Finding from Prior Year(s): No. Recommendation: We recommend that the County establish procedures to determine whether agreements represent a contractor or a subrecipient arrangement. Views of Responsible Officials: Management agrees with the finding. See separate corrective action plan.
Finding 2023-001: Subrecipient Monitoring – Significant Deficiency U.S. Department of Treasury COVID-19 Emergency Rental Assistance Program, Assistance Listing No. 21.023 Federal Award Year: 2023 Criteria: A pass-through entity must monitor the activities of subrecipients as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: • Reviewing financial and programmatic (performance and special reports) required by the pass-through entity. • Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. • Issuing a management decision for findings pertaining to the federal award provided to the subrecipient from the pass-through entity as required by 2 CFR section 200.521. Condition: The County did not have adequate internal controls in place to obtain and review the detailed records that supported the subrecipient’s quarterly expenditure reports. In addition, the County did not obtain the subrecipient’s audit reports and or issue management’s decisions on any findings that were reported. Cause: Management of the County did not have adequate internal controls in place to meet the compliance requirements of this federal grant program. Effect or potential effect: Inadequate monitoring of subrecipients could result in actions take by the oversight agency which could impact future funding. Questioned costs: None Context: Federal grant award of $6 million was passed through to one subrecipient during the year ending June 30, 2023 under this program. Identification as a repeat finding, if applicable: This is not a repeat finding. Recommendation: We recommend that the County establish controls to ensure that program staff understand and follow necessary requirements for monitoring subrecipients. Views of responsible officials and auditee: Management agrees with the finding.
2023-012 - Inadequate Controls over and Noncompliance with Subrecipient Monitoring Requirements Award Years: 2020 - 2023 Award Numbers: AA347712055A22, AA363222155A22, AA385322255A22 Compliance Requirement: Subrecipient Monitoring Repeat Finding: Yes (Prior Year Finding No. 2022-011) See Schedule of Findings and Questioned Costs for chart/table Condition: For the fifth consecutive year, the Louisiana Workforce Commission (LWC) did not adequately monitor subrecipients under the Workforce Innovation and Opportunity Act (WIOA) Cluster programs. In addition, LWC did not adequately review subrecipient Single Audit reports and issue timely management decisions on findings affecting the WIOA Cluster programs. LWC’s WIOA expenditures during state fiscal year 2023 totaled over $56.5 million with approximately $47.1 million provided to subrecipients. Our review of LWC’s fiscal year 2023 monitoring reports for plan year 2020/fiscal year 2021 disclosed the following for LWC’s 15 subrecipients: • For five monitoring reports, close out letters were issued between 111 and 183 days after report issuance. For four monitoring reports, close out letters were not issued as of January 2024, while the monitoring reports for these reviews were issued more than 195 days prior. One report included a finding with possible questioned costs of $563,649 that is unresolved at the time of our review. Our review of LWC’s review of Single Audit reports disclosed the following for LWC’s 15 subrecipients: • For three Single Audit reports with findings affecting the WIOA cluster of programs, management decision letters were issued 66 to 264 days after the due date set by federal regulations. In addition, for two of the three reports, LWC incorrectly issued management decisions letters noting no WIOA affected findings. Each of the noted reports contained one finding affecting the WIOA Cluster programs. Criteria: 2 CFR 200.332(d) requires that pass-through entities monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. 2 CFR 200.332(d)(2) requires that pass-through entities follow-up and ensure that the subrecipient takes timely and appropriate action on all deficiencies provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient. 2 CFR 200.521(c) requires that pass-through entities issue management decisions for audit findings related to federal awards they make to subrecipients, and 2 CFR 200.521(d) requires that pass-through entities responsible for issuing management decisions issue their management decisions within six months of the acceptance of the audit report by the Federal Audit Clearinghouse. Cause: LWC policy does not specifically address timeliness requirements for close out letters. LWC failed to implement adequate internal controls to ensure that subrecipients’ Single Audit reports are reviewed and required management decision letters are issued by the deadlines established by federal regulations. Effect: Failure to timely resolve documentation and questioned costs impairs LWC’s ability to ensure that program funds passed through to its subrecipients were spent in accordance with program regulations and increases the risk of improper payments to subrecipients, which LWC may have to repay to the federal grantor. These risks are also increased by LWC’s failure to implement adequate internal controls to ensure that subrecipients’ Single Audit reports are reviewed and required management decision letters are issued by the deadlines established by federal regulations. Recommendation: LWC management should develop and implement policy ensuring timely close out of monitoring reviews. LWC should also implement adequate internal controls to ensure that it identifies and follows up on subrecipients’ audit findings as specified and issues required management decision letters by the due date set by federal regulations. Management’s Response and Corrective Action Plan: Management concurred with the finding and provided a corrective action plan (B-46).
