2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
2023-043 The University of Washington did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it followed up on findings and issued management decisions. Assistance Listing Number and Title: 93.067 Global AIDS 93.067 COVID-19 Global AIDS Federal Grantor Name: U.S Department of Health and Human Services Federal Award/Contract Number: NU2GGH002038; NU2GGH002116; NU2GGH002157; NU2GGH002242; NU2GGH002298; NU2GGH002360; NU2GGH002374; NU2GGH002423 Pass-through Entity Name: None Pass-through Award/Contract Number: None Applicable Compliance Component: Subrecipient Monitoring Known Questioned Cost Amount: None Prior Year Audit Finding: Yes, Finding 2022-030 Background The Global AIDS program is a federal initiative focused on treating and preventing the transmission of HIV/AIDS around the world. The program is authorized by Sections 307 and 317(k)(2) of the Public Health Service Act, the U.S. Leadership Against HIV/AIDS, Tuberculosis, and Malaria Acts of 2003 and 2008, and the U.S. President’s Emergency Plan for AIDS Relief. Since it was established in 2003, the federal government has invested more than $100 billion in the global HIV/AIDS response, providing testing and treatment for millions of people, preventing transmission among affected communities, and supporting numerous countries to achieve HIV epidemic control. The program distributes funding through public and private sector partnerships to reach the populations most vulnerable to HIV/AIDS epidemics. The University of Washington administers this grant for the state through its International Training and Education Center for Health (I-TECH). I-TECH is a center in the University’s Department of Global Health operated by more than 2,000 staff in offices located in Africa, Asia, the Caribbean, Eastern Europe and the United States. In fiscal year 2023, the University spent almost $70 million in federal program funds, about $42 million of which it passed through to subrecipients. Federal regulations require the University to monitor its subrecipients’ activities. This includes verifying that its subrecipients that spend $750,000 or more in federal awards during a fiscal year obtain a single or program-specific audit. For the Global AIDS program, the Centers for Disease Control and Prevention requires foreign subrecipients to submit their audits directly to the federal government and pass-through entity within 30 days after receiving the auditor’s report or nine months after the end of the subrecipient’s audit period, whichever is earlier. Additionally, for the awards it passes onto its subrecipients, the University must follow up and ensure the subrecipients take timely and appropriate corrective action on all deficiencies identified through audits. When a subrecipient receives an audit finding for a University-funded program, federal law requires the University to issue a management decision to the subrecipient within six months of the audit report’s acceptance by the federal government. The management decision must clearly state whether the audit finding is sustained, the reason for the decision, and the actions the subrecipient is expected to take, such as repaying unallowable costs or making financial adjustments. These requirements help ensure subrecipients use federal program funds for authorized purposes and within the provisions of contracts or grant agreements. Federal regulations require recipients to establish and follow internal controls to ensure compliance with program requirements. These controls include understanding grant requirements and monitoring the effectiveness of established controls. In the prior audit, we reported the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. Description of Condition The University did not have adequate internal controls over and did not comply with federal requirements to ensure subrecipients of the Global AIDS program received required single or program-specific audits, and that it appropriately followed up on findings and issued management decisions. We found the University did not have adequate internal controls in place to verify whether: • Subrecipients received required audits, if necessary, and appropriate remedies were taken if audits were not filed • Management decisions were required to be issued for subrecipients who required a single or program-specific audit We used a nonstatistical sampling method to randomly select and examine seven out of a total population of 19 subrecipients. We found the University did not adequately monitor four subrecipients (57 percent) to ensure they received a required single or program-specific audit. Additionally, we found three of the four subrecipients received audit findings for the Global AIDS program, but the University did not issue a written management decision to the subrecipients and ensure appropriate corrective actions would be taken to correct the deficiencies reported, as required. We consider these internal control deficiencies to be a material weakness, which led to material noncompliance. Cause of Condition The University’s Office of Sponsored Programs used a spreadsheet to track subrecipient certifications and whether they were subject to a single or program audit. However, the University did not obtain updated annual audit certifications from these subrecipients to determine if they required an audit and, therefore, did not require the subrecipients to provide documentation of a single or program-specific audit. In addition, University management did not follow up with the subrecipients to verify that audits were performed. Effect of Condition Without establishing adequate internal controls, the University cannot ensure all subrecipients that required a single or program-specific audit received one. Furthermore, the University cannot ensure it is following up on subrecipient audit findings and communicating required management decisions to subrecipients. By failing to ensure subrecipients establish corrective actions and management monitors them for effectiveness where required, the University cannot determine whether subrecipients have sufficiently corrected issues identified in audit findings. Recommendations We recommend the University: • Follow policies and procedures to ensure subrecipients receive required single or program-specific audits • Establish and follow effective internal controls to ensure it reviews audit reports for its subrecipients and issues written management decisions, as required • Ensure subrecipients develop and perform acceptable corrective actions to adequately address all audit recommendations • Follow up with the subrecipient to ensure the required audit reports are received and reviewed to determine if the subrecipient is required to take corrective action to address audit recommendations • Issue a written management decision for all applicable audit findings, if necessary University’s Response In the prior audit, it was found the University did not establish adequate internal controls over and did not comply with federal requirements for subrecipient monitoring. The prior finding number was 2022-030. As a result of that finding, the University took corrective action, which was conveyed in November 2023, but given the significant enterprise-wide financial system replacement and implementation, the work to implement all corrective action steps, including single audit verification, has been interrupted and audit certification was not performed consistently during FY23. The University uses a certification process to obtain information and documentation needed to assess each subrecipient. As part of corrective action from finding 2022-030, the University updated the certification process with all subrecipients to confirm if federal expenditures during a fiscal year exceed the $750,000 threshold to require a single or program-specific audit by revising the initial certification form used to gather information and carry out a risk assessment. However, the University is still working on enhancing the annual certification process to confirm subrecipients receive required single or program-specific audits each year, to review such audit reports, and issue written management decisions, as required, including that subrecipient develop and perform acceptable corrective actions to address all applicable audit recommendations. Auditor’s Remarks We thank the University for its cooperation and assistance throughout the audit. We will review the status of the University's corrective action during our next audit. Applicable Laws and Regulations Title 45 U.S. Code of Federal Regulations (CFR) Part 75, section 303, Internal Controls, describes the requirements for auditees to maintain internal controls over federal programs and comply with federal program requirements. Title 45 CFR Part 75, Section 516, Audit findings, establishes reporting requirements for audit findings. Title 45 CFR Part 75, section 352, Requirements for pass-through entities, establishes requirements for pass through entities including monitoring of subrecipients. Title 45 CFR Part 75, section 501, Audit requirements, establishes the single audit requirements for recipients of federal assistance. The American Institute of Certified Public Accountants defines significant deficiencies and material weaknesses in its Codification of Statements on Auditing Standards, section 935, Compliance Audits, paragraph 11. The University of Washington’s Policies, Procedures and Guidance (UW Research), GIM 8 – Subrecipient Monitoring, states in part: Background Additionally, per the Federal Uniform Guidance, UW must evaluate each subrecipients’ risk of noncompliance with federal regulations, include specific terms and conditions in the subaward as necessary, and monitor the activities of the subrecipient through various mechanisms. These mechanisms include: Training and technical assistance to subrecipients, on-site reviews, review of audit results, increased reporting requirements and enforcement action, if necessary. University Policy UW reviews each subrecipient entity according to an entity level comprehensive risk assessment prior to the issuance of a subaward. This risk assessment includes an entity level review of their fiscal systems, past audit activity, and if required, financial statements of the entity as well as the project specific activity proposed and that the required compliance approvals are obtained. When necessary, UW imposes limitations and requirements on the subrecipient through subaward terms and conditions per Federal Uniform Guidance, Section 200.521, prior to the issuance or renewal of a subaward. UW’s subrecipient monitoring requirements are comprised, at a minimum, of the following: • Completion of the UW’s entity level comprehensive risk assessment (Certs & Reps, Annual Audit Certification) Subrecipient Monitoring – Entity Level Entity level monitoring consists of a combination of the following: • Initial Subrecipient Certification Form completion and assurance by subrecipient’s authorized official • Annual audit assurance through an annual audit certification form • Maintenance of a subrecipient profile list, which includes information on the entity’s past audit information and certificationsRisk assessment carried out at each annual renewal of a subaward.
