Non‐Material Non‐Compliance Material Weakness, Allowable Cost
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that activities allowed and allowable cost policies are implemented and functioning as intended. Management must monitor activities under federal awards to assure compliance with federal requirements. Management should have an adequate system of internal control procedures in place to properly review and assess the eligibility of payroll costs to ensure the accuracy of the payroll costs charged is within program requirements. In accordance with 24 CRF section 990, verification of accuracy of information used in determining payroll costs to be charged to the program should be maintained.
Condition: An employee was demoted resulting in them not having to complete day sheets and requiring ADM time to be reported. Management did not update in NC CORELS and copied prior month day sheets to pay employee resulting in inappropriately charged amounts to the SNAP program.
Context: Of the 570 expenditures during the current year valued at $671,155, we examined 40 (valued at $166,725) and determined that 1 (2% valued at $3,893) expenditure did not have proper documentation to support accuracy of payroll costs.
Effect: Salaries allocated to the program did not have approved time sheets to verify the accuracy of the hours charged.
Cause: Due to employee being demoted and not updated in NC CORELS, employee was paid with inappropriate charged expenses to the SNAP program.
Questioned Costs: In accordance with 2 CFR 200, auditors are required to report known questioned costs when likely questioned costs are greater than $25,000. Even though the sample results only identified $3,893 in known questioned costs, if tests were extended to the entire population, questioned costs could exceed $25,000.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report
Non‐Material Non‐Compliance
Material Weakness, Reporting
Criteria: In accordance with the DSS Fiscal Manual, Section II, travel expenditures must be within allowable limits in accordance with a county wide travel plan. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure thatactivities allowed and allowable cost policies are implemented and functioning as intended. Management should have an adequate system of internal control procedures in place to properly review and assess travel expense reimbursement to ensure that proper mileage rates are being used when calculating travel reimbursement expense checks.
Condition: Employee used FY25 mileage rate when entering mileage to be reimbursed and management missed it during reconciliation of requisition. County did not maintain all receipts necessary to support the claim with signatures from employees and supervisors.
Context: Employee keyed the wrong fiscal year mileage rate and resulting in them being improperly reimbursed. Employee was paid for $108 instead of correctly calculated amount of $106.
Effect: County overpaid in travel reimbursement expenses to employee and did not maintain adequate receipts necessary to support claim.
Cause: Employee keyed in FY25 mileage rate instead of FY24 mileage rate when entering mileage for reimbursement.
Questioned Costs: None. The finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Significant Deficiency
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the statenetwork without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable.
Identification of Repeat Finding: This is a repeat finding from the immediate previous audit, 2023-001.
Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
submitted with this report.
Non‐Material Non‐Compliance Material Weakness, Allowable Cost
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that activities allowed and allowable cost policies are implemented and functioning as intended. Management must monitor activities under federal awards to assure compliance with federal requirements. Management should have an adequate system of internal control procedures in place to properly review and assess the eligibility of payroll costs to ensure the accuracy of the payroll costs charged is within program requirements. In accordance with 24 CRF section 990, verification of accuracy of information used in determining payroll costs to be charged to the program should be maintained.
Condition: An employee was demoted resulting in them not having to complete day sheets and requiring ADM time to be reported. Management did not update in NC CORELS and copied prior month day sheets to pay employee resulting in inappropriately charged amounts to the SNAP program.
Context: Of the 570 expenditures during the current year valued at $671,155, we examined 40 (valued at $166,725) and determined that 1 (2% valued at $3,893) expenditure did not have proper documentation to support accuracy of payroll costs.
Effect: Salaries allocated to the program did not have approved time sheets to verify the accuracy of the hours charged.
Cause: Due to employee being demoted and not updated in NC CORELS, employee was paid with inappropriate charged expenses to the SNAP program.
Questioned Costs: In accordance with 2 CFR 200, auditors are required to report known questioned costs when likely questioned costs are greater than $25,000. Even though the sample results only identified $3,893 in known questioned costs, if tests were extended to the entire population, questioned costs could exceed $25,000.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report
Non‐Material Non‐Compliance
Material Weakness, Reporting
Criteria: In accordance with the DSS Fiscal Manual, Section II, travel expenditures must be within allowable limits in accordance with a county wide travel plan. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure thatactivities allowed and allowable cost policies are implemented and functioning as intended. Management should have an adequate system of internal control procedures in place to properly review and assess travel expense reimbursement to ensure that proper mileage rates are being used when calculating travel reimbursement expense checks.