2023-012 - Inadequate Controls over and Noncompliance with Subrecipient Monitoring Requirements Award Years: 2020 - 2023 Award Numbers: AA347712055A22, AA363222155A22, AA385322255A22 Compliance Requirement: Subrecipient Monitoring Repeat Finding: Yes (Prior Year Finding No. 2022-011) See Schedule of Findings and Questioned Costs for chart/table Condition: For the fifth consecutive year, the Louisiana Workforce Commission (LWC) did not adequately monitor subrecipients under the Workforce Innovation and Opportunity Act (WIOA) Cluster programs. In addition, LWC did not adequately review subrecipient Single Audit reports and issue timely management decisions on findings affecting the WIOA Cluster programs. LWC’s WIOA expenditures during state fiscal year 2023 totaled over $56.5 million with approximately $47.1 million provided to subrecipients. Our review of LWC’s fiscal year 2023 monitoring reports for plan year 2020/fiscal year 2021 disclosed the following for LWC’s 15 subrecipients: • For five monitoring reports, close out letters were issued between 111 and 183 days after report issuance. For four monitoring reports, close out letters were not issued as of January 2024, while the monitoring reports for these reviews were issued more than 195 days prior. One report included a finding with possible questioned costs of $563,649 that is unresolved at the time of our review. Our review of LWC’s review of Single Audit reports disclosed the following for LWC’s 15 subrecipients: • For three Single Audit reports with findings affecting the WIOA cluster of programs, management decision letters were issued 66 to 264 days after the due date set by federal regulations. In addition, for two of the three reports, LWC incorrectly issued management decisions letters noting no WIOA affected findings. Each of the noted reports contained one finding affecting the WIOA Cluster programs. Criteria: 2 CFR 200.332(d) requires that pass-through entities monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. 2 CFR 200.332(d)(2) requires that pass-through entities follow-up and ensure that the subrecipient takes timely and appropriate action on all deficiencies provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient. 2 CFR 200.521(c) requires that pass-through entities issue management decisions for audit findings related to federal awards they make to subrecipients, and 2 CFR 200.521(d) requires that pass-through entities responsible for issuing management decisions issue their management decisions within six months of the acceptance of the audit report by the Federal Audit Clearinghouse. Cause: LWC policy does not specifically address timeliness requirements for close out letters. LWC failed to implement adequate internal controls to ensure that subrecipients’ Single Audit reports are reviewed and required management decision letters are issued by the deadlines established by federal regulations. Effect: Failure to timely resolve documentation and questioned costs impairs LWC’s ability to ensure that program funds passed through to its subrecipients were spent in accordance with program regulations and increases the risk of improper payments to subrecipients, which LWC may have to repay to the federal grantor. These risks are also increased by LWC’s failure to implement adequate internal controls to ensure that subrecipients’ Single Audit reports are reviewed and required management decision letters are issued by the deadlines established by federal regulations. Recommendation: LWC management should develop and implement policy ensuring timely close out of monitoring reviews. LWC should also implement adequate internal controls to ensure that it identifies and follows up on subrecipients’ audit findings as specified and issues required management decision letters by the due date set by federal regulations. Management’s Response and Corrective Action Plan: Management concurred with the finding and provided a corrective action plan (B-46).
2023-012 - Inadequate Controls over and Noncompliance with Subrecipient Monitoring Requirements Award Years: 2020 - 2023 Award Numbers: AA347712055A22, AA363222155A22, AA385322255A22 Compliance Requirement: Subrecipient Monitoring Repeat Finding: Yes (Prior Year Finding No. 2022-011) See Schedule of Findings and Questioned Costs for chart/table Condition: For the fifth consecutive year, the Louisiana Workforce Commission (LWC) did not adequately monitor subrecipients under the Workforce Innovation and Opportunity Act (WIOA) Cluster programs. In addition, LWC did not adequately review subrecipient Single Audit reports and issue timely management decisions on findings affecting the WIOA Cluster programs. LWC’s WIOA expenditures during state fiscal year 2023 totaled over $56.5 million with approximately $47.1 million provided to subrecipients. Our review of LWC’s fiscal year 2023 monitoring reports for plan year 2020/fiscal year 2021 disclosed the following for LWC’s 15 subrecipients: • For five monitoring reports, close out letters were issued between 111 and 183 days after report issuance. For four monitoring reports, close out letters were not issued as of January 2024, while the monitoring reports for these reviews were issued more than 195 days prior. One report included a finding with possible questioned costs of $563,649 that is unresolved at the time of our review. Our review of LWC’s review of Single Audit reports disclosed the following for LWC’s 15 subrecipients: • For three Single Audit reports with findings affecting the WIOA cluster of programs, management decision letters were issued 66 to 264 days after the due date set by federal regulations. In addition, for two of the three reports, LWC incorrectly issued management decisions letters noting no WIOA affected findings. Each of the noted reports contained one finding affecting the WIOA Cluster programs. Criteria: 2 CFR 200.332(d) requires that pass-through entities monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. 2 CFR 200.332(d)(2) requires that pass-through entities follow-up and ensure that the subrecipient takes timely and appropriate action on all deficiencies provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient. 2 CFR 200.521(c) requires that pass-through entities issue management decisions for audit findings related to federal awards they make to subrecipients, and 2 CFR 200.521(d) requires that pass-through entities responsible for issuing management decisions issue their management decisions within six months of the acceptance of the audit report by the Federal Audit Clearinghouse. Cause: LWC policy does not specifically address timeliness requirements for close out letters. LWC failed to implement adequate internal controls to ensure that subrecipients’ Single Audit reports are reviewed and required management decision letters are issued by the deadlines established by federal regulations. Effect: Failure to timely resolve documentation and questioned costs impairs LWC’s ability to ensure that program funds passed through to its subrecipients were spent in accordance with program regulations and increases the risk of improper payments to subrecipients, which LWC may have to repay to the federal grantor. These risks are also increased by LWC’s failure to implement adequate internal controls to ensure that subrecipients’ Single Audit reports are reviewed and required management decision letters are issued by the deadlines established by federal regulations. Recommendation: LWC management should develop and implement policy ensuring timely close out of monitoring reviews. LWC should also implement adequate internal controls to ensure that it identifies and follows up on subrecipients’ audit findings as specified and issues required management decision letters by the due date set by federal regulations. Management’s Response and Corrective Action Plan: Management concurred with the finding and provided a corrective action plan (B-46).
