Finding Text
Finding No. 2024-002 – Subrecipient Monitoring | Identification of the Program: | Program Name: Research and Development Cluster: Basic Scientific Research, Department of Defense Awarding Office, 12.431; NSF Technology, Innovation and Partnerships, National Science Foundation, 47.084 | Criteria or Specific Requirements (Including Statutory, Regulatory, or Other Citations): 2 CFR 200.303 requires that a non-Federal entity must “(a) establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States and the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).” According to page 3-M-1 of the 2024 OMB Compliance Supplement, management is responsible for monitoring activities designed to evaluate subrecipient risk as required by the terms and conditions of the award. Such activities include: reviewing financial reports; following up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies detected through audits, on-site reviews, and other; issuing a management decision for audit findings pertaining to the federal award provided to the subrecipient from the PTE as required by 2 CFR section 200.521. | Section III— Federal Award Findings and Questioned Costs (continued) | Condition: During our testing of 2024 subrecipient monitoring activities, we selected five subrecipients for testing noting that there was no evidence of management’s evaluation of each subrecipient or management’s review of the specific monitoring procedures performed. Through inquiry, management acknowledged that they complete an evaluation form for each subrecipient prior to contracting with the subrecipient although an evaluation of the risk of the subrecipient is not included on the form. Management also informed us that they review all expenditures and related supporting documentation provided by the subrecipient prior to paying their invoices, although evidence of performing such a review is not documented. | Cause: Internal controls over the review and approval of the subrecipient monitoring were not effective. | Effect or Potential Effect: This could result in granting subawards to and paying subrecipients who are of higher risk for compliance and/or subrecipients who have not been properly monitored to ensure they are complying with the grant terms. | Questioned Costs: None. | Context: As the sample size is small, we selected 5 subrecipients for testing out of a total of 5 subrecipients. | Identification as a Repeat Finding: N/A – This is a first year Uniform Guidance audit.