Condition: Employee used FY25 mileage rate when entering mileage to be reimbursed and management missed it during reconciliation of requisition. County did not maintain all receipts necessary to support the claim with signatures from employees and supervisors.
Context: Employee keyed the wrong fiscal year mileage rate and resulting in them being improperly reimbursed. Employee was paid for $108 instead of correctly calculated amount of $106.
Effect: County overpaid in travel reimbursement expenses to employee and did not maintain adequate receipts necessary to support claim.
Cause: Employee keyed in FY25 mileage rate instead of FY24 mileage rate when entering mileage for reimbursement.
Questioned Costs: None. The finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Significant Deficiency
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the statenetwork without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable.
Identification of Repeat Finding: This is a repeat finding from the immediate previous audit, 2023-001.
Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
submitted with this report.
Non‐Material Non‐Compliance
Material Weakness, Reporting
Criteria: In accordance with the DSS Fiscal Manual, Section II, travel expenditures must be within allowable limits in accordance with a county wide travel plan. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure thatactivities allowed and allowable cost policies are implemented and functioning as intended. Management should have an adequate system of internal control procedures in place to properly review and assess travel expense reimbursement to ensure that proper mileage rates are being used when calculating travel reimbursement expense checks.
Condition: Employee used FY25 mileage rate when entering mileage to be reimbursed and management missed it during reconciliation of requisition. County did not maintain all receipts necessary to support the claim with signatures from employees and supervisors.
Context: Employee keyed the wrong fiscal year mileage rate and resulting in them being improperly reimbursed. Employee was paid for $108 instead of correctly calculated amount of $106.
Effect: County overpaid in travel reimbursement expenses to employee and did not maintain adequate receipts necessary to support claim.
Cause: Employee keyed in FY25 mileage rate instead of FY24 mileage rate when entering mileage for reimbursement.
Questioned Costs: None. The finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Significant Deficiency
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the statenetwork without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable.
Identification of Repeat Finding: This is a repeat finding from the immediate previous audit, 2023-001.
Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
submitted with this report.
Non‐Material Non‐Compliance
Material Weakness, Reporting
Criteria: In accordance with the DSS Fiscal Manual, Section II, travel expenditures must be within allowable limits in accordance with a county wide travel plan. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure thatactivities allowed and allowable cost policies are implemented and functioning as intended. Management should have an adequate system of internal control procedures in place to properly review and assess travel expense reimbursement to ensure that proper mileage rates are being used when calculating travel reimbursement expense checks.
Condition: Employee used FY25 mileage rate when entering mileage to be reimbursed and management missed it during reconciliation of requisition. County did not maintain all receipts necessary to support the claim with signatures from employees and supervisors.
Context: Employee keyed the wrong fiscal year mileage rate and resulting in them being improperly reimbursed. Employee was paid for $108 instead of correctly calculated amount of $106.
Effect: County overpaid in travel reimbursement expenses to employee and did not maintain adequate receipts necessary to support claim.
Cause: Employee keyed in FY25 mileage rate instead of FY24 mileage rate when entering mileage for reimbursement.
Questioned Costs: None. The finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Significant Deficiency
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the statenetwork without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable.
Identification of Repeat Finding: This is a repeat finding from the immediate previous audit, 2023-001.
Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
submitted with this report.
Non‐Material Non‐Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internalcontrol procedures in place to ensure that casefile evidence is appropriately updated. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services had one case file with evidence that did not match the online data verification system.
Context: Of the 1,642,149 benefit payments valued at $651,425,953, we examined 60 payment records ($45,425 value) and determined that one casefile (2%) was not properly updated on the online data verification system.
Effect: Casefile information was not properly updated on the online data verification system resulting in incorrect calculation of eligibility benefits, but the applicant remained eligible due to still meeting threshold requirements.
Cause: Online data verification system was not properly updated resulting in eligibility benefit determination not being properly calculated. Second party review quarterly reports were not being timely submitted, resulting in failure to meet compliance requirements for submissions.
Questioned Costs: None, the finding represents an internal control issue, therefore, no questioned costs are applicable. The client was able to substantiate that the applicant was eligible to receivebenefits.