2023-006 – Subrecipient Monitoring – Internal Control and Compliance over Subrecipient Monitoring (Significant Deficiency) Identification of the Federal Program: Assistance Listing Number: 21.027 Assistance Listing Title: Coronavirus State and Local Fiscal Recovery Funds Federal Agency: Department of Treasury Pass-Through Entity: N/A Federal Award Number and Award Year: N/A Criteria or Specific Requirement (Including Statutory, Regulatory, or Other Citation): C.F.R. § 200.332 prescribes that the pass-through entity must conduct monitoring activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: 1. Reviewing financial and performance reports required by the pass-through entity. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. 3. Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521. 4. The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. Condition: During our audit, we noted that the City did not have established monitoring policies and procedures for its subrecipients to address the compliance requirements. Consequently, no subrecipient monitoring activities were conducted during the year. Cause: The City does not have any written policy and sufficient procedures for subrecipient monitoring activities tailored to address the subrecipient monitoring compliance requirements of the grant. Effect or Potential Effect: The City was not able to do the necessary subrecipient monitoring activities resulted to internal control and compliance requirement finding. Questioned Costs: None. Context: See condition above for context of the finding. Identification as a Repeat Finding, If Applicable: Not applicable. Recommendation: We recommended the City establish a formal policy over review procedures on subrecipient monitoring to ensure the City is in compliance the grant requirement. Views of Responsible Officials: Management concurs the finding.
Reference Number: 2023-015 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Health Federal Program: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), COVID-19 - Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) Assistance Listing Number: 93.323 Award Number and Year: 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525-02-03 (8/1/2020 - 7/31/2024), 5NU50CK000525-03-00 (8/1/2019 – 7/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332 also states that pass-through entities must: (d) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: 1) The subrecipient's prior experience with the same or similar subawards; 2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; 3) Whether the subrecipient has new personnel or new or substantially changed systems; 4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (e) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. Section III – Federal Award Findings and Questioned Costs (Continued) (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501 Audit requirements. Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Documentation of subaward agreements and monitoring activities was not maintained and was not available for audit. Context: The Department of Health (DOH) is the primary recipient of program funding and, therefore, has overall responsibility for activities funded by the program. DOH entered into an agreement with the Department of Education (DOE) to issue subawards to public and non-public schools on their behalf. Six of twenty-six subrecipients selected for testing received subawards issued by DOE. DOE was unable to provide copies of subaward agreements or documentation that subrecipient monitoring activities had been performed. Therefore, auditors were unable to verify compliance with Federal requirements for these subawards. Questioned costs: Undetermined. Cause: The agreement between DOH and DOE did not clearly state DOE’s responsibilities for subaward issuance and monitoring. As a result, DOE did not maintain copies of subaward agreements, nor was it able to provide documentation that it had performed risk assessments or monitoring activities for these subrecipients. In its oversight role, DOH did not review documentation maintained by DOE to ensure compliance with Federal subrecipient monitoring requirements. Effect: Auditors were unable to verify that subawards were issued in accordance with Federal requirements, that the subrecipients were eligible to receive program funding, nor that the subrecipients had been adequately monitored. Section III – Federal Award Findings and Questioned Costs (Continued) Recommendation: DOH should review and enhance internal controls and procedures regarding agreements with other State departments to issue subawards on its behalf. Agreements should clearly define the responsibilities of other departments to ensure compliance with all Federal requirements. DOH should also periodically review the documentation maintained by other departments that issue subawards on its behalf to ensure it is adequate and is available for audit. DOE should review and enhance internal controls and procedures to ensure that it maintains copies of all subaward agreements, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed for all subrecipients. Documentation of subrecipient monitoring activities should be readily available for audit. Views of responsible officials: The Department of Health (DOH) will enhance its internal controls and procedures, regarding federal subawards issued by other New Jersey State departments and agencies on behalf of DOH. The Department’s Memorandum of Agreement (MOA) and Memorandum of Understanding (MOU) documents will be updated and enhanced to list and define the specific responsibilities and requirements of other departments and pass-through entities more clearly when issuing subawards with federal funding derived from DOH. If necessary, the updated MOA/MOU documents may also include an Exhibit specific to Subrecipient Monitoring, containing the federal Uniform Guidance compliance requirements including mandatory reporting of subgrantee performance indicators and listing records retention requirements for all documentation of monitored subrecipient activities.
Reference Number: 2023-015 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Health Federal Program: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), COVID-19 - Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) Assistance Listing Number: 93.323 Award Number and Year: 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525-02-03 (8/1/2020 - 7/31/2024), 5NU50CK000525-03-00 (8/1/2019 – 7/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332 also states that pass-through entities must: (d) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: 1) The subrecipient's prior experience with the same or similar subawards; 2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; 3) Whether the subrecipient has new personnel or new or substantially changed systems; 4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (e) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. Section III – Federal Award Findings and Questioned Costs (Continued) (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501 Audit requirements. Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Documentation of subaward agreements and monitoring activities was not maintained and was not available for audit. Context: The Department of Health (DOH) is the primary recipient of program funding and, therefore, has overall responsibility for activities funded by the program. DOH entered into an agreement with the Department of Education (DOE) to issue subawards to public and non-public schools on their behalf. Six of twenty-six subrecipients selected for testing received subawards issued by DOE. DOE was unable to provide copies of subaward agreements or documentation that subrecipient monitoring activities had been performed. Therefore, auditors were unable to verify compliance with Federal requirements for these subawards. Questioned costs: Undetermined. Cause: The agreement between DOH and DOE did not clearly state DOE’s responsibilities for subaward issuance and monitoring. As a result, DOE did not maintain copies of subaward agreements, nor was it able to provide documentation that it had performed risk assessments or monitoring activities for these subrecipients. In its oversight role, DOH did not review documentation maintained by DOE to ensure compliance with Federal subrecipient monitoring requirements. Effect: Auditors were unable to verify that subawards were issued in accordance with Federal requirements, that the subrecipients were eligible to receive program funding, nor that the subrecipients had been adequately monitored. Section III – Federal Award Findings and Questioned Costs (Continued) Recommendation: DOH should review and enhance internal controls and procedures regarding agreements with other State departments to issue subawards on its behalf. Agreements should clearly define the responsibilities of other departments to ensure compliance with all Federal requirements. DOH should also periodically review the documentation maintained by other departments that issue subawards on its behalf to ensure it is adequate and is available for audit. DOE should review and enhance internal controls and procedures to ensure that it maintains copies of all subaward agreements, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed for all subrecipients. Documentation of subrecipient monitoring activities should be readily available for audit. Views of responsible officials: The Department of Health (DOH) will enhance its internal controls and procedures, regarding federal subawards issued by other New Jersey State departments and agencies on behalf of DOH. The Department’s Memorandum of Agreement (MOA) and Memorandum of Understanding (MOU) documents will be updated and enhanced to list and define the specific responsibilities and requirements of other departments and pass-through entities more clearly when issuing subawards with federal funding derived from DOH. If necessary, the updated MOA/MOU documents may also include an Exhibit specific to Subrecipient Monitoring, containing the federal Uniform Guidance compliance requirements including mandatory reporting of subgrantee performance indicators and listing records retention requirements for all documentation of monitored subrecipient activities.
