Finding Text
Federal Agency: U.S. Department of the Treasury
Federal Program Name:
• Coronavirus State and Local Fiscal Recovery Funds
Assistance Listing Number:
• 21.027
Federal Award Identification Number: SLFRP0126
Pass-Through Agency: State of Colorado Department of Human Services (CDHS), Signal Behavioral Health Network, and City and Country of Broomfield Department of Health and Human Services
Pass-Through Number(s): N/A
Award Period: 7/1/2022 – 6/30/2023
Type of Finding:
• Significant Deficiency in Internal Control over Compliance and Other Matters
Criteria or specific requirement: According to § 2 CFR 200.332 Requirements for Pass-through Entities, all pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. In addition, the pass-through entity must monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved.
Condition: The Organization lacked a process to complete a risk assessment that would allow the Organization to evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring.
Questioned costs: None.
Context: We noted the Organization is not in compliance with requirements defined within 2 CFR §200.332(b).
Cause: The Organization lacks established internal controls and procedures that ensure a complete risk assessment is performed on all Subrecipients.
Effect: The lack of internal controls over this compliance requirement provides an opportunity for noncompliance. Repeat Finding: Yes - Modified: 2022-004
Recommendation: The Organization created a Subrecipient Monitoring Policy in fiscal year 2023 to include performing subrecipient risk assessments on all subrecipient relationships entered into by the Organization. As part of the Organization’s subrecipient monitoring process it received an incomplete audit report from a subrecipient and as a result the Organization was not aware of the audit findings the subrecipient had received. We recommend the Organization utilize the federal audit clearinghouse to verify the audit reports the subrecipients are providing.
Views of responsible officials: Management concurs with the audit finding. Subrecipient monitoring was performed per the existing policy but the subrecipient provided inaccurate information on the monitoring questionnaire and incomplete audit information. The information provided by the subrecipient was not verified against the Federal Audit Clearinghouse. The risk assessment policy will be updated to ensure that information provided by subrecipients is verified against the Federal Audit Clearinghouse to ensure a complete risk assessment is performed.