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Subrecipient Monitoring Material Weakness in Internal Control over Subrecipient Monitoring and Material Noncompliance Research and Development Cluster Criteria: In accordance with 2 CFR 200.331, a pass-through entity must make a case-by-case determination whether each agreement it makes for the disbursement of federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Additionally, in accordance with 2 CFR 200.332(b), the pass-through entity must evaluate each subrecipient’s risk of noncompliance with federal statutes, regulations, and the terms and conditions of the subaward for the purpose of determining the appropriate subrecipient monitoring. In furtherance of this, the pass-through entity should inquire as to whether or not the subrecipient was subject to a Single Audit. If the subrecipient was subject to a Single Audit, the pass-through entity must request the Single Audit report and review for any findings or questioned costs. In accordance with 2 CFR 200.521, the pass-through entity should issue a management decision for audit findings pertaining to the federal award provided to the subrecipient from the pass-through entity as applicable. Condition: The Organization does not document its evaluation of each party that it engages in business with as to whether they are a contractor or a subrecipient. For three (3) of the three (3) such parties selected for testing, the Organization did not maintain documentation regarding whether the entity was a subrecipient or a contractor. Furthermore, as it relates to the monitoring of entities determined to be subrecipients, the Organization has not formally documented its subrecipient monitoring procedures to ensure that subrecipients are in compliance with federal statutes, regulations, and the terms and conditions of the subawards. For three (3) of the three (3) subrecipients selected for testing, the Organization did not inquire as to whether the entity was subject to a Single Audit. Consequently, the Organization did not request the Single Audit report nor did they review them for any findings pertinent to the federal award provided to the subrecipient from the pass-through entity. Cause: The Organization did not have an effective process in place to determine whether entities receiving pass-through funds are subrecipients or contractors. Furthermore, once that determination has been made, the Organization did not have a process in place for evaluating subrecipients and their compliance with the applicable requirements of the Uniform Guidance. Effect or potential effect: Lack of proper consideration of subrecipient or contractor status may result in the Organization improperly classifying a recipient of federal funds, which may impact the recipient’s compliance with the Uniform Guidance. Furthermore, by not performing adequate monitoring over subrecipients, the Organization is not appropriately monitoring whether subrecipients are compliance with grant requirements. Questioned costs: None. Context: Our sample was not intended to be statistically valid. Recommendation: The Organization should institute a process whereby all entities that receive federal funds have proper documentation supporting their classification as a subrecipient or a contractor for the entire year. Additionally, the Organization should maintain a standardized checklist for all such entities that support their rationale for the classification. This checklist should be prepared by an employee with knowledge of the grant and approved by a second individual. Furthermore, as it relates to subrecipient monitoring, the Organization should institute an annual process whereby all subrecipients are asked whether they received a Single Audit. If the subrecipient was subject to a Single Audit, the Organization should receive and review the Single Audit report. The reviewer should submit a memorandum of any findings relevant to their federal grant, which should then be submitted to the project manager or other designated person for approval. Views of responsible officials and planned corrective actions: Management's response is reported in "Management's Views and Corrective Action Plan" included at the end of this report. Identification of prior year finding: 2022-004
Reference Number: 2023-012 Prior Year Finding: 2022-013 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster, Employment Service Cluster Assistance Listing Number: 17.258, 17.259, 17.278, 17.207, 17.801 Award Number and Year: AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024), AA-34774-20-55-A-25 (4/1/2020 – 6/30/2023) ES333991955A25 (7/1/2019 – 9/30/2022), ES353492055A25 (7/1/2020 – 9/30/2023), ES367612155A25 (7/1/2021 – 9/30/2024), ES387362255A25 (7/1/2022 – 9/30/2025) DV-35786-21-55-5-25 (10/1/2020 – 12/31/2022), DV-37859-22-55-5-25 (10/1/2021 – 12/31/2023), 23555DV000008 (10/1/2022 – 12/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: Per 2 CFR section 200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Per 2 CFR section 200.331 - Subrecipient and contractor determinations states, in part, that a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued from the programs and did not adequately monitor subrecipients. Context: WIOA Cluster: Six out of eighteen subrecipients were selected for testing. The following exceptions were noted: • For 6 of 6 subawards issued, the Federal Award Identification Number (FAIN) and Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. • For 1 of 6 subrecipients selected for testing, no subaward monitoring was performed during the audit period. • For 1 of 6 subrecipients selected for testing, subaward monitoring was not completed in accordance with the Department’s policy. • For 1 of 6 subrecipients selected for testing, a determination on whether the entity was a subrecipient was unable to be made based on the documentation provided. • One subrecipient was excluded from subrecipient testing based on auditor analysis that the entity did not meet the definition of a subrecipient. The Schedule of Expenditures of Federal Awards was not adjusted to reflect the classification change. Employment Service Cluster: Five out of sixteen subrecipients were selected for testing. The following exceptions were noted: • For 5 of 5 subawards issued, the Federal Award Identification Number (FAIN) and the Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information nor that subrecipient monitoring was completed in accordance with the requirements of the federal programs. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Failure to conduct adequate subrecipient monitoring may result in a failure of the Department to detect that subawards were used for unauthorized purposes, were managed in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. There is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Department personnel on a timely basis. Questioned costs: WIOA Cluster: Undetermined Employment Service Cluster: None Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. We also recommend the Department review and enhance its internal controls and procedures to ensure subrecipient monitoring is performed in compliance with the requirements of the federal programs. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-012 Prior Year Finding: 2022-013 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster, Employment Service Cluster Assistance Listing Number: 17.258, 17.259, 17.278, 17.207, 17.801 Award Number and Year: AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024), AA-34774-20-55-A-25 (4/1/2020 – 6/30/2023) ES333991955A25 (7/1/2019 – 9/30/2022), ES353492055A25 (7/1/2020 – 9/30/2023), ES367612155A25 (7/1/2021 – 9/30/2024), ES387362255A25 (7/1/2022 – 9/30/2025) DV-35786-21-55-5-25 (10/1/2020 – 12/31/2022), DV-37859-22-55-5-25 (10/1/2021 – 12/31/2023), 23555DV000008 (10/1/2022 – 12/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: Per 2 CFR section 200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Per 2 CFR section 200.331 - Subrecipient and contractor determinations states, in part, that a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued from the programs and did not adequately monitor subrecipients. Context: WIOA Cluster: Six out of eighteen subrecipients were selected for testing. The following exceptions were noted: • For 6 of 6 subawards issued, the Federal Award Identification Number (FAIN) and Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. • For 1 of 6 subrecipients selected for testing, no subaward monitoring was performed during the audit period. • For 1 of 6 subrecipients selected for testing, subaward monitoring was not completed in accordance with the Department’s policy. • For 1 of 6 subrecipients selected for testing, a determination on whether the entity was a subrecipient was unable to be made based on the documentation provided. • One subrecipient was excluded from subrecipient testing based on auditor analysis that the entity did not meet the definition of a subrecipient. The Schedule of Expenditures of Federal Awards was not adjusted to reflect the classification change. Employment Service Cluster: Five out of sixteen subrecipients were selected for testing. The following exceptions were noted: • For 5 of 5 subawards issued, the Federal Award Identification Number (FAIN) and the Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information nor that subrecipient monitoring was completed in accordance with the requirements of the federal programs. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Failure to conduct adequate subrecipient monitoring may result in a failure of the Department to detect that subawards were used for unauthorized purposes, were managed in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. There is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Department personnel on a timely basis. Questioned costs: WIOA Cluster: Undetermined Employment Service Cluster: None Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. We also recommend the Department review and enhance its internal controls and procedures to ensure subrecipient monitoring is performed in compliance with the requirements of the federal programs. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-012 Prior Year Finding: 2022-013 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster, Employment Service Cluster Assistance Listing Number: 17.258, 17.259, 17.278, 17.207, 17.801 Award Number and Year: AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024), AA-34774-20-55-A-25 (4/1/2020 – 6/30/2023) ES333991955A25 (7/1/2019 – 9/30/2022), ES353492055A25 (7/1/2020 – 9/30/2023), ES367612155A25 (7/1/2021 – 9/30/2024), ES387362255A25 (7/1/2022 – 9/30/2025) DV-35786-21-55-5-25 (10/1/2020 – 12/31/2022), DV-37859-22-55-5-25 (10/1/2021 – 12/31/2023), 23555DV000008 (10/1/2022 – 12/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: Per 2 CFR section 200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Per 2 CFR section 200.331 - Subrecipient and contractor determinations states, in part, that a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued from the programs and did not adequately monitor subrecipients. Context: WIOA Cluster: Six out of eighteen subrecipients were selected for testing. The following exceptions were noted: • For 6 of 6 subawards issued, the Federal Award Identification Number (FAIN) and Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. • For 1 of 6 subrecipients selected for testing, no subaward monitoring was performed during the audit period. • For 1 of 6 subrecipients selected for testing, subaward monitoring was not completed in accordance with the Department’s policy. • For 1 of 6 subrecipients selected for testing, a determination on whether the entity was a subrecipient was unable to be made based on the documentation provided. • One subrecipient was excluded from subrecipient testing based on auditor analysis that the entity did not meet the definition of a subrecipient. The Schedule of Expenditures of Federal Awards was not adjusted to reflect the classification change. Employment Service Cluster: Five out of sixteen subrecipients were selected for testing. The following exceptions were noted: • For 5 of 5 subawards issued, the Federal Award Identification Number (FAIN) and the Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information nor that subrecipient monitoring was completed in accordance with the requirements of the federal programs. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Failure to conduct adequate subrecipient monitoring may result in a failure of the Department to detect that subawards were used for unauthorized purposes, were managed in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. There is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Department personnel on a timely basis. Questioned costs: WIOA Cluster: Undetermined Employment Service Cluster: None Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. We also recommend the Department review and enhance its internal controls and procedures to ensure subrecipient monitoring is performed in compliance with the requirements of the federal programs. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-012 Prior Year Finding: 2022-013 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster, Employment Service Cluster Assistance Listing Number: 17.258, 17.259, 17.278, 17.207, 17.801 Award Number and Year: AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024), AA-34774-20-55-A-25 (4/1/2020 – 6/30/2023) ES333991955A25 (7/1/2019 – 9/30/2022), ES353492055A25 (7/1/2020 – 9/30/2023), ES367612155A25 (7/1/2021 – 9/30/2024), ES387362255A25 (7/1/2022 – 9/30/2025) DV-35786-21-55-5-25 (10/1/2020 – 12/31/2022), DV-37859-22-55-5-25 (10/1/2021 – 12/31/2023), 23555DV000008 (10/1/2022 – 12/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: Per 2 CFR section 200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Per 2 CFR section 200.331 - Subrecipient and contractor determinations states, in part, that a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued from the programs and did not adequately monitor subrecipients. Context: WIOA Cluster: Six out of eighteen subrecipients were selected for testing. The following exceptions were noted: • For 6 of 6 subawards issued, the Federal Award Identification Number (FAIN) and Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. • For 1 of 6 subrecipients selected for testing, no subaward monitoring was performed during the audit period. • For 1 of 6 subrecipients selected for testing, subaward monitoring was not completed in accordance with the Department’s policy. • For 1 of 6 subrecipients selected for testing, a determination on whether the entity was a subrecipient was unable to be made based on the documentation provided. • One subrecipient was excluded from subrecipient testing based on auditor analysis that the entity did not meet the definition of a subrecipient. The Schedule of Expenditures of Federal Awards was not adjusted to reflect the classification change. Employment Service Cluster: Five out of sixteen subrecipients were selected for testing. The following exceptions were noted: • For 5 of 5 subawards issued, the Federal Award Identification Number (FAIN) and the Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information nor that subrecipient monitoring was completed in accordance with the requirements of the federal programs. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Failure to conduct adequate subrecipient monitoring may result in a failure of the Department to detect that subawards were used for unauthorized purposes, were managed in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. There is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Department personnel on a timely basis. Questioned costs: WIOA Cluster: Undetermined Employment Service Cluster: None Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. We also recommend the Department review and enhance its internal controls and procedures to ensure subrecipient monitoring is performed in compliance with the requirements of the federal programs. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-012 Prior Year Finding: 2022-013 Federal Agency: U.S. Department of Labor State Agency: Executive Office of Labor and Workforce Development Federal Program: WIOA Cluster, Employment Service Cluster Assistance Listing Number: 17.258, 17.259, 17.278, 17.207, 17.801 Award Number and Year: AA-38535-22-55-A-25 (7/1/2022 – 6/30/2025), AA-36325-21-55-A-25 (4/1/2021 – 6/30/2024), AA-34774-20-55-A-25 (4/1/2020 – 6/30/2023) ES333991955A25 (7/1/2019 – 9/30/2022), ES353492055A25 (7/1/2020 – 9/30/2023), ES367612155A25 (7/1/2021 – 9/30/2024), ES387362255A25 (7/1/2022 – 9/30/2025) DV-35786-21-55-5-25 (10/1/2020 – 12/31/2022), DV-37859-22-55-5-25 (10/1/2021 – 12/31/2023), 23555DV000008 (10/1/2022 – 12/31/2024) Compliance Requirement: Subrecipient Monitoring Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: Per 2 CFR section 200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521. (4) The pass-through entity is responsible for resolving audit findings specifically related to the subaward and not responsible for resolving crosscutting findings. If a subrecipient has a current Single Audit report posted in the Federal Audit Clearinghouse and has not otherwise been excluded from receipt of Federal funding (e.g., has been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant audit agency or cognizant oversight agency to perform audit follow-up and make management decisions related to cross-cutting findings in accordance with section § 200.513(a)(3)(vii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Per 2 CFR section 200.331 - Subrecipient and contractor determinations states, in part, that a pass-through entity must make case-by-case determinations whether each agreement it makes for the disbursement of Federal program funds casts the party receiving the funds in the role of a subrecipient or a contractor. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Labor and Workforce Development (Department) omitted required federal award information from subawards it issued from the programs and did not adequately monitor subrecipients. Context: WIOA Cluster: Six out of eighteen subrecipients were selected for testing. The following exceptions were noted: • For 6 of 6 subawards issued, the Federal Award Identification Number (FAIN) and Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. • For 1 of 6 subrecipients selected for testing, no subaward monitoring was performed during the audit period. • For 1 of 6 subrecipients selected for testing, subaward monitoring was not completed in accordance with the Department’s policy. • For 1 of 6 subrecipients selected for testing, a determination on whether the entity was a subrecipient was unable to be made based on the documentation provided. • One subrecipient was excluded from subrecipient testing based on auditor analysis that the entity did not meet the definition of a subrecipient. The Schedule of Expenditures of Federal Awards was not adjusted to reflect the classification change. Employment Service Cluster: Five out of sixteen subrecipients were selected for testing. The following exceptions were noted: • For 5 of 5 subawards issued, the Federal Award Identification Number (FAIN) and the Federal award date of award to the recipient by the Federal agency were not included on the subaward agreement. Cause: The Department’s procedures were not sufficient to ensure that subawards included all required information nor that subrecipient monitoring was completed in accordance with the requirements of the federal programs. Effect: Excluding required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Failure to conduct adequate subrecipient monitoring may result in a failure of the Department to detect that subawards were used for unauthorized purposes, were managed in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. There is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Department personnel on a timely basis. Questioned costs: WIOA Cluster: Undetermined Employment Service Cluster: None Recommendation: We recommend the Department review and enhance internal controls and procedures to ensure that required information is included in its subawards. We also recommend the Department review and enhance its internal controls and procedures to ensure subrecipient monitoring is performed in compliance with the requirements of the federal programs. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-022 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Elders Affairs Federal Program: Aging Cluster Assistance Listing Number: 93.044, 93.045, 93.053 Award Number and Year: 2101MASSC6, 2101MACMC6, 2101MAHDC6 and 2021 (COVID-19) 2001MAHDC3, 2001MASSC3 and 2020 (COVID-19) 2201MAOANS-03 and 2022 2301MAOANS-03 and 2023 2201MAOASS and 2022 2301MAOASS and 2023 2201MAOACM and 2022 2301MAOACM and 2023 2201MAOAHD and 2022 2301MAOAHD and 2023 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Elders Affairs’ (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award dates were not provided to the subrecipients. Context: Seven of the seven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None noted. Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-022 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Elders Affairs Federal Program: Aging Cluster Assistance Listing Number: 93.044, 93.045, 93.053 Award Number and Year: 2101MASSC6, 2101MACMC6, 2101MAHDC6 and 2021 (COVID-19) 2001MAHDC3, 2001MASSC3 and 2020 (COVID-19) 2201MAOANS-03 and 2022 2301MAOANS-03 and 2023 2201MAOASS and 2022 2301MAOASS and 2023 2201MAOACM and 2022 2301MAOACM and 2023 2201MAOAHD and 2022 2301MAOAHD and 2023 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Elders Affairs’ (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award dates were not provided to the subrecipients. Context: Seven of the seven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None noted. Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-022 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Elders Affairs Federal Program: Aging Cluster Assistance Listing Number: 93.044, 93.045, 93.053 Award Number and Year: 2101MASSC6, 2101MACMC6, 2101MAHDC6 and 2021 (COVID-19) 2001MAHDC3, 2001MASSC3 and 2020 (COVID-19) 2201MAOANS-03 and 2022 2301MAOANS-03 and 2023 2201MAOASS and 2022 2301MAOASS and 2023 2201MAOACM and 2022 2301MAOACM and 2023 2201MAOAHD and 2022 2301MAOAHD and 2023 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Elders Affairs’ (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award dates were not provided to the subrecipients. Context: Seven of the seven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None noted. Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-022 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Elders Affairs Federal Program: Aging Cluster Assistance Listing Number: 93.044, 93.045, 93.053 Award Number and Year: 2101MASSC6, 2101MACMC6, 2101MAHDC6 and 2021 (COVID-19) 2001MAHDC3, 2001MASSC3 and 2020 (COVID-19) 2201MAOANS-03 and 2022 2301MAOANS-03 and 2023 2201MAOASS and 2022 2301MAOASS and 2023 2201MAOACM and 2022 2301MAOACM and 2023 2201MAOAHD and 2022 2301MAOAHD and 2023 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Elders Affairs’ (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award dates were not provided to the subrecipients. Context: Seven of the seven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None noted. Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-022 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Executive Office of Elders Affairs Federal Program: Aging Cluster Assistance Listing Number: 93.044, 93.045, 93.053 Award Number and Year: 2101MASSC6, 2101MACMC6, 2101MAHDC6 and 2021 (COVID-19) 2001MAHDC3, 2001MASSC3 and 2020 (COVID-19) 2201MAOANS-03 and 2022 2301MAOANS-03 and 2023 2201MAOASS and 2022 2301MAOASS and 2023 2201MAOACM and 2022 2301MAOACM and 2023 2201MAOAHD and 2022 2301MAOAHD and 2023 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Executive Office of Elders Affairs’ (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award dates were not provided to the subrecipients. Context: Seven of the seven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None noted. Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-024 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Office for Refugees and Immigrants (ORI) Federal Program: Refugee and Entrant Assistance State Administered Programs Assistance Listing Number: 93.566 Award Number and Year: 2301MARCMA 00-02 and 10/1/2022-9/30/2023 2303MARCSSS 00-04 and 10/1/2022-9/30/2024 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Office for Refugees and Immigrants (ORI) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) was not provided to the subrecipients. Context: Ten of the ten subawards selected for testing did not contain the Federal Award Identification Number (FAIN). Questioned costs: Undetermined. Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of Responsible Officials: Management agrees with the finding.
Reference Number: 2023-025 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Public Health (DPH) Federal Program: Refugee and Entrant Assistance State Administered Programs (Refugee) Opioid-STR Block Grants for Prevention and Treatment of Substance Abuse, COVID-19 - Block Grants for Prevention and Treatment of Substance Abuse (SABG) Assistance Listing Number: 93.566, 93.788, 93.959 Award Number and Year: Refugee: ISAORIRHAP0826DPH22D and 10/1/2021-9/30/22 ISAORIRHAP0826DPH23B and 10/1/2021-9/30/22 ISAORIRHAP0826DPH23C and 10/1/2021-6/30/23 ISAORIRHAP0826DPH23D and 12/4/2023-6/30/23 Opioid: 1H79TI083328 (9/30/2020 – 9/29/2021) 5H79TI083328 (9/30/2021 – 9/29/2022) 6H79TI083328 (9/30/2021 – 9/29/2023) 1H79TI085778 (9/30/2021 – 9/29/2023) SABG: 1B08TI083946-01 and 9/1/2021-9/30/2025 08TI08350200-01 and 3/15/2021-3/14/2024 1B08TI084650-01 and 10/1/2021-9/30/2023 1B08TI085812-01 and 10/1/2021-9/30/2024 1B08TI083455-01 and 10/1/2020-9/30/2022 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (b) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Public Health (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award date were not provided to the subrecipient. Context: Refugee: Five of the five subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Opioid: Twelve of the twelve subawards selected for testing were missing the Federal Award Identification Number (FAIN) and the Federal Award Date. SABG: Eleven of the eleven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of responsible officials: Management agrees with the finding.