Reference Number: 2023-021 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Human Services Federal Program: CCDF Cluster, COVID-19 – CCDF Cluster Assistance Listing Number: 93.575, 93.596 Award Number and Year: 2301NJCCDD (10/1/2022 – 9/30/2025) 2301NJCCDF (10/1/2022 – 9/30/2025) 2201NJCCDF (10/1/2021 – 9/30/2024) 2201NJCCDD (10/1/2021 – 9/30/2024) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2019 – 9/30/2022) 2001NJCCDF (10/1/2019 – 9/30/2022) 2101NJCSC6 (10/1/2020 – 9/30/2023) 2101NJCDC6 (10/1/2020 – 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332(d) states that pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (4) Reviewing financial and performance reports required by the pass-through entity. (5) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (6) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Section III – Federal Award Findings and Questioned Costs (Continued) Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Human Services (Department) did not comply with subrecipient monitoring requirements for the program. Context: Eight subawards were selected for testing and the following exceptions were noted: • For 2 of 8 subawards selected for testing, the subaward did not include all required Federal Award information. The subawards were missing the Federal Award Date of award to the recipient by the Federal agency. • For 1 of 8 subawards selected for testing, the Department did not conduct an annual desk review for the award as required by the Department’s procedures. Questioned costs: None noted. Cause: The Department’s procedures were not effective to ensure that subawards were issued in compliance with Federal requirements, nor that subrecipient monitoring was performed timely in accordance with Departmental procedures. Internal controls did not prevent or detect the errors. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in subaward agreements and that proper subrecipient monitoring is performed. Section III – Federal Award Findings and Questioned Costs (Continued) Views of responsible officials: In accordance with the audit finding recommendation, the Department of Human Services’ Division of Family Development (DFD) will ensure that the applicable federal award date will be included with the contract award information as required by Uniform Guidance pass-through entity requirements. Subrecipient monitoring was performed in a timely manner in compliance with DHS Contract Policy with the exception of one subrecipient, NJSACC. NJSACC’s fiscal review documents are due back to DFD on April 15, 2024. Once received, DFD will schedule a fiscal review meeting with the agency and the entire process should be completed within one (1) month of receipt. In addition, DFD will review the current policy for clarity, reasonableness, and to ensure compliance.
Reference Number: 2023-021 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Human Services Federal Program: CCDF Cluster, COVID-19 – CCDF Cluster Assistance Listing Number: 93.575, 93.596 Award Number and Year: 2301NJCCDD (10/1/2022 – 9/30/2025) 2301NJCCDF (10/1/2022 – 9/30/2025) 2201NJCCDF (10/1/2021 – 9/30/2024) 2201NJCCDD (10/1/2021 – 9/30/2024) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2019 – 9/30/2022) 2001NJCCDF (10/1/2019 – 9/30/2022) 2101NJCSC6 (10/1/2020 – 9/30/2023) 2101NJCDC6 (10/1/2020 – 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332(d) states that pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (4) Reviewing financial and performance reports required by the pass-through entity. (5) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (6) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Section III – Federal Award Findings and Questioned Costs (Continued) Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Human Services (Department) did not comply with subrecipient monitoring requirements for the program. Context: Eight subawards were selected for testing and the following exceptions were noted: • For 2 of 8 subawards selected for testing, the subaward did not include all required Federal Award information. The subawards were missing the Federal Award Date of award to the recipient by the Federal agency. • For 1 of 8 subawards selected for testing, the Department did not conduct an annual desk review for the award as required by the Department’s procedures. Questioned costs: None noted. Cause: The Department’s procedures were not effective to ensure that subawards were issued in compliance with Federal requirements, nor that subrecipient monitoring was performed timely in accordance with Departmental procedures. Internal controls did not prevent or detect the errors. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in subaward agreements and that proper subrecipient monitoring is performed. Section III – Federal Award Findings and Questioned Costs (Continued) Views of responsible officials: In accordance with the audit finding recommendation, the Department of Human Services’ Division of Family Development (DFD) will ensure that the applicable federal award date will be included with the contract award information as required by Uniform Guidance pass-through entity requirements. Subrecipient monitoring was performed in a timely manner in compliance with DHS Contract Policy with the exception of one subrecipient, NJSACC. NJSACC’s fiscal review documents are due back to DFD on April 15, 2024. Once received, DFD will schedule a fiscal review meeting with the agency and the entire process should be completed within one (1) month of receipt. In addition, DFD will review the current policy for clarity, reasonableness, and to ensure compliance.
