FAC Explorer

Finding 1168080 (2023-004)

Material Weakness Repeat Finding
Requirement
M
Questioned Costs
-
Year
2023
Accepted
2026-01-07
Audit: 379802
Organization: NEW YORK CITY FOUNDATION FOR COMPUTER SCIENCE EDUCATION, INC. (NY)
Auditor: SAX LLP

AI Summary

  • Core Issue: The Organization lacks proper documentation and procedures for monitoring subrecipients, leading to potential noncompliance with federal requirements.
  • Impacted Requirements: Key criteria from 2 CFR 200.331–200.332, including risk assessments, audit reviews, and documentation of monitoring activities, were not met.
  • Recommended Follow-Up: Establish formal subrecipient monitoring policies, conduct risk assessments, review Single Audit reports, and maintain centralized documentation of all monitoring activities.

Finding Text

2023-004 – Subrecipient Monitoring Program: ALN# 47.070 = Computer and Information Science and Engineering Grant #: 2216614, 2122756, Grant Period: Year Ended December 31, 2023 Government Agency: National Science Foundation Criteria: Per 2 CFR 200.331–200.332, pass-through entities must: • Evaluate each subrecipient’s risk of noncompliance to determine appropriate monitoring. • Monitor subrecipient activities to ensure compliance with Federal statutes, regulations, and program requirements, including reviewing financial and performance reports. • Verify subrecipients have audits as required under Subpart F. • Issue management decisions on subrecipient audit findings. • Maintain documentation of monitoring activities. Condition: During our testing of subrecipient monitoring, we noted that the Organization did not document required monitoring procedures for the subrecipients selected for testing. Specifically: • No documented risk assessments were performed prior to awarding funds. • The Organization did not obtain or review subrecipient Single Audit reports or written assurances of audit compliance. • Subrecipient agreements did not consistently include all required elements under 2 CFR 200.332(a). Informal monitoring was performed, but not to the level required by the Uniform Guidance. Cause: The Organization does not have adequate internal controls or documented procedures to ensure all required subrecipient monitoring tasks are consistently completed and retained. Personnel indicated that monitoring controls are informal and not centralized. Effect: Failure to perform required subrecipient monitoring increases the risk that Federal funds may be misused, unallowable, or spent in violation of program requirements without detection. Questioned Costs: No questioned costs identified. Context: This sample was not intended to be, and was not, a statistically valid sample. Repeat Finding: No Recommendation: We recommend that the Organization: • Develop and implement formalized subrecipient monitoring policies and procedures aligned with 2 CFR 200.332. • Perform and document risk assessments for all subrecipients. • Obtain and review Single Audit reports, as applicable, and issue written management decisions. • Conduct and document ongoing monitoring activities (e.g., financial/performance report reviews, site visits). • Maintain complete monitoring documentation in a centralized and accessible location. Views of Responsible Officials: See management corrective action plan attached.

Corrective Action Plan

Response to finding 2023-004 – Subrecipient Monitoring Views of Responsible Officials: CSforALL management agrees with the conditions identified by SAX Advisory Group, including the noted causes and resulting effects under 2023-004. Due to the organizational pause at the end of 2024 and the transition period throughout 2025, the Organization had limited capacity to maintain formalized subrecipient monitoring procedures aligned with 2 CFR 200.332. As CSforALL prepares for the 2026 rebuilding phase, management is establishing structured policies and procedures to ensure full compliance with federal subrecipient monitoring requirements. Corrective Action taken in 2025: During 2025, the Operations Manager ensured that all subrecipients associated with the current Alliance grant have signed or will sign formal Statements of Work with explicit deliverables and expectations required for payment. External parties without a Statement of Work are now required to submit proper documentation, invoicing, and proof of deliverables before any funds are released. No payments have been made to participants under the FY 2025 Alliance grant to date, as CSforALL is ensuring that all required policies and procedures are in place prior to both drawing down and paying out funds. Weekly and quarterly meetings have been established with external partners responsible for deliverables to confirm timelines, verify progress, and ensure alignment with payment expectations. Corrective Action Planned for 2026: Beginning in 2026, CSforALL will formalize subrecipient monitoring policies aligned with 2 CFR 200.332, including risk assessments for all subrecipients, review and documentation of Single Audit reports where applicable, issuance of management decisions, and structured ongoing monitoring activities. All monitoring documentation will be maintained in a centralized, accessible system to ensure consistent compliance throughout the 2026 operating year and beyond.

Categories

Subrecipient Monitoring

Other Findings in this Audit

  • 1168078 2023-002
    Material Weakness Repeat
  • 1168079 2023-003
    Material Weakness Repeat
  • 1168081 2023-005
    Material Weakness Repeat

Programs in Audit

ALN Program Name Expenditures
47.070 COMPUTER AND INFORMATION SCIENCE AND ENGINEERING $1.09M
47.076 STEM EDUCATION (FORMERLY EDUCATION AND HUMAN RESOURCES) $270,635