Recommendation: Caseworkers should review their eligibility determinations and ensure all information is entered correctly. Calculations should be reviewed for accuracy before approving benefits.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plansubmitted with this report.
Non‐Material Non‐Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that second party review quarterly reports are submitted timely and accurately before the required due date. Second party reviews are an essential tool in monitoring eligibility determinations.
Condition: The county did not timely perform and submit second party review documents for two of the quarterly reports (third and fourth quarter).
Context: Of the four quarterly reports that were submitted, two of them were not submitted timely.The third quarter report was submitted nine days after the required due date and the fourth quarter report was submitted 25 days after the due date.
Effect: The County did not have internal controls being properly followed for timely completion of second part reviews and submission of the required reports. The third and fourth quarter reports for second party review were not submitted until after the required due date.
Cause: Lack of internal controls being followed to ensure proper and timely second party reviews and submission of the second party review quarterly reports.
Questioned Costs: None, the finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should review quarterly reports to ensure that timely and accurate second party reviews are being performed and reports are being submitted by the required due date.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Non‐Material Non‐Compliance
Material Weakness, Reporting
Criteria: In accordance with the DSS Fiscal Manual, Section II, travel expenditures must be within allowable limits in accordance with a county wide travel plan. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure thatactivities allowed and allowable cost policies are implemented and functioning as intended. Management should have an adequate system of internal control procedures in place to properly review and assess travel expense reimbursement to ensure that proper mileage rates are being used when calculating travel reimbursement expense checks.
Condition: Employee used FY25 mileage rate when entering mileage to be reimbursed and management missed it during reconciliation of requisition. County did not maintain all receipts necessary to support the claim with signatures from employees and supervisors.
Context: Employee keyed the wrong fiscal year mileage rate and resulting in them being improperly reimbursed. Employee was paid for $108 instead of correctly calculated amount of $106.
Effect: County overpaid in travel reimbursement expenses to employee and did not maintain adequate receipts necessary to support claim.
Cause: Employee keyed in FY25 mileage rate instead of FY24 mileage rate when entering mileage for reimbursement.
Questioned Costs: None. The finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Significant Deficiency
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the statenetwork without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable.
Identification of Repeat Finding: This is a repeat finding from the immediate previous audit, 2023-001.
Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
submitted with this report.
Non‐Material Non‐Compliance Material Weakness, Allowable Cost
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that activities allowed and allowable cost policies are implemented and functioning as intended. Management must monitor activities under federal awards to assure compliance with federal requirements. Management should have an adequate system of internal control procedures in place to properly review and assess the eligibility of payroll costs to ensure the accuracy of the payroll costs charged is within program requirements. In accordance with 24 CRF section 990, verification of accuracy of information used in determining payroll costs to be charged to the program should be maintained.
Condition: An employee was demoted resulting in them not having to complete day sheets and requiring ADM time to be reported. Management did not update in NC CORELS and copied prior month day sheets to pay employee resulting in inappropriately charged amounts to the SNAP program.
Context: Of the 570 expenditures during the current year valued at $671,155, we examined 40 (valued at $166,725) and determined that 1 (2% valued at $3,893) expenditure did not have proper documentation to support accuracy of payroll costs.
Effect: Salaries allocated to the program did not have approved time sheets to verify the accuracy of the hours charged.
Cause: Due to employee being demoted and not updated in NC CORELS, employee was paid with inappropriate charged expenses to the SNAP program.
Questioned Costs: In accordance with 2 CFR 200, auditors are required to report known questioned costs when likely questioned costs are greater than $25,000. Even though the sample results only identified $3,893 in known questioned costs, if tests were extended to the entire population, questioned costs could exceed $25,000.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report
Non‐Material Non‐Compliance
Material Weakness, Reporting
Criteria: In accordance with the DSS Fiscal Manual, Section II, travel expenditures must be within allowable limits in accordance with a county wide travel plan. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure thatactivities allowed and allowable cost policies are implemented and functioning as intended. Management should have an adequate system of internal control procedures in place to properly review and assess travel expense reimbursement to ensure that proper mileage rates are being used when calculating travel reimbursement expense checks.
Condition: Employee used FY25 mileage rate when entering mileage to be reimbursed and management missed it during reconciliation of requisition. County did not maintain all receipts necessary to support the claim with signatures from employees and supervisors.