Reference Number: 2023-021 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Human Services Federal Program: CCDF Cluster, COVID-19 – CCDF Cluster Assistance Listing Number: 93.575, 93.596 Award Number and Year: 2301NJCCDD (10/1/2022 – 9/30/2025) 2301NJCCDF (10/1/2022 – 9/30/2025) 2201NJCCDF (10/1/2021 – 9/30/2024) 2201NJCCDD (10/1/2021 – 9/30/2024) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2019 – 9/30/2022) 2001NJCCDF (10/1/2019 – 9/30/2022) 2101NJCSC6 (10/1/2020 – 9/30/2023) 2101NJCDC6 (10/1/2020 – 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332(d) states that pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (4) Reviewing financial and performance reports required by the pass-through entity. (5) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (6) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Section III – Federal Award Findings and Questioned Costs (Continued) Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Human Services (Department) did not comply with subrecipient monitoring requirements for the program. Context: Eight subawards were selected for testing and the following exceptions were noted: • For 2 of 8 subawards selected for testing, the subaward did not include all required Federal Award information. The subawards were missing the Federal Award Date of award to the recipient by the Federal agency. • For 1 of 8 subawards selected for testing, the Department did not conduct an annual desk review for the award as required by the Department’s procedures. Questioned costs: None noted. Cause: The Department’s procedures were not effective to ensure that subawards were issued in compliance with Federal requirements, nor that subrecipient monitoring was performed timely in accordance with Departmental procedures. Internal controls did not prevent or detect the errors. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in subaward agreements and that proper subrecipient monitoring is performed. Section III – Federal Award Findings and Questioned Costs (Continued) Views of responsible officials: In accordance with the audit finding recommendation, the Department of Human Services’ Division of Family Development (DFD) will ensure that the applicable federal award date will be included with the contract award information as required by Uniform Guidance pass-through entity requirements. Subrecipient monitoring was performed in a timely manner in compliance with DHS Contract Policy with the exception of one subrecipient, NJSACC. NJSACC’s fiscal review documents are due back to DFD on April 15, 2024. Once received, DFD will schedule a fiscal review meeting with the agency and the entire process should be completed within one (1) month of receipt. In addition, DFD will review the current policy for clarity, reasonableness, and to ensure compliance.
Criteria: CFR 200.332(d) states: All pass-through entities must… monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particulate subaward. (3) Issuing a management decision for applicable audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by 200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section 200.513(a)(3)(vii). Such reliance does not conform to the agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Condition: The County did not perform subrecipient monitoring of a school district that received the subaward. Cause: The County was not aware of the requirement to monitor the subrecipient. Effect: Unallowed activities could be undertaken or unallowed costs could be claimed under the program. Questioned Costs: None Perspective: Amounts passed through to subrecipients for the year totaled $2,042,606, of which $1,400,000 was passed through to the Sheridan School District which is subject to its own separate audit under the Uniform Guidance. Views of Officials: The County agrees with the findings and will develop a corrective action plan to implement to have all future grant recipients, regardless of whether they are administered by a third party partner or a non-competitive discretionary allocation, be required to register their organization on the County's online portal.
Reference Number: 2023-003 Prior Year Finding: No Federal Agency: U.S. Department of Treasury Federal Program: COVID-19 – Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Award Number and Year: ARP17SL1 (5/23/2021 - 12/31/2026) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance (Modified Opinion) Criteria or specific requirement: Compliance: 2 CFR §200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per section 200.414. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters. (2) Performing on-site reviews of the subrecipient's program operations. (3) Arranging for agreed-upon-procedures engagements as described in § 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Prince George’s County (the County) was unable to provide support that subawards it issued contained all required federal information nor that it properly monitored its subrecipients. Context: Five subrecipients were selected for testing, and the following exceptions were noted: • For one of five subrecipients, the County did not have a subaward agreement in place with the subrecipient. As such, all required information was not furnished to the subrecipient. • Five of five subaward agreements were missing the following required information: o Federal Award Identification Number (FAIN) • For two of five subrecipients, the County was unable to provide support that it conducted during the award monitoring. • For one of five subrecipients, the County was unable to provide support that it had verified that the subrecipients were audited as required by Subpart F. Questioned costs: Undetermined. Cause: The County did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis. Recommendation: The County should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed. Views of responsible officials: The Office of Community Relations (OCR) is reviewing and working to enhance internal controls and procedures to ensure all required information is included in the subaward, that proper subrecipient monitoring is conducted, and the evaluation of independent audits are performed. OCR is working with the subrecipient to gather payroll receipts and proof of the disbursement of funds to grantees selected through the RFPs managed by the subrecipient.
Reference Number: 2023-003 Prior Year Finding: No Federal Agency: U.S. Department of Treasury Federal Program: COVID-19 – Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Award Number and Year: ARP17SL1 (5/23/2021 - 12/31/2026) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance (Modified Opinion) Criteria or specific requirement: Compliance: 2 CFR §200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per section 200.414. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters. (2) Performing on-site reviews of the subrecipient's program operations. (3) Arranging for agreed-upon-procedures engagements as described in § 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Prince George’s County (the County) was unable to provide support that subawards it issued contained all required federal information nor that it properly monitored its subrecipients. Context: Five subrecipients were selected for testing, and the following exceptions were noted: • For one of five subrecipients, the County did not have a subaward agreement in place with the subrecipient. As such, all required information was not furnished to the subrecipient. • Five of five subaward agreements were missing the following required information: o Federal Award Identification Number (FAIN) • For two of five subrecipients, the County was unable to provide support that it conducted during the award monitoring. • For one of five subrecipients, the County was unable to provide support that it had verified that the subrecipients were audited as required by Subpart F. Questioned costs: Undetermined. Cause: The County did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis. Recommendation: The County should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed. Views of responsible officials: The Office of Community Relations (OCR) is reviewing and working to enhance internal controls and procedures to ensure all required information is included in the subaward, that proper subrecipient monitoring is conducted, and the evaluation of independent audits are performed. OCR is working with the subrecipient to gather payroll receipts and proof of the disbursement of funds to grantees selected through the RFPs managed by the subrecipient.
