If you are a recipient of federal awards, you’ve likely made it through your first single audit performed in accordance with the Uniform Administrative Requirements, Cost Principles, and Audit Requirements (Uniform Guidance). Maybe you passed with flying colors because you were well-prepared for the new rules or perhaps you ended up with more findings than in the past. You may have also noticed a change in the major programs that were audited.
In any case, there were many lessons learned and more are sure to follow in the next year. The following are observations Baker Tilly auditors made over the last year.
Subrecipient monitoring requirements had some of the biggest changes under the Uniform Guidance. It is now necessary to formally document a risk assessment process for subrecipients or sub-grantees.
Many entities updated their documentation of subrecipient versus contractor (previously referred to as vendor) relationships. This is an important distinction to ensure appropriate contracting, subrecipient monitoring and reporting activities are performed. Federal awardees are required only to assess risk and monitor subrecipients, not contractors for goods and services. Additionally, a subrecipient contract must have a number of federal award identification data points included in the contracts that are not required in a contract for goods and services.
The results of the risk assessment process drives the monitoring procedures to be performed. It is important to have a subrecipient monitoring policy that will describe how the various risk factors impact the nature and frequency of monitoring activities.
If your organization is struggling in this area, it may be helpful to step back, assess your situation and follow these steps:
- Review current contracts and determine whether they are subrecipient or contractor relationships. Complete and document an analysis to support your conclusions and keep with the contracting file so that anyone can go back and review the determination.
- If there are subrecipient relationships identified, ensure that the contracts include the required federal award identification information. Issue an addendum with the information, if necessary.
- Develop and document a risk assessment methodology. What risk factors will you consider and how will those risk factors affect the level of monitoring that should be completed? Creation of a policy to address this methodology promotes standards and consistency that can be used by a variety of grant administrators. Unfortunately, one size does not fit all when it comes to monitoring subrecipients.
- Conduct the monitoring according to the methodology or policy, documenting the process and results.
- Ensure that exceptions or issues noted are properly resolved in a timely manner.
Remember, these requirements apply to federal funding you receive directly as well as federal funding that is passed through another entity, such as a state or county government.
Monitoring by pass-through entities
On a similar note, if you are a recipient of federal awards from a pass-through entity (PTE), you might be experiencing more oversight than you have previously. This is because the PTE has likely re-engineered its subrecipient monitoring procedures to follow the new Uniform Guidance requirements.
PTEs often have an emphasis on repeat findings and may request additional information on addressing and/or resolving those findings. You can head off some questions by reviewing your corrective action responses and ensuring the responses:
- Address the issues noted in the finding
- Show progress or improvement in the situation that has been reported for more than one year
- Include compensating controls to address the deficiencies noted in the finding
- Include the required who, what and when – responses should indicate what corrective action will be taken, who is responsible for overseeing the corrective action and when will the corrective action be implemented
PTEs are doing their due diligence and following the new requirements in order to successfully pass their own audits. Working cooperatively with the personnel at the PTEs will help you both reach your objectives as it relates to grant administration.
Documentation of internal controls
The Uniform Guidance places increased importance on internal controls over federal awards. In many compliance areas, there are explicit requirements for policies to be in writing. As a result, federal agencies are emphasizing complete and robust written documentation of internal controls. Examples of policies that are required to in writing include cash management, determining allowable costs, conflicts of interest, and subrecipient risk assessments.
One of the areas of greatest challenge to many entities relate to the changes to the indirect cost provisions. The Uniform Guidance now allows for a de minimis rate of 10 percent for entities that have never had a federally negotiated rate. However, we’ve seen inconsistent application of both the federally negotiated rate and the de minimis rate. In some situations, pass-through entities are not accepting a subrecipient’s approved rate. In other situations, the provisions of the federal award may limit the indirect cost rate to be charged. This is leading to more extensive contracting and negotiation processes between pass-through entities and subrecipients.
Filing with the Federal Audit Clearinghouse
Auditees are responsible for preparing portions of the data collection form, which is a standard report that is filed with the Federal Audit Clearinghouse along with the single audit reporting package. The portions that the auditee should prepare include the auditee information on the first page and the federal award information on the second page. This process takes some increased coordination between the auditor and auditee.
For the past two years, federal awardees have been able to delay implementation of the new procurement requirements prescribed by the Uniform Guidance; however, they are coming into effect for fiscal years beginning in 2017. Procurement applies to both contracts for goods and services as well as subrecipients.
All procured contracts should be classified under certain tiers depending on the amount and the awarding requirements. These tiers (micro-purchases, small purchases, sealed bids, competitive proposals and noncompetitive proposals) should be compared with current procurement policies and adjusted as necessary.
Procurement files should contain documentation on which procurement tier was used. If you haven’t already, there may still be time to review procurement policies and contracts subject to Uniform Guidance and to ensure compliance, but time is quickly running out.
For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.