Finding 369758 (2023-004)

2023-004 (2019-015) SUBRECIPIENT MONITORING – Repeated and Modified Federal Agency: U.S. Department of Homeland Security/FEMA Federal Program Title & Assistance Listing Number: Homeland Security Grant Program – 97.067 Award Period: Various Type of Finding: Significant Deficiency in Internal Control over Compliance Other Non-compliance Condition During our testing, we noted the Department did not have adequate internal controls in place to ensure compliance with subrecipient monitoring. • Homeland Security Grant Program – 97.067 o This program of the Department lacked evidence that a risk assessment was performed for subrecipients as relates to the risk of noncompliance for those subawards subject to the Uniform Guidance. o This program of the Department lacked evidence that reviews of audits of subrecipients were performed that would allow the Department to identify any potential deficiencies that would require follow-up. Management’s Progress for Repeated Findings: Management made some progress in the performing of risk assessments and reviews of audits for Emergency Management Performance Grants, Disaster Grants – Public Assistance, and Pre-Disaster Mitigation programs. In other areas noted above, management has not yet implemented adequate controls to resolve the finding from the prior years. Criteria According to §200.332 Requirements for pass-through entities of 2 CFR Part 200, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Pass-through entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and written confirmation from the subrecipient, highlighting the status of actions planned or taken to address Single Audit findings related to the particular subaward. (3) Issuing a management decision for applicable audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by §200.521 Management Decision. Department Policy No. GRA 418 Sub-Grant Recipient Monitoring effective June 30, 2017 establishes and implements policy and procedures for the Department staff engaged in the Department’s sub-grant recipient monitoring process. For Mitigation Sub-Grant Monitoring, the Mitigation Specialist shall review the local progress quarterly reports due to the Department. For Non-Disaster Sub-Grant Recipient Monitoring, the Program Manager shall review the local progress quarterly reports due to the Department. Specific to Pre-Monitoring Requirements and Considerations, Department Program Staff shall perform risk-based assessments and apply the assessment to all of the Department’s approved sub-recipients for monitoring purposes and risk designation. Effect The lack of internal controls over this compliance requirement provides an opportunity for noncompliance at the subrecipient level. Potential costs outside the scope of work as well as overall effective project management at the subrecipient level. Cause The Department lacks established internal controls and procedures over financial grant management to ensure compliance with applicable compliance requirements.