Significant Deficiency Criteria: In accordance with 2 CFR 200, management must have an adequate system of internal control procedures in place to adequately safeguard confidential information from unauthorized use in compliance with applicable laws and regulations. In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe. Condition: Upon surprise inspection, one unattended workstations of DSS employees were unlocked, and the workstation was logged onto the state network without anyone attending to the work station. Context: During a surprise walkthrough, we examined 41 workstations and determined that 1 (2%) workstations were not properly secured. The workstations were unattended and/or logged onto the state system. Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building. Cause: Lapse of internal controls over data security. Questioned Costs: The finding represents an internal control issue; therefore, no questioned costs are applicable. Recommendation: Require the County to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended. Views of Responsible Officials and Planned Corrective Actions: Management accepts this finding. Please refer to the Corrective Action Plan.
Significant Deficiency Criteria: In accordance with 2 CFR 200, management must have an adequate system of internal control procedures in place to adequately safeguard confidential information from unauthorized use in compliance with applicable laws and regulations. In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe. Condition: Upon surprise inspection, one unattended workstations of DSS employees were unlocked, and the workstation was logged onto the state network without anyone attending to the work station. Context: During a surprise walkthrough, we examined 41 workstations and determined that 1 (2%) workstations were not properly secured. The workstations were unattended and/or logged onto the state system. Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building. Cause: Lapse of internal controls over data security. Questioned Costs: The finding represents an internal control issue; therefore, no questioned costs are applicable. Recommendation: Require the County to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended. Views of Responsible Officials and Planned Corrective Actions: Management accepts this finding. Please refer to the Corrective Action Plan.
Significant Deficiency Criteria: In accordance with 2 CFR 200, management must have an adequate system of internal control procedures in place to adequately safeguard confidential information from unauthorized use in compliance with applicable laws and regulations. In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe. Condition: Upon surprise inspection, one unattended workstations of DSS employees were unlocked, and the workstation was logged onto the state network without anyone attending to the work station. Context: During a surprise walkthrough, we examined 41 workstations and determined that 1 (2%) workstations were not properly secured. The workstations were unattended and/or logged onto the state system. Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building. Cause: Lapse of internal controls over data security. Questioned Costs: The finding represents an internal control issue; therefore, no questioned costs are applicable. Recommendation: Require the County to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended. Views of Responsible Officials and Planned Corrective Actions: Management accepts this finding. Please refer to the Corrective Action Plan.
Significant Deficiency Criteria: In accordance with 2 CFR 200, management must have an adequate system of internal control procedures in place to adequately safeguard confidential information from unauthorized use in compliance with applicable laws and regulations. In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe. Condition: Upon surprise inspection, one unattended workstations of DSS employees were unlocked, and the workstation was logged onto the state network without anyone attending to the work station. Context: During a surprise walkthrough, we examined 41 workstations and determined that 1 (2%) workstations were not properly secured. The workstations were unattended and/or logged onto the state system. Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building. Cause: Lapse of internal controls over data security. Questioned Costs: The finding represents an internal control issue; therefore, no questioned costs are applicable. Recommendation: Require the County to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended. Views of Responsible Officials and Planned Corrective Actions: Management accepts this finding. Please refer to the Corrective Action Plan.
Internal Control, Significant Deficiency Criteria: In accordance with 42 CFR 435, documentation must be obtained as needed to determine if a recipient meets specific eligibility standards, and documentation must be maintained to support those determinations. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure the accuracy of benefits being provided is within program requirements. Management must monitor activities under federal awards to assure compliance with federal requirements. Condition: One casefile had resources documented in NC FAST that did not match supporting source document (AVS). After review of the cases, the participant was found to still be eligible for Medicaid benefits. Context: Of the 615,695 benefit payments valued at $198,332,895, we examined 60 payment records ($70,630 value) and determined that the above condition to one payment (.09% valued at $63). We determined that the one was still eligible after redetermination with the correct documentation. Effect: Participants could receive benefits for which they are not eligible. Cause: Caseworkers did not take proper steps in making sure what was used for eligibility determination was complete and accurate per program guidelines. Questioned Costs: The finding represents an internal control issue; therefore, no questioned costs are applicable. Upon further review, the applicant was still eligible to receive Medicaid benefits. Recommendation: Caseworkers should review their eligibility determinations and ensure all documentation is included and accurate. Views of Responsible Officials and Planned Corrective Action: See Corrective Action Plan submitted with this report.