Reference Number: 2023-025 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Public Health (DPH) Federal Program: Refugee and Entrant Assistance State Administered Programs (Refugee) Opioid-STR Block Grants for Prevention and Treatment of Substance Abuse, COVID-19 - Block Grants for Prevention and Treatment of Substance Abuse (SABG) Assistance Listing Number: 93.566, 93.788, 93.959 Award Number and Year: Refugee: ISAORIRHAP0826DPH22D and 10/1/2021-9/30/22 ISAORIRHAP0826DPH23B and 10/1/2021-9/30/22 ISAORIRHAP0826DPH23C and 10/1/2021-6/30/23 ISAORIRHAP0826DPH23D and 12/4/2023-6/30/23 Opioid: 1H79TI083328 (9/30/2020 – 9/29/2021) 5H79TI083328 (9/30/2021 – 9/29/2022) 6H79TI083328 (9/30/2021 – 9/29/2023) 1H79TI085778 (9/30/2021 – 9/29/2023) SABG: 1B08TI083946-01 and 9/1/2021-9/30/2025 08TI08350200-01 and 3/15/2021-3/14/2024 1B08TI084650-01 and 10/1/2021-9/30/2023 1B08TI085812-01 and 10/1/2021-9/30/2024 1B08TI083455-01 and 10/1/2020-9/30/2022 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (b) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Public Health (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award date were not provided to the subrecipient. Context: Refugee: Five of the five subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Opioid: Twelve of the twelve subawards selected for testing were missing the Federal Award Identification Number (FAIN) and the Federal Award Date. SABG: Eleven of the eleven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of responsible officials: Management agrees with the finding.
Reference Number: 2023-025 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Public Health (DPH) Federal Program: Refugee and Entrant Assistance State Administered Programs (Refugee) Opioid-STR Block Grants for Prevention and Treatment of Substance Abuse, COVID-19 - Block Grants for Prevention and Treatment of Substance Abuse (SABG) Assistance Listing Number: 93.566, 93.788, 93.959 Award Number and Year: Refugee: ISAORIRHAP0826DPH22D and 10/1/2021-9/30/22 ISAORIRHAP0826DPH23B and 10/1/2021-9/30/22 ISAORIRHAP0826DPH23C and 10/1/2021-6/30/23 ISAORIRHAP0826DPH23D and 12/4/2023-6/30/23 Opioid: 1H79TI083328 (9/30/2020 – 9/29/2021) 5H79TI083328 (9/30/2021 – 9/29/2022) 6H79TI083328 (9/30/2021 – 9/29/2023) 1H79TI085778 (9/30/2021 – 9/29/2023) SABG: 1B08TI083946-01 and 9/1/2021-9/30/2025 08TI08350200-01 and 3/15/2021-3/14/2024 1B08TI084650-01 and 10/1/2021-9/30/2023 1B08TI085812-01 and 10/1/2021-9/30/2024 1B08TI083455-01 and 10/1/2020-9/30/2022 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (b) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Public Health (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award date were not provided to the subrecipient. Context: Refugee: Five of the five subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Opioid: Twelve of the twelve subawards selected for testing were missing the Federal Award Identification Number (FAIN) and the Federal Award Date. SABG: Eleven of the eleven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of responsible officials: Management agrees with the finding.
Reference Number: 2023-025 Prior Year Finding: No Federal Agency: U.S. Department of Health and Human Services State Agency: Department of Public Health (DPH) Federal Program: Refugee and Entrant Assistance State Administered Programs (Refugee) Opioid-STR Block Grants for Prevention and Treatment of Substance Abuse, COVID-19 - Block Grants for Prevention and Treatment of Substance Abuse (SABG) Assistance Listing Number: 93.566, 93.788, 93.959 Award Number and Year: Refugee: ISAORIRHAP0826DPH22D and 10/1/2021-9/30/22 ISAORIRHAP0826DPH23B and 10/1/2021-9/30/22 ISAORIRHAP0826DPH23C and 10/1/2021-6/30/23 ISAORIRHAP0826DPH23D and 12/4/2023-6/30/23 Opioid: 1H79TI083328 (9/30/2020 – 9/29/2021) 5H79TI083328 (9/30/2021 – 9/29/2022) 6H79TI083328 (9/30/2021 – 9/29/2023) 1H79TI085778 (9/30/2021 – 9/29/2023) SABG: 1B08TI083946-01 and 9/1/2021-9/30/2025 08TI08350200-01 and 3/15/2021-3/14/2024 1B08TI084650-01 and 10/1/2021-9/30/2023 1B08TI085812-01 and 10/1/2021-9/30/2024 1B08TI083455-01 and 10/1/2020-9/30/2022 Compliance Requirement: Subrecipient Monitoring- Subaward Agreement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or specific requirement: Compliance: 2 CFR section 200.332-Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (b) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: The Department of Public Health (Department) subawards did not contain all required federal information. We noted that the Federal Award Identification Number (FAIN) and federal award date were not provided to the subrecipient. Context: Refugee: Five of the five subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Opioid: Twelve of the twelve subawards selected for testing were missing the Federal Award Identification Number (FAIN) and the Federal Award Date. SABG: Eleven of the eleven subawards selected for testing did not contain the Federal Award Identification Number (FAIN) and Federal Award Date. Questioned costs: None Cause: The Department utilizes a standard subaward that was not updated to include all federal subaward requirements. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific program and other regulations that apply to the funds they receive. Recommendation: The Department should review and enhance internal controls and procedures to ensure that all required information is included in all subaward agreements. Views of responsible officials: Management agrees with the finding.
Finding Reference Number: 2023-005 NH Department of Justice NH Department of Health and Human Services NH Department of Environmental Services NH Department of Business and Economic Affairs COVID-19 Coronavirus State and Local Fiscal Recovery Funds (Assistance Listing #21.027) Federal Award Numbers: SLFRP0145 Federal Award Year: 2021 U.S. Department of Treasury Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-008 Statistically Valid Sample: No Criteria A pass-through entity must: 1. Clearly identify to the subrecipient required award information and applicable requirements described in 2 CFR section 200.332(a); 2. Evaluate each subrecipient’s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 300.332(b)); 3. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorization purposes, complies with the terms and conditions of the subaward 4. Issuing a management decision for audit findings pertaining to federal award provided to the subrecipient from the subrecipient as required by 2 CFR section 200.521. Additionally, per 2 CFR section 200.303, non-federal entities must establish and maintain effective internal control over federal awards that provide reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition As part of the Coronavirus State and Local Fiscal Recovery Funds program, the State of New Hampshire (the State) entered into grant agreements with local entities to support allowable activities under the federal program. During the year ended June 30, 2022, the State passed through $73,337,682 to subrecipients. As part of our testwork over the subrecipient monitoring process, we identified the following breakdown of internal controls: A. As part of our testwork over subrecipient monitoring, we selected a sample of 49 items from the listing of subrecipients provided by the State that reconciled to the amount reported on the Schedule of Expenditures of Federal Awards. Of the 49 items selected for testwork, 6 items were contracts and were not subrecipient agreements. As such, we were unable to determine the completeness and accuracy of the subrecipient population. As a result of our audit, the State identified that this error resulted in the amount reported on the Schedule of Expenditures of Federal Awards as pass-through expenditures to be overstated by $7,261,684. The State has corrected the Schedule of Expenditures of Federal Awards so that the amount reported is accurate. B. The State communicates award information to subrecipients through the approved grant agreement. For 19 of the 43 remaining subrecipients selected for testwork, the State did not communicate all the required award information as outlined in 2 CFR section 200.332. Specifically, the following elements were not communicated: a. Indirect cost rate for federal awards (including if the deminimus rate is charged per 2 CFR section 200.414) was not communicated for 19 of the 43 remaining subrecipients selected for testwork. b. Identification of whether the award is R&D was not communicated for 17 of the remaining 43 subrecipients selected for testwork. C. As part of our testwork over during the award monitoring, it was identified that subrecipient monitoring activities include the review and approval of invoices submitted for reimbursement from the subrecipient. During our testwork over the invoice review we identified the following: a. For 6 of the remaining 43 subrecipients selected for testwork, we were unable to obtain the invoices paid by the State to verify that they were reviewed and approved. While the invoices were not provided to us, we noted that other monitoring procedures were performed for 4 of the 6 subrecipients. b. For 10 of the remaining 43 subrecipients selected for testwork, while we were able to obtain the invoices paid by the State, we were unable to properly identify who the appropriate reviewer was for the invoice to ensure that the individual who approved the invoice had the appropriate knowledge and competency to perform the review process. As a result, we were unable to verify if the invoice was appropriately reviewed. While we were unable to verify this, we noted that other monitoring procedures were performed for 9 of the 10 subrecipients. D. As part of our testwork over during the award monitoring, for 9 of the 43 remaining subrecipients selected for testwork, no documentation was provided to support that during the award monitoring procedures had been performed during the audit period. As such, we could not verify that appropriate monitoring procedures were performed as outlined by the subrecipient’s risk assessment. E. As part of our testwork over the review of Uniform Guidance Reports, we identified the following: a. For 6 of the remaining 43 subrecipients selected for testwork, the State provided the subrecipients Uniform Guidance report, however there was no evidence that the reports were reviewed to determine if a management decision letter needed to be issued. As part of our audit, we reviewed the 6 uniform guidance reports and did not identify any findings that would have required to be followed up on by the State. b. For 7 of the remaining 43 subrecipients selected for testwork, the subrecipient’s uniform guidance report was not provided. We reviewed the FAC to determine if a report was submitted during the audit period and identified that all 7 subrecipients had submitted a uniform guidance report. Of the 7 subrecipients, 1 report contained findings reported within Section III of the report. There was no evidence provided that the State had issued a management decision related to this subrecipient. Cause The cause of the condition found is primarily due to insufficient internal controls and procedures to ensure that award identification information is communicated, that appropriate during the award monitoring is performed based on the risk assessments and that all subrecipients are reviewed to determine if a uniform guidance audit was issued regardless of amount awarded to the subrecipient. Given the nature of this program, several Departments within the State entered into subrecipient grants resulting in a decentralized process. Not all Departments within the State are experienced with subrecipient relationships and may not have had developed policies to comply with subrecipient monitoring requirements. Finally, the State does not have sufficient internal controls in place to properly classify contracts and subrecipient relationships. Effect The effect of the condition found is that the State may not have properly monitored subrecipients in accordance with State policies and federal requirements. In addition, improper identification of contracts and subrecipients could lead to noncompliance with the State’s procurement policy or the proper monitoring of subrecipients. Questioned Costs None. Recommendation We recommend that the State review its existing internal controls, policies, and procedures to ensure that the State complies with the provisions of 2 CFR section 200.332(a), 2 CFR section 200.332(d through (f), and 2 CFR section 200.251. This would include ensuring that: 1. All required award information is communicated to subrecipients; 2. Ensure that appropriate during the award monitoring is performed as outlined within the subrecipient’s risk assessment; and 3. All subrecipients are reviewed regardless of the amount awarded to determine if a uniform guidance report was issued and if a management decision letter should be issued. In addition, the State should continue to review its vendor determination policy to ensure that the policy is consistently applied across all Department’s within the State. View of Responsible Officials: Management concurs with the finding above.
