With the increase in federal funding provided to healthcare organizations due to the COVID-19 pandemic, a big question is how to ensure compliance with the federal requirements. In these unprecedented times, not only do healthcare organizations need to meet federal requirements under the Coronavirus Aid, Relief, and Economic Security (CARES) Act, but they must also adhere to Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards in 2 CFR Part 200 (Uniform Guidance).
We recently broke down the single audit impacts of CARES.
The Importance of Understanding Procurement of Goods and Services
One of the more complex areas within Uniform Guidance is related to the procurement of goods and services. Procurement regulations are complex, and there are many nuances that are difficult to work through. It’s important to understand the required policies and procedures related to procurement and how to ensure your organization is covered.
Policies and Procedures
Under Uniform Guidance, organizations are required to procure goods and services in accordance with their own documented policies and procedures. The caveat is that such policies and procedures must be compliant with local, state and federal laws and regulations. Some states have statutes that are not compliant with federal procurement regulations, which is part of the challenge. If they are not careful, an organization may be following state law but not considering the federal requirements.
To avoid the potential for errors, the best practice is to have one policy that uses the most restrictive of any of the local, state or federal laws. In this case, no matter the funding source, the organization is always compliant. The disadvantage of this approach is administrative implementation challenges. In some states, there may be significant divergence from federal regulations. For example, many states have a lower competitive bidding threshold (e.g. $50,000 or $100,000) but allow for more exemptions. If the policies are updated for the lower threshold, the state exemptions versus the federal exemptions cannot be ignored.
Unfortunately, the new policies may require more workload or cause delays. Organizations need to have a full understanding of the local, state and federal regulations and may want to consider mapping out the differences in the requirements by expenditure thresholds. The key to avoiding findings is to write a policy that meets all the requirements but remains practical in application.
The best approach is to take it one step at a time and work through the problem areas with all relevant parties (i.e. management, grantors, those charged with governance). However, because of the initial time commitment to establish complete and compliant policies, some entities ignore the policy details and default to extremely vague policies.
While the Uniform Guidance procurement standards are a great starting place (see more on those requirements below) it is important to tailor those standards to your organization and include both the workflow of who is performing the procedures and the controls over the procedures to ensure compliance with the federal regulations.
Let us help you make sense of your single audit and Uniform Guidance requirements.
Key Provisions of the Uniform Guidance Standards
Here are the key provisions that should be covered in a compliant procurement policy under 2 CFR 200.317-200.326:
Allowable Methods of Procurement
The standards allow for five different methods of procurement depending on the size of the procurement:
One of the most common issues we see as auditors in testing procurements by healthcare entities relates to following the incorrect method of procurement for the size of the procurement or not retaining enough documentation to support the transaction.
Procurement Under Small Purchase Procedures
Under Uniform Guidance, small acquisitions require an “adequate” number of quotes. The regulations do not restrict the type of quotes or the number of quotes, so it is up to you to define what an “adequate” number is and define how those quotes should be obtained. Many federal agencies have defined the minimum number as three, so the best practice is to define the adequate number of quotes to be at least three in your policy.
The risk related to this requirement is in document retention. Quotes can be sourced through various methods (online, email, verbal, written), so determining the way the quotes are retained is key to proving compliance.
One option is to implement a checklist that asks if the quotes were obtained and evidence retained. We recommend documenting the quotes on this checklist as well as the dates obtained and rationale for selection. Another possible option is to set up a procurement file for small purchases (and bids), with each quote maintained. Either option will satisfy the retention of quotes and should allow your organization to avoid findings. Regardless of the method used, there should also be internal controls in place. These controls allow for approval by an authorized reviewer prior to purchase authorization.
Regardless of the type of bid, the base requirement is that purchases over the simplified acquisition threshold (or lower depending on state law or local policy) must be competitively procured through a formal solicitation process. This formal competitive bidding process can be quite cumbersome due to the timing, administrative involvement, evaluation and contract negotiation. This lengthy solicitation process increases risk related to using noncompetitive exemptions inappropriately because organizations want to circumvent the standard process.
There are four allowable exemptions to competitive bidding under federal procurement standards:
Common compliance questions relate to the inappropriate use of either the sole-source or emergency purchase justifications. A sole-source purchase truly means the good or service is only reasonably available from one vendor. An emergency purchase refers to a purchase where the public may be harmed by a delay.
Many organizations are resorting to using non-competitive procurement during the public health emergency of the COVID-19 pandemic. While this may be okay in some situations, such as the need to purchase personal protective equipment to prevent harm to patients and staff, it might not be okay in all situations. The purchase of a new air filtration system or specialized testing equipment, for example, might require competitive bidding or sufficient justification and documentation on why competitive bidding wasn’t used.
If your organization determines it is justified to use a non-competitive procurement method, it is important to document the justification for doing so and the rationale for the vendor selected. Consider if the documentation is adequate to prove to an auditor or to the federal agency that it truly was an emergency purchase. Your organization’s authorized reviewer should assess any non-competitive purchase considerations to ensure they meet the criteria and document approval.
Suspension and Debarment Under Uniform Guidance
The federal government requires organizations to make sure they are not providing federal funds to organizations that are suspended or debarred. Organizations must evaluate procurements over $25,000 or on sub-awards under a pass-through/subrecipient relationship of any dollar amount to ensure compliance with this requirement. There are three possible ways to satisfy compliance:
The method selected depends on the nature of your organization. If entering into a contract, suspension and debarment is required as part of the terms and conditions. However, if the transaction did not require a formal contract, retaining the EPLS check or the signed certification is a must to show compliance.
How often your organization checks suspension and debarment also depends on the facts and circumstances. For recurring vendors operating on large multiple-year contracts, best practice is to perform an independent check at least once a year. For non-recurring vendors, for new or large contracts, and for change orders to existing contracts, the requirement should be met prior to entering into the contract or making contract amendments. For subrecipients, the verification should be performed for every sub-award prior to final issuance. To avoid non-compliance, the review for suspension and debarment compliance should be part of your internal controls, policies and procedures. It should also be part of the review process related to quotes or bidding requirements.
It's More Important Than Ever to Understand Single Audit Standards
Having a compliant procurement policy and following your policy is more important than ever before. The CARES Act funding, along with other federal dollars you receive, come with scrutiny. Having a well-written procurement policy will help to ensure that your organization is compliant and will protect your organization from having to refund the federal agency for costs that were questioned due to inappropriate purchasing procedures.
Let Eide Bailly help you with your Uniform Guidance Policy.