Finding Text
Finding Number: 2024-009
Program: Coronavirus State and Local Fiscal Recovery Funds
ALN #: 21.027
Pass-through Entity: N/A- Direct Award
Federal Agency: U.S. Department of Treasury
Federal Award Year: July 1, 2023–June 30, 2024
Compliance Requirement: Subrecipient Monitoring
Type of finding: Material weakness and material noncompliance
Criteria
The 2 CFR sections 200.332(d) through (f) provide the principles to be applied to monitor the activities of
the subrecipient as necessary to ensure that the subaward is used for authorized purposes, complies with
the terms and conditions of the subaward, and achieves performance goals.
According to 2 CFR 200.303, the non-federal entity must establish and maintain effective internal control
over the federal award that provides reasonable assurance that the nonfederal entity is managing the
federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal
award. These internal controls should be in compliance with guidance in “Standards for Internal Control in
the Federal Government” issued by the Comptroller General of the United States or the “Internal Control
Integrated Framework,” issued by the Committee of Sponsoring Organizations of the Treadway
Commission (COSO).
Condition
The City does not have properly designed controls and documented procedures in place to ensure
compliance with the following requirements:
• Each subrecipients risk of noncompliance is appropriately evaluated.
• Verification that subrecipients are audited as required when they are expected to exceed the threshold
for having a single audit.
• All required elements of the subrecipient contracts are included during execution.
Cause
The City’s lack of effective internal controls and written policies and procedures have caused the following
Proper perspective
During the audit, we noted that eight of the nine subrecipient selections did not contain all the required
elements of the contract. Additionally, nine of the nine selections completed a risk assessment
questionnaire. However, there is no indication that the City reviewed the questionnaires and subsequently
concluded on the subrecipient’s risk of noncompliance. We also noted that audited financial statements
were obtained for the three subrecipients that required a single audit, but there was no documentation to
evidence the nature and extent of the City’s review of the audit reports obtained. Therefore, we were
unable to determine if, based on the subrecipient’s risk assessment questionnaire and single audit report, if
additional monitoring procedures were required
Possible asserted effect
Lack of effective controls and written policies and procedures over subrecipient monitoring could result in
the City’s noncompliance with program requirements.
Questioned costs
None
Statistical sampling
The sample was not intended to be, and was not, a statistically valid sample.
Repeat Finding
Yes, 2023-009
Recommendation
We recommend the City establish a checklist or formal documentation requirements for both risk
assessments and review of single audit report procedures. Employees can complete these checklists when
obtaining and reviewing the documentation. The City should then conclude on and document the
subrecipient’s risk of noncompliance based on the checklist to ensure the proper level of monitoring occurs
throughout the year.
Views of responsible officials and corrective actions
The City has implemented additional controls over subrecipient monitoring by establishing a formal policy
to review and document subrecipient qualifications, risk assessments and financial reports and have
created subsequent monitoring plans and checklists.
noncompliance and control exceptions.