Reference Number: 2023-003 Prior Year Finding: No Federal Agency: U.S. Department of Treasury Federal Program: COVID-19 – Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Award Number and Year: ARP17SL1 (5/23/2021 - 12/31/2026) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance (Modified Opinion) Criteria or specific requirement: Compliance: 2 CFR §200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per section 200.414. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters. (2) Performing on-site reviews of the subrecipient's program operations. (3) Arranging for agreed-upon-procedures engagements as described in § 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Prince George’s County (the County) was unable to provide support that subawards it issued contained all required federal information nor that it properly monitored its subrecipients. Context: Five subrecipients were selected for testing, and the following exceptions were noted: • For one of five subrecipients, the County did not have a subaward agreement in place with the subrecipient. As such, all required information was not furnished to the subrecipient. • Five of five subaward agreements were missing the following required information: o Federal Award Identification Number (FAIN) • For two of five subrecipients, the County was unable to provide support that it conducted during the award monitoring. • For one of five subrecipients, the County was unable to provide support that it had verified that the subrecipients were audited as required by Subpart F. Questioned costs: Undetermined. Cause: The County did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis. Recommendation: The County should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed. Views of responsible officials: The Office of Community Relations (OCR) is reviewing and working to enhance internal controls and procedures to ensure all required information is included in the subaward, that proper subrecipient monitoring is conducted, and the evaluation of independent audits are performed. OCR is working with the subrecipient to gather payroll receipts and proof of the disbursement of funds to grantees selected through the RFPs managed by the subrecipient.
Reference Number: 2023-015 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Health Federal Program: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), COVID-19 - Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) Assistance Listing Number: 93.323 Award Number and Year: 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525-02-03 (8/1/2020 - 7/31/2024), 5NU50CK000525-03-00 (8/1/2019 – 7/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332 also states that pass-through entities must: (d) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: 1) The subrecipient's prior experience with the same or similar subawards; 2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; 3) Whether the subrecipient has new personnel or new or substantially changed systems; 4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (e) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. Section III – Federal Award Findings and Questioned Costs (Continued) (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501 Audit requirements. Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Documentation of subaward agreements and monitoring activities was not maintained and was not available for audit. Context: The Department of Health (DOH) is the primary recipient of program funding and, therefore, has overall responsibility for activities funded by the program. DOH entered into an agreement with the Department of Education (DOE) to issue subawards to public and non-public schools on their behalf. Six of twenty-six subrecipients selected for testing received subawards issued by DOE. DOE was unable to provide copies of subaward agreements or documentation that subrecipient monitoring activities had been performed. Therefore, auditors were unable to verify compliance with Federal requirements for these subawards. Questioned costs: Undetermined. Cause: The agreement between DOH and DOE did not clearly state DOE’s responsibilities for subaward issuance and monitoring. As a result, DOE did not maintain copies of subaward agreements, nor was it able to provide documentation that it had performed risk assessments or monitoring activities for these subrecipients. In its oversight role, DOH did not review documentation maintained by DOE to ensure compliance with Federal subrecipient monitoring requirements. Effect: Auditors were unable to verify that subawards were issued in accordance with Federal requirements, that the subrecipients were eligible to receive program funding, nor that the subrecipients had been adequately monitored. Section III – Federal Award Findings and Questioned Costs (Continued) Recommendation: DOH should review and enhance internal controls and procedures regarding agreements with other State departments to issue subawards on its behalf. Agreements should clearly define the responsibilities of other departments to ensure compliance with all Federal requirements. DOH should also periodically review the documentation maintained by other departments that issue subawards on its behalf to ensure it is adequate and is available for audit. DOE should review and enhance internal controls and procedures to ensure that it maintains copies of all subaward agreements, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed for all subrecipients. Documentation of subrecipient monitoring activities should be readily available for audit. Views of responsible officials: The Department of Health (DOH) will enhance its internal controls and procedures, regarding federal subawards issued by other New Jersey State departments and agencies on behalf of DOH. The Department’s Memorandum of Agreement (MOA) and Memorandum of Understanding (MOU) documents will be updated and enhanced to list and define the specific responsibilities and requirements of other departments and pass-through entities more clearly when issuing subawards with federal funding derived from DOH. If necessary, the updated MOA/MOU documents may also include an Exhibit specific to Subrecipient Monitoring, containing the federal Uniform Guidance compliance requirements including mandatory reporting of subgrantee performance indicators and listing records retention requirements for all documentation of monitored subrecipient activities.
Reference Number: 2023-015 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Health Federal Program: Epidemiology and Laboratory Capacity for Infectious Diseases (ELC), COVID-19 - Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) Assistance Listing Number: 93.323 Award Number and Year: 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525 (8/1/2019 – 7/31/2024), 6NU50CK000525-02-03 (8/1/2020 - 7/31/2024), 5NU50CK000525-03-00 (8/1/2019 – 7/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control over Compliance, Material Noncompliance Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332 also states that pass-through entities must: (d) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: 1) The subrecipient's prior experience with the same or similar subawards; 2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; 3) Whether the subrecipient has new personnel or new or substantially changed systems; 4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (e) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. Section III – Federal Award Findings and Questioned Costs (Continued) (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (f) Verify that every subrecipient is audited as required by Subpart F - Audit Requirements of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501 Audit requirements. Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Documentation of subaward agreements and monitoring activities was not maintained and was not available for audit. Context: The Department of Health (DOH) is the primary recipient of program funding and, therefore, has overall responsibility for activities funded by the program. DOH entered into an agreement with the Department of Education (DOE) to issue subawards to public and non-public schools on their behalf. Six of twenty-six subrecipients selected for testing received subawards issued by DOE. DOE was unable to provide copies of subaward agreements or documentation that subrecipient monitoring activities had been performed. Therefore, auditors were unable to verify compliance with Federal requirements for these subawards. Questioned costs: Undetermined. Cause: The agreement between DOH and DOE did not clearly state DOE’s responsibilities for subaward issuance and monitoring. As a result, DOE did not maintain copies of subaward agreements, nor was it able to provide documentation that it had performed risk assessments or monitoring activities for these subrecipients. In its oversight role, DOH did not review documentation maintained by DOE to ensure compliance with Federal subrecipient monitoring requirements. Effect: Auditors were unable to verify that subawards were issued in accordance with Federal requirements, that the subrecipients were eligible to receive program funding, nor that the subrecipients had been adequately monitored. Section III – Federal Award Findings and Questioned Costs (Continued) Recommendation: DOH should review and enhance internal controls and procedures regarding agreements with other State departments to issue subawards on its behalf. Agreements should clearly define the responsibilities of other departments to ensure compliance with all Federal requirements. DOH should also periodically review the documentation maintained by other departments that issue subawards on its behalf to ensure it is adequate and is available for audit. DOE should review and enhance internal controls and procedures to ensure that it maintains copies of all subaward agreements, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed for all subrecipients. Documentation of subrecipient monitoring activities should be readily available for audit. Views of responsible officials: The Department of Health (DOH) will enhance its internal controls and procedures, regarding federal subawards issued by other New Jersey State departments and agencies on behalf of DOH. The Department’s Memorandum of Agreement (MOA) and Memorandum of Understanding (MOU) documents will be updated and enhanced to list and define the specific responsibilities and requirements of other departments and pass-through entities more clearly when issuing subawards with federal funding derived from DOH. If necessary, the updated MOA/MOU documents may also include an Exhibit specific to Subrecipient Monitoring, containing the federal Uniform Guidance compliance requirements including mandatory reporting of subgrantee performance indicators and listing records retention requirements for all documentation of monitored subrecipient activities.
