Finding 1162183 (2024-002)

Finding 2024-002: Subrecipient Risk Assessment and Monitoring Federal Program: 19.345 Criteria: As stated in 2 CFR 200.331 part (b), all pass-through entities must evaluate each subrecipient’s risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the sub-award for purposes of determining the appropriate sub-recipient monitoring procedures to prescribe to each individual sub-recipient (i.e. pre-award risk assessment procedures). Condition: We noted certain subrecipients did not have current risk assessments on file. The subrecipients were long standing partners of Invisible Children. In addition, Invisible Children did not have a procedure in place to document whether the subrecipients were subject to audit under Uniform Guidance each year (based on the threshold of U.S. Federal funding incurred). Cause: Invisible Children has conducted risk assessments when originally engaging with the subrecipients, but were not reviewing and updating the assessments on a routine basis, or when new agreements were signed. This was not required by their policy. Effect: The Organization could inadvertently engage in relationships with sub-recipients of higher risk without the appropriate level of oversight (monitoring) to ensure that subrecipients are expending funds in accordance with the provisions and terms of the subaward. Questioned Costs: None noted Context: Under the Uniform Guidance (2 CFR Part 200), Federal awarding agencies and passthrough entities are required to evaluate the risk of subrecipients and ensure compliance with audit requirements. Specifically, subrecipients that expend $750,000 or more in Federal awards during a fiscal year are subject to a Single Audit or program-specific audit. Pass-through entities must have documented procedures to annually assess which subrecipients meet this threshold and ensure that appropriate risk assessments and audit follow-ups are completed. In this case, Invisible Children has longstanding relationships with its subrecipients but lacks a formal procedure to document annual risk assessments and to verify whether subrecipients meet the audit threshold, which creates a risk of noncompliance with Federal requirements. Identification as a Repeat Finding, if Applicable: Not applicable Recommendation: We recommend that the Organization update their policies to ensure that they comply with Uniform Guidance requirements regarding pre-award risk assessments as well as document annually whether the subrecipient was required to obtain an audit in accordance with the standards. If applicable, the Organization is to verify that the subrecipient is audited and review the results of the audit with respect to its funding.