Significant Deficiency Criteria: In accordance with 2 CFR 200, management must have an adequate system of internal control procedures in place to adequately safeguard confidential information from unauthorized use in compliance with applicable laws and regulations. In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe. Condition: Upon surprise inspection, one unattended workstations of DSS employees were unlocked, and the workstation was logged onto the state network without anyone attending to the work station. Context: During a surprise walkthrough, we examined 41 workstations and determined that 1 (2%) workstations were not properly secured. The workstations were unattended and/or logged onto the state system. Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building. Cause: Lapse of internal controls over data security. Questioned Costs: The finding represents an internal control issue; therefore, no questioned costs are applicable. Recommendation: Require the County to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended. Views of Responsible Officials and Planned Corrective Actions: Management accepts this finding. Please refer to the Corrective Action Plan.
Significant Deficiency Criteria: In accordance with 2 CFR 200, management must have an adequate system of internal control procedures in place to adequately safeguard confidential information from unauthorized use in compliance with applicable laws and regulations. In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe. Condition: Upon surprise inspection, one unattended workstations of DSS employees were unlocked, and the workstation was logged onto the state network without anyone attending to the work station. Context: During a surprise walkthrough, we examined 41 workstations and determined that 1 (2%) workstations were not properly secured. The workstations were unattended and/or logged onto the state system. Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building. Cause: Lapse of internal controls over data security. Questioned Costs: The finding represents an internal control issue; therefore, no questioned costs are applicable. Recommendation: Require the County to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended. Views of Responsible Officials and Planned Corrective Actions: Management accepts this finding. Please refer to the Corrective Action Plan.
Significant Deficiency Criteria: In accordance with 2 CFR 200, management must have an adequate system of internal control procedures in place to adequately safeguard confidential information from unauthorized use in compliance with applicable laws and regulations. In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe. Condition: Upon surprise inspection, one unattended workstations of DSS employees were unlocked, and the workstation was logged onto the state network without anyone attending to the work station. Context: During a surprise walkthrough, we examined 41 workstations and determined that 1 (2%) workstations were not properly secured. The workstations were unattended and/or logged onto the state system. Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building. Cause: Lapse of internal controls over data security. Questioned Costs: The finding represents an internal control issue; therefore, no questioned costs are applicable. Recommendation: Require the County to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended. Views of Responsible Officials and Planned Corrective Actions: Management accepts this finding. Please refer to the Corrective Action Plan.
Significant Deficiency Criteria: In accordance with 2 CFR 200, management must have an adequate system of internal control procedures in place to adequately safeguard confidential information from unauthorized use in compliance with applicable laws and regulations. In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe. Condition: Upon surprise inspection, one unattended workstations of DSS employees were unlocked, and the workstation was logged onto the state network without anyone attending to the work station. Context: During a surprise walkthrough, we examined 41 workstations and determined that 1 (2%) workstations were not properly secured. The workstations were unattended and/or logged onto the state system. Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building. Cause: Lapse of internal controls over data security. Questioned Costs: The finding represents an internal control issue; therefore, no questioned costs are applicable. Recommendation: Require the County to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended. Views of Responsible Officials and Planned Corrective Actions: Management accepts this finding. Please refer to the Corrective Action Plan.
Internal Control, Significant Deficiency Criteria: In accordance with 42 CFR 435, documentation must be obtained as needed to determine if a recipient meets specific eligibility standards, and documentation must be maintained to support those determinations. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure the accuracy of benefits being provided is within program requirements. Management must monitor activities under federal awards to assure compliance with federal requirements. Condition: One casefile had resources documented in NC FAST that did not match supporting source document (AVS). After review of the cases, the participant was found to still be eligible for Medicaid benefits. Context: Of the 615,695 benefit payments valued at $198,332,895, we examined 60 payment records ($70,630 value) and determined that the above condition to one payment (.09% valued at $63). We determined that the one was still eligible after redetermination with the correct documentation. Effect: Participants could receive benefits for which they are not eligible. Cause: Caseworkers did not take proper steps in making sure what was used for eligibility determination was complete and accurate per program guidelines. Questioned Costs: The finding represents an internal control issue; therefore, no questioned costs are applicable. Upon further review, the applicant was still eligible to receive Medicaid benefits. Recommendation: Caseworkers should review their eligibility determinations and ensure all documentation is included and accurate. Views of Responsible Officials and Planned Corrective Action: See Corrective Action Plan submitted with this report.