Reference Number: 2023-021 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Human Services Federal Program: CCDF Cluster, COVID-19 – CCDF Cluster Assistance Listing Number: 93.575, 93.596 Award Number and Year: 2301NJCCDD (10/1/2022 – 9/30/2025) 2301NJCCDF (10/1/2022 – 9/30/2025) 2201NJCCDF (10/1/2021 – 9/30/2024) 2201NJCCDD (10/1/2021 – 9/30/2024) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2019 – 9/30/2022) 2001NJCCDF (10/1/2019 – 9/30/2022) 2101NJCSC6 (10/1/2020 – 9/30/2023) 2101NJCDC6 (10/1/2020 – 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332(d) states that pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (4) Reviewing financial and performance reports required by the pass-through entity. (5) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (6) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Section III – Federal Award Findings and Questioned Costs (Continued) Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Human Services (Department) did not comply with subrecipient monitoring requirements for the program. Context: Eight subawards were selected for testing and the following exceptions were noted: • For 2 of 8 subawards selected for testing, the subaward did not include all required Federal Award information. The subawards were missing the Federal Award Date of award to the recipient by the Federal agency. • For 1 of 8 subawards selected for testing, the Department did not conduct an annual desk review for the award as required by the Department’s procedures. Questioned costs: None noted. Cause: The Department’s procedures were not effective to ensure that subawards were issued in compliance with Federal requirements, nor that subrecipient monitoring was performed timely in accordance with Departmental procedures. Internal controls did not prevent or detect the errors. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in subaward agreements and that proper subrecipient monitoring is performed. Section III – Federal Award Findings and Questioned Costs (Continued) Views of responsible officials: In accordance with the audit finding recommendation, the Department of Human Services’ Division of Family Development (DFD) will ensure that the applicable federal award date will be included with the contract award information as required by Uniform Guidance pass-through entity requirements. Subrecipient monitoring was performed in a timely manner in compliance with DHS Contract Policy with the exception of one subrecipient, NJSACC. NJSACC’s fiscal review documents are due back to DFD on April 15, 2024. Once received, DFD will schedule a fiscal review meeting with the agency and the entire process should be completed within one (1) month of receipt. In addition, DFD will review the current policy for clarity, reasonableness, and to ensure compliance.
Reference Number: 2023-021 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Human Services Federal Program: CCDF Cluster, COVID-19 – CCDF Cluster Assistance Listing Number: 93.575, 93.596 Award Number and Year: 2301NJCCDD (10/1/2022 – 9/30/2025) 2301NJCCDF (10/1/2022 – 9/30/2025) 2201NJCCDF (10/1/2021 – 9/30/2024) 2201NJCCDD (10/1/2021 – 9/30/2024) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2019 – 9/30/2022) 2001NJCCDF (10/1/2019 – 9/30/2022) 2101NJCSC6 (10/1/2020 – 9/30/2023) 2101NJCDC6 (10/1/2020 – 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332(d) states that pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (4) Reviewing financial and performance reports required by the pass-through entity. (5) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (6) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Section III – Federal Award Findings and Questioned Costs (Continued) Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Human Services (Department) did not comply with subrecipient monitoring requirements for the program. Context: Eight subawards were selected for testing and the following exceptions were noted: • For 2 of 8 subawards selected for testing, the subaward did not include all required Federal Award information. The subawards were missing the Federal Award Date of award to the recipient by the Federal agency. • For 1 of 8 subawards selected for testing, the Department did not conduct an annual desk review for the award as required by the Department’s procedures. Questioned costs: None noted. Cause: The Department’s procedures were not effective to ensure that subawards were issued in compliance with Federal requirements, nor that subrecipient monitoring was performed timely in accordance with Departmental procedures. Internal controls did not prevent or detect the errors. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in subaward agreements and that proper subrecipient monitoring is performed. Section III – Federal Award Findings and Questioned Costs (Continued) Views of responsible officials: In accordance with the audit finding recommendation, the Department of Human Services’ Division of Family Development (DFD) will ensure that the applicable federal award date will be included with the contract award information as required by Uniform Guidance pass-through entity requirements. Subrecipient monitoring was performed in a timely manner in compliance with DHS Contract Policy with the exception of one subrecipient, NJSACC. NJSACC’s fiscal review documents are due back to DFD on April 15, 2024. Once received, DFD will schedule a fiscal review meeting with the agency and the entire process should be completed within one (1) month of receipt. In addition, DFD will review the current policy for clarity, reasonableness, and to ensure compliance.
