FAC Explorer

Finding 1168083 (2024-003)

Material Weakness Repeat Finding
Requirement
M
Questioned Costs
-
Year
2024
Accepted
2026-01-07
Audit: 379803
Organization: NEW YORK CITY FOUNDATION FOR COMPUTER SCIENCE EDUCATION, INC. (NY)
Auditor: SAX LLP

AI Summary

  • Core Issue: The Organization failed to document required monitoring procedures for subrecipients, including risk assessments and audit reviews.
  • Impacted Requirements: Noncompliance with 2 CFR 200.331–200.332 increases the risk of misuse of Federal funds.
  • Recommended Follow-Up: Implement formal monitoring policies, conduct risk assessments, review Single Audit reports, and maintain centralized documentation.

Finding Text

2024-003 – Subrecipient Monitoring Program: ALN# 47.070 = Computer and Information Science and Engineering Grant #: 2216614, 2122756, Grant Period: Year Ended December 31, 2024 Government Agency: National Science Foundation Criteria: Per 2 CFR 200.331–200.332, pass-through entities must: • Evaluate each subrecipient’s risk of noncompliance to determine appropriate monitoring. • Monitor subrecipient activities to ensure compliance with Federal statutes, regulations, and program requirements, including reviewing financial and performance reports. • Verify subrecipients have audits as required under Subpart F. • Issue management decisions on subrecipient audit findings. • Maintain documentation of monitoring activities. Condition: During our testing of subrecipient monitoring, we noted that the Organization did not document required monitoring procedures for the subrecipients selected for testing. Specifically: • No documented risk assessments were performed prior to awarding funds. • The Organization did not obtain or review subrecipient Single Audit reports or written assurances of audit compliance. • Subrecipient agreements did not consistently include all required elements under 2 CFR 200.332(a). Informal monitoring was performed, but not to the level required by the Uniform Guidance. Cause: The Organization does not have adequate internal controls or documented procedures to ensure all required subrecipient monitoring tasks are consistently completed and retained. Personnel indicated that monitoring controls are informal and not centralized. Effect: Failure to perform required subrecipient monitoring increases the risk that Federal funds may be misused, unallowable, or spent in violation of program requirements without detection. Questioned Costs: No questioned costs identified. Context: This sample was not intended to be, and was not, a statistically valid sample. Repeat Finding: Yes Recommendation: We recommend that the Organization: • Develop and implement formalized subrecipient monitoring policies and procedures aligned with 2 CFR 200.332. • Perform and document risk assessments for all subrecipients. • Obtain and review Single Audit reports, as applicable, and issue written management decisions. • Conduct and document ongoing monitoring activities (e.g., financial/performance report reviews, site visits). • Maintain complete monitoring documentation in a centralized and accessible location. Views of Responsible Officials: See management corrective action plan attached.

Corrective Action Plan

Response to finding 2024-003 – Subrecipient Monitoring Views of Responsible Officials: CSforALL management agrees with the conditions identified by SAX Advisory Group, including the noted causes and resulting effects under 2024-003. Due to the organizational pause at the end of 2024 and the transition period throughout 2025, the Organization had limited capacity to maintain formalized subrecipient monitoring procedures aligned with 2 CFR 200.332. As CSforALL prepares for the 2026 rebuilding phase, management is establishing structured policies and procedures to ensure full compliance with federal subrecipient monitoring requirements. Corrective Action taken in 2025: During 2025, the Operations Manager ensured that all subrecipients associated with the current Alliance grant have signed or will sign formal Statements of Work with explicit deliverables and expectations required for payment. External parties without a Statement of Work are now required to submit proper documentation, invoicing, and proof of deliverables before any funds are released. No payments have been made to participants under the FY 2025 Alliance grant to date, as CSforALL is ensuring that all required policies and procedures are in place prior to both drawing down and paying out funds. Weekly and quarterly meetings have been established with external partners responsible for deliverables to confirm timelines, verify progress, and ensure alignment with payment expectations. Corrective Action Planned for 2026: Beginning in 2026, CSforALL will formalize subrecipient monitoring policies aligned with 2 CFR 200.332, including risk assessments for all subrecipients, review and documentation of Single Audit reports where applicable, issuance of management decisions, and structured ongoing monitoring activities. All monitoring documentation will be maintained in a centralized, accessible system to ensure consistent compliance throughout the 2026 operating year and beyond.

Categories

Subrecipient Monitoring

Other Findings in this Audit

  • 1168082 2024-002
    Material Weakness Repeat
  • 1168084 2024-004
    Material Weakness Repeat

Programs in Audit

ALN Program Name Expenditures
47.070 COMPUTER AND INFORMATION SCIENCE AND ENGINEERING $1.62M
47.076 STEM EDUCATION (FORMERLY EDUCATION AND HUMAN RESOURCES) $110,362