Finding Reference Number: 2023-011 NH Department of Health and Human Services Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (Assistance Listing #93.323) Federal Award Numbers: NUK50CK000522 Federal Award Year: 2019 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-018 Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $5,070,789 of federal funding to subrecipient. As part of our testing related subrecipient monitoring, we noted the following: A. As part of our during the award monitoring testwork, we were unable to obtain documentation to support that that the Department had performed the suggested monitoring procedures for 3 of the 4 subrecipients selected for testwork based upon the subrecipients most recent risk assessment performed. For the remaining 1 subrecipient, the risk assessment form did not indicate the required frequency of the suggested type of monitoring. As a result, we were not able to verify that the Department had performed the appropriate monitoring procedures as outlined by the risk assessment performed for each subrecipient. B. The Department’s during the award monitoring for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. Per review of the risk assessment for each of the 4 subrecipients, the risk assessment did not provide for specific monitoring procedures that would address compliance with the subrecipients grant agreement beyond the period review of expenditure data. Taking into consideration that for each of the 4 subrecipients selected the testwork, if an Uniform Guidance report was issued for the subrecipient, this program was not audited as a major program, it does not appear that either the procedures suggested within the risk assessment or the procedures performed by the Department would be able to identify noncompliance incurred at the subrecipient level. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified the following: • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report. We noted however there were no findings identified within the uniform guidance report that would have required corrective action. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials: Management partially concurs with the finding above. Rejoinder As it relates to Bullet B above, for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. As it relates to Bullet C above, we were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued for 1 of 3 items selected for testwork. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. In addition, for 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report.
Finding Reference Number: 2023-011 NH Department of Health and Human Services Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) and COVID-19 Epidemiology and Laboratory Capacity for Infectious Diseases (ELC) (Assistance Listing #93.323) Federal Award Numbers: NUK50CK000522 Federal Award Year: 2019 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-018 Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $5,070,789 of federal funding to subrecipient. As part of our testing related subrecipient monitoring, we noted the following: A. As part of our during the award monitoring testwork, we were unable to obtain documentation to support that that the Department had performed the suggested monitoring procedures for 3 of the 4 subrecipients selected for testwork based upon the subrecipients most recent risk assessment performed. For the remaining 1 subrecipient, the risk assessment form did not indicate the required frequency of the suggested type of monitoring. As a result, we were not able to verify that the Department had performed the appropriate monitoring procedures as outlined by the risk assessment performed for each subrecipient. B. The Department’s during the award monitoring for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. Per review of the risk assessment for each of the 4 subrecipients, the risk assessment did not provide for specific monitoring procedures that would address compliance with the subrecipients grant agreement beyond the period review of expenditure data. Taking into consideration that for each of the 4 subrecipients selected the testwork, if an Uniform Guidance report was issued for the subrecipient, this program was not audited as a major program, it does not appear that either the procedures suggested within the risk assessment or the procedures performed by the Department would be able to identify noncompliance incurred at the subrecipient level. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified the following: • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. • For 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report. We noted however there were no findings identified within the uniform guidance report that would have required corrective action. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials: Management partially concurs with the finding above. Rejoinder As it relates to Bullet B above, for each of the 4 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. The Department did not perform any other monitoring procedures to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. We further noted that no other monitoring was performed by the Department to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. As it relates to Bullet C above, we were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued for 1 of 3 items selected for testwork. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. In addition, for 1 of 3 subrecipients selected for testwork which had a Uniform Guidance audit, the Department did not issue a management decision letter within 6 months of receipt of the report.
Finding Reference Number: 2023-015 NH Department of Energy Low Income Home Energy Assistance and COVID-19 Low Income Home Energy Assistance (Assistance Listing #93.568) Federal Award Numbers: 2001NHLEA, 2001NHLIE4, 2001NH5C3, 2101NHLIEA, 2101NHE5C6, 2201NHLIEA, 2101NHLIE4, 2201NHLIEE, 2201NHLIEI, 2301NHLIEA, 2301NHLIEE, 2301NHLIEI Federal Award Year: 2020, 2021, 2022, 2023 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-025 Statistically Valid Sample: No Criteria A pass-through entity must: 1. Clearly identify to the subrecipient required award information and applicable requirements described in 2 CFR section 200.332(a); 2. Evaluate each subrecipient’s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 300.332(b)); 3. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required through the terms and conditions of the award, subaward monitoring must include following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means; and 4. Issuing a management decision for audit findings pertaining to federal award provided to the subrecipient from the subrecipient as required by 2 CFR section 200.521. Additionally, Title 45 U.S. Code of Federal Regulation Part 75 (45 CFR section 75), Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HS Awards, section 75.303(a), Internal Controls, states the non-Federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-Federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition As part of the Low-Income Home Energy Assistance program (LIHEAP), the New Hampshire Department of Energy (the Department) enters into grant agreements with local entities to provide services related to the eligibility determination process for the LIHEAP program (including the calculation of participant benefits) and payment of benefits to fuel providers. During the year ended June 30, 2023, $52,485,098 was passed through to subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following as of the year ending June 30, 2023: A. The Department communicates award information to subrecipients through the approved grant agreement. Per review of the grant agreement, for each of the 3 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332. Specifically, the following elements were not communicated: a. Federal Award Identification Number (FAIN) b. Federal award date c. Indirect cost rate for federal awards (including if the deminimus rate is charged per 2 CFR section 200.414) d. Identification of whether the award is R&D B. For the 1 programmatic monitoring review completed by the Department during the period under audit, the Department did not issue its programmatic monitoring report to the subrecipient timely after the monitoring review was completed. As a result, there was a delay in the subrecipient implementing its corrective action plan to address the findings identified during the programmatic monitoring review. Specifically, we noted the following: a. For the 1 programmatic monitoring review, the monitoring review took place on May 4, 2023, but the report to the subrecipient was not issued until September 23, 2023. Per review of the report that was issued, there were findings identified by the Department that warranted corrective action. Due to the delay in issuing the report, a corrective action plan was not obtained from the subrecipient until almost 5 months after the date of that the monitoring review took place. C. For 3 of 3 subrecipients selected for testwork, the Department did not complete its annual fiscal monitoring review during the audit period as required by their monitoring policy. D. During our testwork over the Department’s review of subrecipient uniform guidance reports, we noted the following: a. The Department does not track the receipt of uniform guidance reports. As a result, we were unable to determine when the uniform guidance reports were received by the Department to ensure they are reviewed timely. Specifically, we noted: i. For all 3 subrecipients selected, the subrecipient’s uniform guidance appeared to have been reviewed, but as the Department does not track the receipt of uniform guidance reports, it was unclear if it was reviewed timely. We did note based on the date that the uniform guidance report was issued, the management decision letter was not issued within 6 months of the date of the report being issued as required by 2 CRF 200.521 (d). ii. For 1 subrecipient in which the UG report had a finding, we were unable to obtain evidence to support that the Department had obtained and reviewed the subrecipient’s uniform guidance report, including management’s response to findings letter as well as the related Corrective Action Plan, as this subrecipient’s uniform guidance report noted a material weakness. E. The Annual Report on Households Assisted by LIHEAP contains data that is specific to benefits paid to eligible participants. The data that is used to compile the annual report is obtained from case data that is reported to the New Hampshire Department of Energy (the Department) from its subrecipients as the Department has entered into grant agreements with third parties who are responsible for the eligibility determination and benefit payment process. As part of our subrecipient monitoring testwork, we were unable to verify that the Department had performed any monitoring procedures over the data provided by each subrecipient to ensure that the data reported within the annual report was complete and accurate. Cause The cause of the condition found was primarily due to insufficient documented subrecipient policies and procedures to ensure that adequate monitoring is performed over subrecipients to align with the risk assessments performed. The monitoring procedures that are in place do not include the completeness and accuracy of the data submitted by the subrecipient utilized to compile federal reports. Further, the Department does not have sufficient internal controls and procedures to ensure results of monitoring visits are performed and results communicated timely to subrecipient or to ensure that subrecipient uniform guidance reports are obtained and reviewed timely. In addition, there are insufficient internal controls in place to review the grant agreements to ensure that all required data elements are communicated to the subrecipient in accordance with 2 CFR section 300.332(b). Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a), section 200.332(b) and 2 CFR section 200.521. Questioned Costs None. Recommendation We recommend that the Department formalize, policies and procedures and implement the necessary internal controls to ensure that the Department complies with the provisions of 2 CFR section 200.332(a), 2 CFR section 200.332(b) and 2 CFR section 200.251. This would include ensuring that: 1. All required award information is communicated to subrecipients; 2. As a result of the risk assessment performed, monitoring activities are performed over subrecipients to ensure compliance with the terms and conditions of its subrecipient grant agreement. The results of all monitoring reviews should be timely communicated in accordance with the Department’s policies to the subrecipient and actions requiring corrective action plan should be followed up on to ensure that the matter is resolved; and 3. Ensure that all uniform guidance reports are collected and reviewed timely so that a management decision letter can be issued within the time period required by federal regulations. Retain evidence of Department review of uniform guidance reports and management letters issued as a result of their review. View of Responsible Officials: Management partially concurs with the finding above Rejoinder As it relates to Bullet C above, for 3 of 3 subrecipients selected for testwork, the Department did not complete its annual fiscal monitoring review during the audit period as required by their monitoring policy
Finding Reference Number: 2023-015 NH Department of Energy Low Income Home Energy Assistance and COVID-19 Low Income Home Energy Assistance (Assistance Listing #93.568) Federal Award Numbers: 2001NHLEA, 2001NHLIE4, 2001NH5C3, 2101NHLIEA, 2101NHE5C6, 2201NHLIEA, 2101NHLIE4, 2201NHLIEE, 2201NHLIEI, 2301NHLIEA, 2301NHLIEE, 2301NHLIEI Federal Award Year: 2020, 2021, 2022, 2023 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: 2022-025 Statistically Valid Sample: No Criteria A pass-through entity must: 1. Clearly identify to the subrecipient required award information and applicable requirements described in 2 CFR section 200.332(a); 2. Evaluate each subrecipient’s risk of noncompliance for the purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 300.332(b)); 3. Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required through the terms and conditions of the award, subaward monitoring must include following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means; and 4. Issuing a management decision for audit findings pertaining to federal award provided to the subrecipient from the subrecipient as required by 2 CFR section 200.521. Additionally, Title 45 U.S. Code of Federal Regulation Part 75 (45 CFR section 75), Uniform Administrative Requirements, Cost Principles, and Audit Requirements for HS Awards, section 75.303(a), Internal Controls, states the non-Federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-Federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition As part of the Low-Income Home Energy Assistance program (LIHEAP), the New Hampshire Department of Energy (the Department) enters into grant agreements with local entities to provide services related to the eligibility determination process for the LIHEAP program (including the calculation of participant benefits) and payment of benefits to fuel providers. During the year ended June 30, 2023, $52,485,098 was passed through to subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following as of the year ending June 30, 2023: A. The Department communicates award information to subrecipients through the approved grant agreement. Per review of the grant agreement, for each of the 3 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332. Specifically, the following elements were not communicated: a. Federal Award Identification Number (FAIN) b. Federal award date c. Indirect cost rate for federal awards (including if the deminimus rate is charged per 2 CFR section 200.414) d. Identification of whether the award is R&D B. For the 1 programmatic monitoring review completed by the Department during the period under audit, the Department did not issue its programmatic monitoring report to the subrecipient timely after the monitoring review was completed. As a result, there was a delay in the subrecipient implementing its corrective action plan to address the findings identified during the programmatic monitoring review. Specifically, we noted the following: a. For the 1 programmatic monitoring review, the monitoring review took place on May 4, 2023, but the report to the subrecipient was not issued until September 23, 2023. Per review of the report that was issued, there were findings identified by the Department that warranted corrective action. Due to the delay in issuing the report, a corrective action plan was not obtained from the subrecipient until almost 5 months after the date of that the monitoring review took place. C. For 3 of 3 subrecipients selected for testwork, the Department did not complete its annual fiscal monitoring review during the audit period as required by their monitoring policy. D. During our testwork over the Department’s review of subrecipient uniform guidance reports, we noted the following: a. The Department does not track the receipt of uniform guidance reports. As a result, we were unable to determine when the uniform guidance reports were received by the Department to ensure they are reviewed timely. Specifically, we noted: i. For all 3 subrecipients selected, the subrecipient’s uniform guidance appeared to have been reviewed, but as the Department does not track the receipt of uniform guidance reports, it was unclear if it was reviewed timely. We did note based on the date that the uniform guidance report was issued, the management decision letter was not issued within 6 months of the date of the report being issued as required by 2 CRF 200.521 (d). ii. For 1 subrecipient in which the UG report had a finding, we were unable to obtain evidence to support that the Department had obtained and reviewed the subrecipient’s uniform guidance report, including management’s response to findings letter as well as the related Corrective Action Plan, as this subrecipient’s uniform guidance report noted a material weakness. E. The Annual Report on Households Assisted by LIHEAP contains data that is specific to benefits paid to eligible participants. The data that is used to compile the annual report is obtained from case data that is reported to the New Hampshire Department of Energy (the Department) from its subrecipients as the Department has entered into grant agreements with third parties who are responsible for the eligibility determination and benefit payment process. As part of our subrecipient monitoring testwork, we were unable to verify that the Department had performed any monitoring procedures over the data provided by each subrecipient to ensure that the data reported within the annual report was complete and accurate. Cause The cause of the condition found was primarily due to insufficient documented subrecipient policies and procedures to ensure that adequate monitoring is performed over subrecipients to align with the risk assessments performed. The monitoring procedures that are in place do not include the completeness and accuracy of the data submitted by the subrecipient utilized to compile federal reports. Further, the Department does not have sufficient internal controls and procedures to ensure results of monitoring visits are performed and results communicated timely to subrecipient or to ensure that subrecipient uniform guidance reports are obtained and reviewed timely. In addition, there are insufficient internal controls in place to review the grant agreements to ensure that all required data elements are communicated to the subrecipient in accordance with 2 CFR section 300.332(b). Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(a), section 200.332(b) and 2 CFR section 200.521. Questioned Costs None. Recommendation We recommend that the Department formalize, policies and procedures and implement the necessary internal controls to ensure that the Department complies with the provisions of 2 CFR section 200.332(a), 2 CFR section 200.332(b) and 2 CFR section 200.251. This would include ensuring that: 1. All required award information is communicated to subrecipients; 2. As a result of the risk assessment performed, monitoring activities are performed over subrecipients to ensure compliance with the terms and conditions of its subrecipient grant agreement. The results of all monitoring reviews should be timely communicated in accordance with the Department’s policies to the subrecipient and actions requiring corrective action plan should be followed up on to ensure that the matter is resolved; and 3. Ensure that all uniform guidance reports are collected and reviewed timely so that a management decision letter can be issued within the time period required by federal regulations. Retain evidence of Department review of uniform guidance reports and management letters issued as a result of their review. View of Responsible Officials: Management partially concurs with the finding above Rejoinder As it relates to Bullet C above, for 3 of 3 subrecipients selected for testwork, the Department did not complete its annual fiscal monitoring review during the audit period as required by their monitoring policy
Finding Reference Number: 2023-017 NH Department of Health and Human Services Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) and COVID-19 Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) Federal Award Numbers: 1B08Ti084659-01, 1B08TI085821-01 Federal Award Year: 2022, 2023 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $7,720,172 of federal funding to subrecipients. As part of our testing related subrecipient monitoring, we identified the following: A. The Department provided the most recent risk assessment performed for each of the 7 subrecipients selected for testwork. Per review of the risk assessments provided, we identified the following: 1. For 5 of the subrecipients, the risk assessment indicated that the subrecipients expenditure detail should be examined monthly to ensure compliance with contract requirements and applicable laws and rules. We were unable to determine if this procedure had been performed as part of the Department’s subrecipient monitoring process. 2. For the remaining 2 subrecipients the recommended monitoring procedures was left blank on the risk assessment and as such we are unable to verify what type of monitoring procedures should have been performed. B. The Department’s during the award monitoring for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified that for 2 of 7 subrecipients selected for testwork, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department review its existing policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials Management partially concurs with the finding above. Rejoinder As it relates to Bullet A above, we were not able to obtain documentation to support that the suggested procedures outlined within the risk assessment was performed. As it relates to Bullet B above, for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement.