Reference Number: 2023-021 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Human Services Federal Program: CCDF Cluster, COVID-19 – CCDF Cluster Assistance Listing Number: 93.575, 93.596 Award Number and Year: 2301NJCCDD (10/1/2022 – 9/30/2025) 2301NJCCDF (10/1/2022 – 9/30/2025) 2201NJCCDF (10/1/2021 – 9/30/2024) 2201NJCCDD (10/1/2021 – 9/30/2024) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2020 – 9/30/2023) 2101NJCCDF (10/1/2019 – 9/30/2022) 2001NJCCDF (10/1/2019 – 9/30/2022) 2101NJCSC6 (10/1/2020 – 9/30/2023) 2101NJCDC6 (10/1/2020 – 9/30/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance – Per 2 CFR section 200.332(a), all pass-through entities must ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. 2 CFR section 200.332(d) states that pass-through entities must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (4) Reviewing financial and performance reports required by the pass-through entity. (5) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (6) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Section III – Federal Award Findings and Questioned Costs (Continued) Control – Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Human Services (Department) did not comply with subrecipient monitoring requirements for the program. Context: Eight subawards were selected for testing and the following exceptions were noted: • For 2 of 8 subawards selected for testing, the subaward did not include all required Federal Award information. The subawards were missing the Federal Award Date of award to the recipient by the Federal agency. • For 1 of 8 subawards selected for testing, the Department did not conduct an annual desk review for the award as required by the Department’s procedures. Questioned costs: None noted. Cause: The Department’s procedures were not effective to ensure that subawards were issued in compliance with Federal requirements, nor that subrecipient monitoring was performed timely in accordance with Departmental procedures. Internal controls did not prevent or detect the errors. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in subaward agreements and that proper subrecipient monitoring is performed. Section III – Federal Award Findings and Questioned Costs (Continued) Views of responsible officials: In accordance with the audit finding recommendation, the Department of Human Services’ Division of Family Development (DFD) will ensure that the applicable federal award date will be included with the contract award information as required by Uniform Guidance pass-through entity requirements. Subrecipient monitoring was performed in a timely manner in compliance with DHS Contract Policy with the exception of one subrecipient, NJSACC. NJSACC’s fiscal review documents are due back to DFD on April 15, 2024. Once received, DFD will schedule a fiscal review meeting with the agency and the entire process should be completed within one (1) month of receipt. In addition, DFD will review the current policy for clarity, reasonableness, and to ensure compliance.
Federal Awarding Agency: USDOT Impact: Significant Deficiency, Noncompliance AL Number and Title: 20.509 FGRA Federal Award Number: AK-2022-027 Applicable Compliance Requirement: Subrecipient Monitoring Condition: DOTPF management did not issue a management decision for the one single audit finding requiring follow-up in FY 23 within six months as required by federal law. Context: Under federal regulations, pass-through entities are responsible for issuing a management decision for audit findings relating to federal awards provided to subrecipients. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the adequacy of the subrecipient’s proposed corrective actions to address the finding. If the subrecipient has not completed corrective action, a timetable for follow-up should be given. Cause: DOTPF has no procedures to ensure a management decision is issued in a timely manner for a subrecipient’s single audit finding. DOTPF management believed it was not necessary to track subrecipients that require single audit follow-up as there was only one subrecipient with a finding during FY 23. Criteria: Title 2 CFR 200.332(d)(3) states that pass-through entities’ monitoring of subrecipients must include issuing a management decision for audit findings that relate to the federal award provided to the subrecipient from the pass-through entity. Title 2 CFR 200.521(d) states a management decision must be issued within six months of acceptance of the audit report by the federal audit clearinghouse. Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Effect: Untimely management decisions may result in the subrecipient not taking appropriate corrective action on findings. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements or withholding/terminating funding. Questioned Costs: None Recommendation: DOTPF’s Division of Administrative Services (DAS) director should develop and implement procedures to ensure management decisions for all subrecipient single audit findings are issued within six months of the audit report’s acceptance by the federal audit clearinghouse. View of Responsible Officials: Management agrees with this finding.
Federal Awarding Agency: USDOT Impact: Significant Deficiency, Noncompliance AL Number and Title: 20.509 FGRA Federal Award Number: AK-2022-027 Applicable Compliance Requirement: Subrecipient Monitoring Condition: DOTPF management did not issue a management decision for the one single audit finding requiring follow-up in FY 23 within six months as required by federal law. Context: Under federal regulations, pass-through entities are responsible for issuing a management decision for audit findings relating to federal awards provided to subrecipients. The management decision must clearly state whether or not the audit finding is sustained, the reasons for the decision, and the adequacy of the subrecipient’s proposed corrective actions to address the finding. If the subrecipient has not completed corrective action, a timetable for follow-up should be given. Cause: DOTPF has no procedures to ensure a management decision is issued in a timely manner for a subrecipient’s single audit finding. DOTPF management believed it was not necessary to track subrecipients that require single audit follow-up as there was only one subrecipient with a finding during FY 23. Criteria: Title 2 CFR 200.332(d)(3) states that pass-through entities’ monitoring of subrecipients must include issuing a management decision for audit findings that relate to the federal award provided to the subrecipient from the pass-through entity. Title 2 CFR 200.521(d) states a management decision must be issued within six months of acceptance of the audit report by the federal audit clearinghouse. Title 2 CFR 200.303(a) requires the State to establish and maintain effective internal controls over federal awards that provide reasonable assurance that the State is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Effect: Untimely management decisions may result in the subrecipient not taking appropriate corrective action on findings. Noncompliance with federal regulations may result in the federal awarding agency imposing additional conditions or taking corrective action, including additional reporting requirements or withholding/terminating funding. Questioned Costs: None Recommendation: DOTPF’s Division of Administrative Services (DAS) director should develop and implement procedures to ensure management decisions for all subrecipient single audit findings are issued within six months of the audit report’s acceptance by the federal audit clearinghouse. View of Responsible Officials: Management agrees with this finding.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.