Finding Reference Number: 2023-017 NH Department of Health and Human Services Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) and COVID-19 Substance Abuse Prevention and Treatment Block Grant (ALN #93.959) Federal Award Numbers: 1B08Ti084659-01, 1B08TI085821-01 Federal Award Year: 2022, 2023 U.S. Department of Health and Human Services Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 2. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award Condition During the year ended June 30, 2023, the New Hampshire Department of Health and Human Services (the Department) passed through $7,720,172 of federal funding to subrecipients. As part of our testing related subrecipient monitoring, we identified the following: A. The Department provided the most recent risk assessment performed for each of the 7 subrecipients selected for testwork. Per review of the risk assessments provided, we identified the following: 1. For 5 of the subrecipients, the risk assessment indicated that the subrecipients expenditure detail should be examined monthly to ensure compliance with contract requirements and applicable laws and rules. We were unable to determine if this procedure had been performed as part of the Department’s subrecipient monitoring process. 2. For the remaining 2 subrecipients the recommended monitoring procedures was left blank on the risk assessment and as such we are unable to verify what type of monitoring procedures should have been performed. B. The Department’s during the award monitoring for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement. C. During our review over the Department’s review over the subrecipients Uniform Guidance reports, we identified that for 2 of 7 subrecipients selected for testwork, the subrecipients uniform guidance audit was not issued within 9 months of the subrecipients year end. We were unable to obtain any correspondence between the Department or the subrecipient to inquire about the uniform guidance report or when it would be issued. Upon receipt of the report, the Department did issue a management decision letter upon receipt of the report. Cause The cause of the condition found was primarily due to a lack of formal policies and internal controls to ensure that all required subrecipient monitoring compliance procedures are being performed by the Department. Effect The effect of the condition found is that the Department did not comply with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). Questioned Costs None. Recommendation We recommend the Department review its existing policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(b), 2 CFR sections 200.332(d) through (f), and 2 CFR section 200.501(h). This would ensure that the risk assessment is routinely updated for multiyear grants and that the prescribed monitoring procedures take into consideration any additional monitoring procedures that might need to be performed, such as a desk review or on-site visit, if the program is not audited as part of the subrecipient’s uniform guidance audit. In addition, policies and procedures should be established to ensure that if the risk assessment has suggested a particular monitoring procedure be performed, that the Department is adequately documenting its monitoring procedures to ensure that it has performed the required procedures. View of Responsible Officials Management partially concurs with the finding above. Rejoinder As it relates to Bullet A above, we were not able to obtain documentation to support that the suggested procedures outlined within the risk assessment was performed. As it relates to Bullet B above, for of the 4 of the 7 subrecipients selected for testwork consisted of the review and approval of subrecipient invoices. Per review of the invoices, the invoice contained a summary of costs incurred by the subrecipient by category of expense that it was seeking reimbursement for. It was evident through the invoice review that the Department often followed up on inconsistencies on hours worked with the subrecipient to help ensure the accuracy of the invoice reviewed. While this detailed review was performed, the Department did not perform any other monitoring procedures related to these 4 subrecipients to ensure the accuracy of the request made by the subrecipient through either a desk review or an on-site monitoring visit. As such, it is unclear if the monitoring performed was sufficient to ensure that the subrecipient was complying with the terms and conditions of its subrecipient grant agreement.
Finding Reference Number: 2023-023 NH Department of Safety Disaster Grants – Public Assistance (Presidentially Declared Disasters) and COVID-19 Public Assistance (Presidentially Declared Disasters) (Assistance Listing #97.036) Federal Award Numbers: FEMA-4622-DR-NH, FEMA-4624-DR-NH, FEMA-4457-DR-NH, FEMA-4370-DR, FEMA-4693-DR, FEMA-4355-DR, FEMA-4329-DR, FEMA-4516-DR-NH Federal Award Year: July 17-19, 2021, July 29-30, 2021, July 11-12, 2019, March 2-8, 2018, December 22-December 25, 2022, October 29-November 1, 2017, July 1-2, 2017, January 20, 2020 U.S. Department of Homeland Security Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Identify the Award and Applicable Requirements – Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). 2. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 3. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition As part of the Disaster Grants - Public Assistance program (DGPA), the New Hampshire Department of Safety - Homeland Security and Emergency Management (the Department) enters into grant agreements with local municipalities to provide reimbursement for expenditures incurred as a result of New Hampshire declared disasters. During the year ended June 30, 2023, $27,041,873 was passed through to 85 subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following: A. The Department communicates award information to subrecipients through the approved agreement. Per review of the agreement, for each of the 27 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332(a). Specifically, the following elements were not communicated: - Subrecipient unique entity identifier (not communicated for 19/27); - Federal Award Identification Number (FAIN) (not communicated for 27/27); - Identification of whether the award is R&D (not communicated for 27/27); and - Indirect cost rate for the federal award (including if the de minimis rate is charged) (not communicated for 27/27) B. The Department evaluated the subrecipient risk of noncompliance through a risk assessment for each of the 13 subrecipients selected for testwork. However, there was no formal risk assessment policy in place that indicated how frequently risk assessments should be performed. As a result, 5 subrecipients did not have risk assessments performed during the current year for purposes of determining the appropriate subrecipient monitoring response. These prior fiscal year(s) risk assessments were performed as of the following dates: September 2019, October and December 2021, May and June 2022. C. For each of the 13 subrecipients selected for testwork, the Department did not perform any during the award monitoring. D. During our testwork over the Department’s review of subrecipient uniform guidance reports, we noted there were no UG report review policies and procedures in place. For the 13 subrecipients selected for testwork, 6 subrecipients were identified in which the Department did not review the most recent uniform guidance report issued. Specifically, we noted: • For 5 of 13 subrecipients, the subrecipient’s uniform guidance was not reviewed due to updated risk assessments not being performed in the current year (refer to item 2 above) • For 1 of 13 subrecipients, the current year risk assessment was performed prior to the receipt of the subrecipient’s uniform guidance report and management did not go back to review the report Cause The cause of the condition found was primarily due to the Department not performing their sub monitoring internal controls in accordance with written formal policies and procedures. Questioned Costs None. Recommendation We recommend that the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(a-h) and 2 CFR section 200.501(h). View of Responsible Officials: Management concurs with the finding above.
Finding Reference Number: 2023-023 NH Department of Safety Disaster Grants – Public Assistance (Presidentially Declared Disasters) and COVID-19 Public Assistance (Presidentially Declared Disasters) (Assistance Listing #97.036) Federal Award Numbers: FEMA-4622-DR-NH, FEMA-4624-DR-NH, FEMA-4457-DR-NH, FEMA-4370-DR, FEMA-4693-DR, FEMA-4355-DR, FEMA-4329-DR, FEMA-4516-DR-NH Federal Award Year: July 17-19, 2021, July 29-30, 2021, July 11-12, 2019, March 2-8, 2018, December 22-December 25, 2022, October 29-November 1, 2017, July 1-2, 2017, January 20, 2020 U.S. Department of Homeland Security Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness and Material Noncompliance Prior Year Finding: None Statistically Valid Sample: No Criteria A pass-through entity (PTE) must: 1. Identify the Award and Applicable Requirements – Clearly identify to the subrecipient: (1) the award as a subaward at the time of subaward (or subsequent subaward modification) by providing the information described in 2 CFR section 200.332(a)(1); (2) all requirements imposed by the PTE on the subrecipient so that the federal award is used in accordance with federal statutes, regulations, and the terms and conditions of the award (2 CFR section 200.332(a)(2)); and (3) any additional requirements that the PTE imposes on the subrecipient in order for the PTE to meet its own responsibility for the federal award (e.g., financial, performance, and special reports) (2 CFR section 200.332(a)(3)). 2. Evaluate Risk – Evaluate each subrecipient’s risk of noncompliance for purposes of determining the appropriate subrecipient monitoring related to the subaward (2 CFR section 200.332(b)). 3. Monitor – Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: a. Reviewing financial and programmatic (performance and special reports) required by the PTE. b. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. c. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Additionally, 45 CFR section 75 303(a) states the non Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Condition As part of the Disaster Grants - Public Assistance program (DGPA), the New Hampshire Department of Safety - Homeland Security and Emergency Management (the Department) enters into grant agreements with local municipalities to provide reimbursement for expenditures incurred as a result of New Hampshire declared disasters. During the year ended June 30, 2023, $27,041,873 was passed through to 85 subrecipients. As part of our testwork over the subrecipient monitoring process, we noted the following: A. The Department communicates award information to subrecipients through the approved agreement. Per review of the agreement, for each of the 27 subrecipients selected for testwork, the Department did not communicate all the required award information as outlined in 2 CFR section 200.332(a). Specifically, the following elements were not communicated: - Subrecipient unique entity identifier (not communicated for 19/27); - Federal Award Identification Number (FAIN) (not communicated for 27/27); - Identification of whether the award is R&D (not communicated for 27/27); and - Indirect cost rate for the federal award (including if the de minimis rate is charged) (not communicated for 27/27) B. The Department evaluated the subrecipient risk of noncompliance through a risk assessment for each of the 13 subrecipients selected for testwork. However, there was no formal risk assessment policy in place that indicated how frequently risk assessments should be performed. As a result, 5 subrecipients did not have risk assessments performed during the current year for purposes of determining the appropriate subrecipient monitoring response. These prior fiscal year(s) risk assessments were performed as of the following dates: September 2019, October and December 2021, May and June 2022. C. For each of the 13 subrecipients selected for testwork, the Department did not perform any during the award monitoring. D. During our testwork over the Department’s review of subrecipient uniform guidance reports, we noted there were no UG report review policies and procedures in place. For the 13 subrecipients selected for testwork, 6 subrecipients were identified in which the Department did not review the most recent uniform guidance report issued. Specifically, we noted: • For 5 of 13 subrecipients, the subrecipient’s uniform guidance was not reviewed due to updated risk assessments not being performed in the current year (refer to item 2 above) • For 1 of 13 subrecipients, the current year risk assessment was performed prior to the receipt of the subrecipient’s uniform guidance report and management did not go back to review the report Cause The cause of the condition found was primarily due to the Department not performing their sub monitoring internal controls in accordance with written formal policies and procedures. Questioned Costs None. Recommendation We recommend that the Department develop policies and procedures and implement internal controls to ensure that the Department complies with 2 CFR section 200.332(a-h) and 2 CFR section 200.501(h). View of Responsible Officials: Management concurs with the finding above.
Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds Federal Catalog Number: 21.027 Federal Agency: U.S. Department of Treasury Category of Finding: Subrecipient Monitoring Criteria: Pursuant to the Office of Management and Budget (OMB) 2 CFR Part 200, Appendix XI, Compliance Supplement May 2023, sections 3-M-1 and 3-M-2: "A pass-through entity (PTE) must: Monitor - Monitor the activites of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals (2 CFR sections 200.332(d) through (f)). In addition to procedures identified as necessary based upon the evaluation of subrecipient risk or specifically required by the terms and conditions of the award, subaward monitoring must include the following: 1. Reviewing financial and programmatic (performance and special reports) required by the PTE. 2. Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the federal award provided to the subrecipient from the PTE detected through audits, on-site reviews, and other means. 3. Issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. Condition: The City does not have a current written policy for subrecipient monitoring conforming to applicable Federal statutes per 2 CFR part 200, Appendix XI, Compliance Supplement May 2023, sections 3-M-1 and 3-M2. 1 of 3 invoices selected for testing did not have department head review and approval to ensure that subrecipient reimbursement request comply with the CSLFRF allowable costs. Cause: Lack of formal policies and procedures over federal requirement for subrecipient monitoring. Effect or Potential Effect: City may be sending funds to subrecipients for activities and services that are nonconforming to allowed costs under the Uniform Guidance. Questioned Cost: None Context: During the audit, we found one instance of subrecipient reimbursement that lacked evidence of review and approval. Statistical Sampling Validity: Non-statistical sampling was performed in relation to this finding. Repeat of a Prior-Year Finding: No Recommendation: We recommend the City establish an official written policy for subrecipient monitoring that is in line with the requirements of the Uniform Guidance. The policy should contain components for compliance with and references to Federal requirements, such as review of reports requested from the subrecipient regarding project status, reviewing invoices to ensure spending is limited to expenses involving approved projects, and proper approval procedures key personnel perform to ensure these invoices are valid. Management Response and Corrective Action Plan City's Response: The City concurs with the finding. Corrective Action Plan: The City will establish an official written policy for subrecipient monitoring that is in line with the requirements of the Uniform Guidance. Planned Implementation Date: December 2024 Responsible Person: Finance & Community Development Departments
Assistance Listings numbers and names: 14.231 Emergency Solutions Grant Program 14.231 COVID-19 - Emergency Solutions Grant Program Award numbers and years: E-20-DW-04-001, July 1, 2020 through September 30, 2022; E-21-DC-04-001, July 1, 2021 through September 30, 2023 Federal agency: U.S. Department of Housing and Urban Development Questioned costs: $1,820 Assistance Listings numbers and names: 93.558 Temporary Assistance for Needy Families 93.558 COVID-19 - Temporary Assistance for Needy Families Award numbers and years: 2201AZTANF, October 1, 2021 through September 30, 2022; 2301AZTANF, October 1, 2022 through September 30, 2023 Federal agency: U.S. Department of Health and Human Services Questioned costs: $10,330 Compliance requirement: Subrecipient monitoring Total questioned costs: $12,150 Condition—Contrary to federal regulations and its federal award terms, the Department of Economic Security (DES) reimbursed 1 nonprofit organization subrecipient for federal program costs totaling $12,150 during fiscal year 2023 that were unsupported, unallowable, and/or paid to the nonprofit organization’s principal officers or their immediate family member in violation of conflict-of-interest disclosure requirements. Specifically, we reviewed 14 reimbursements that included Emergency Solutions Grant Program (ESG) and Temporary Assistance for Needy Family (TANF) program costs totaling $26,120 and $65,730 for the year, respectively, and found that DES reimbursed the subrecipient: • $4,733 for financial and accounting services that were paid to 1 of the nonprofit organization’s principal officers, who served as the Treasurer, and their company, which was not disclosed as a conflict of interest to DES as required by DES’ contract with the subrecipient and federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, DES did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements ($112 for ESG and $4,621 for TANF). • $7,417 for bookkeeping services that were not adequately supported by sufficiently detailed invoices and a signed, written contract having a specified price rate for the services and terms; therefore, we were unable to verify if the amounts paid were appropriate. Further, DES reimbursed the subrecipient for payments made to the Treasurer’s family member, whose bookkeeping services company was not disclosed as a conflict of interest to DES as required by federal regulations. Also, the subrecipient allocated these costs to other federal programs and nonfederal activities; however, DES did not verify that the allocation method the subrecipient used was reasonable or that the costs, as allocated, were allowed by the program’s requirements ($1,708 for ESG and $5,709 for TANF). Additionally, contrary to federal regulations, DES had not ensured that the subrecipient implemented competitive purchasing procedures when procuring the professional services described above, and the subrecipient was unable to provide documentation that it had competitively procured the services. ESG was not audited as a major federal program for the State’s fiscal year 2023 single audit; therefore, the scope of our review was not sufficient to determine whether DES or its subrecipients complied with all applicable federal requirements for this program. We audited the TANF program as a major federal program for the State’s fiscal year 2023 single audit, and we performed follow-up procedures to the review that we conducted during fiscal year 2022. During the audit, we became aware of the potentially noncompliant 14 reimbursements involving 1 of DES’ nonprofit subrecipients with which it partnered to carry out federal and State programs, including the Continuum of Care Program (Assistance Listings number 14.267), ESG, and TANF, which was audited as a major federal program for fiscal year 2023, as well as the State Housing Trust Fund. Our review of select reimbursements to this subrecipient resulted in similar findings for the federal Continuum of Care Program and the State Housing Trust Fund that are described in findings 2023-116 and 2023-06, respectively. Effect—DES’ reimbursing a nonprofit organization subrecipient for $12,150 of unallowable or unsupported costs and/or costs paid to the nonprofit organization’s principal officer or their immediate family member in violation of conflict-of-interest disclosure requirements resulted in those monies being unavailable to be spent for their intended purpose of providing housing assistance to those in need. Consequently, DES may be required to return these monies to the federal agencies in accordance with federal requirements.1 Cause—Although DES’ subrecipient monitoring policies and procedures did not require it to obtain from subrecipients documentation supporting charges for personal and contracted professional services to verify allowability when subrecipients requested reimbursement, the policies and procedures required an on-site monitoring visit once every 3 years for each subrecipient in which it reviews a sample of the subrecipient’s personal and professional services charges. However, DES had not performed an on-site monitoring visit of the nonprofit subrecipient since 2018 because it had not yet resumed all its subrecipient-monitoring activities, such as conducting on-site reviews and providing training and technical assistance, since suspending these activities during the COVID-19 pandemic during fiscal year 2020. In addition, DES had not properly assessed the subrecipient’s risk of noncompliance with its award contract and program requirements to determine the level of monitoring procedures it should put in place or training the subrecipient needed. For example, DES was unaware that the subrecipient had not informed it of a principal officer’s conflicts of interest so that it could ensure that the principal officer and their immediate family member were not involved in decision-making related to those conflicts and selectively reviewed the related costs and activities for compliance purposes. Criteria—Federal regulations require DES to monitor subrecipients and include required procedures for assessing the risk of each subrecipient’s noncompliance and implementing appropriate monitoring procedures to address those risk assessments; verifying single audits were conducted timely, if required; reviewing financial and performance reports; following up on and ensuring corrective action is taken on deficiencies that could potentially affect the program; and issuing management decisions on the results of audit findings or monitoring.2 Federal regulations provide that monitoring procedures DES may implement to address a subrecipient’s risk assessment include providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs.2 In addition, federal regulations require DES’ subrecipients to allocate allowable costs using a reasonable basis, to use competitive purchasing standards when procuring goods and services, and to disclose in writing to DES any potential conflicts of interest.3 Finally, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303 and 45 CFR §75.303). Recommendations—DES should: 1. Immediately stop reimbursing the nonprofit subrecipient for costs that are unsupported, unallowable, and/or paid to the nonprofit subrecipient’s principal officer or their immediate family member in violation of federal regulations and take appropriate enforcement actions in accordance with its subaward contract. 2. Update its written policies and procedures for reviewing and approving subrecipient reimbursement requests to include a process to ensure costs are adequately supported, allowable in accordance with program requirements, and approved by the appropriate level of management. 3. Train personnel responsible for reviewing and approving subrecipient reimbursement requests on how to identify costs that are unallowable under federal regulations. 4. Assess the risk of each subrecipient’s noncompliance and perform the appropriate monitoring procedures based on the assessed risk, such as providing training or technical assistance on program-related matters and performing on-site reviews and selective audits of reimbursed costs for allowability. 5. Ensure subrecipients allocate allowable costs using a reasonable basis, use competitive purchasing standards when procuring goods and services, and disclose in writing to DES any potential conflicts of interest. DES may need to provide training and technical assistance to subrecipients that address these compliance areas, including DES obtaining conflict-of-interest disclosures from subrecipients as part of the subaward contract, as an example, or otherwise establishing a communication mechanism for subrecipients to use as such conflicts arise. 6. Continue to work with the nonprofit subrecipient to resolve the $12,150 of unallowable costs, including recovering these monies from the subrecipient and assessing the continued need to use this subrecipient for services. 7. Work with the federal agencies to resolve the $12,150 of unallowable costs that it reimbursed, which may involve returning monies to the agencies. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. This finding is similar to prior-year findings 2022-114 (TANF) and 2022-115 (ESG) and was initially reported in fiscal year 2022. 1 Federal Uniform Guidance and U.S. Health and Human Services audit requirements require federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient takes appropriate and timely corrective action (2 CFR §200.513[c] and 45 CFR §75.513[c]). Further, they require that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521 and 45 CFR §75.521). 2 The applicable federal requirements related to subrecipient monitoring can be found in the Code of Federal Regulations at 2 CFR §§200.332, .339, and .521 and 45 CFR §§75.352, .371, and .521. 3 The applicable federal requirements related to allowable costs, competitive purchasing, and conflicts of interest can be found in the Code of Federal Regulations at 2 CFR §§200.112, .318-.327, and Subpart E; 24 CFR §578.95; and 45 CFR §§75.112, .326-.335, and Subpart E.