Context: Employee keyed the wrong fiscal year mileage rate and resulting in them being improperly reimbursed. Employee was paid for $108 instead of correctly calculated amount of $106.
Effect: County overpaid in travel reimbursement expenses to employee and did not maintain adequate receipts necessary to support claim.
Cause: Employee keyed in FY25 mileage rate instead of FY24 mileage rate when entering mileage for reimbursement.
Questioned Costs: None. The finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Significant Deficiency
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the statenetwork without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable.
Identification of Repeat Finding: This is a repeat finding from the immediate previous audit, 2023-001.
Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
submitted with this report.
Non‐Material Non‐Compliance Material Weakness, Allowable Cost
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that activities allowed and allowable cost policies are implemented and functioning as intended. Management must monitor activities under federal awards to assure compliance with federal requirements. Management should have an adequate system of internal control procedures in place to properly review and assess the eligibility of payroll costs to ensure the accuracy of the payroll costs charged is within program requirements. In accordance with 24 CRF section 990, verification of accuracy of information used in determining payroll costs to be charged to the program should be maintained.
Condition: An employee was demoted resulting in them not having to complete day sheets and requiring ADM time to be reported. Management did not update in NC CORELS and copied prior month day sheets to pay employee resulting in inappropriately charged amounts to the SNAP program.
Context: Of the 570 expenditures during the current year valued at $671,155, we examined 40 (valued at $166,725) and determined that 1 (2% valued at $3,893) expenditure did not have proper documentation to support accuracy of payroll costs.
Effect: Salaries allocated to the program did not have approved time sheets to verify the accuracy of the hours charged.
Cause: Due to employee being demoted and not updated in NC CORELS, employee was paid with inappropriate charged expenses to the SNAP program.
Questioned Costs: In accordance with 2 CFR 200, auditors are required to report known questioned costs when likely questioned costs are greater than $25,000. Even though the sample results only identified $3,893 in known questioned costs, if tests were extended to the entire population, questioned costs could exceed $25,000.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report
Non‐Material Non‐Compliance
Material Weakness, Reporting
Criteria: In accordance with the DSS Fiscal Manual, Section II, travel expenditures must be within allowable limits in accordance with a county wide travel plan. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure thatactivities allowed and allowable cost policies are implemented and functioning as intended. Management should have an adequate system of internal control procedures in place to properly review and assess travel expense reimbursement to ensure that proper mileage rates are being used when calculating travel reimbursement expense checks.
Condition: Employee used FY25 mileage rate when entering mileage to be reimbursed and management missed it during reconciliation of requisition. County did not maintain all receipts necessary to support the claim with signatures from employees and supervisors.
Context: Employee keyed the wrong fiscal year mileage rate and resulting in them being improperly reimbursed. Employee was paid for $108 instead of correctly calculated amount of $106.
Effect: County overpaid in travel reimbursement expenses to employee and did not maintain adequate receipts necessary to support claim.
Cause: Employee keyed in FY25 mileage rate instead of FY24 mileage rate when entering mileage for reimbursement.
Questioned Costs: None. The finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Significant Deficiency
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the statenetwork without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable.
Identification of Repeat Finding: This is a repeat finding from the immediate previous audit, 2023-001.
Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
submitted with this report.
Non‐Material Non‐Compliance
Material Weakness, Reporting
Criteria: In accordance with the DSS Fiscal Manual, Section II, travel expenditures must be within allowable limits in accordance with a county wide travel plan. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure thatactivities allowed and allowable cost policies are implemented and functioning as intended. Management should have an adequate system of internal control procedures in place to properly review and assess travel expense reimbursement to ensure that proper mileage rates are being used when calculating travel reimbursement expense checks.
Condition: Employee used FY25 mileage rate when entering mileage to be reimbursed and management missed it during reconciliation of requisition. County did not maintain all receipts necessary to support the claim with signatures from employees and supervisors.
Context: Employee keyed the wrong fiscal year mileage rate and resulting in them being improperly reimbursed. Employee was paid for $108 instead of correctly calculated amount of $106.
Effect: County overpaid in travel reimbursement expenses to employee and did not maintain adequate receipts necessary to support claim.
Cause: Employee keyed in FY25 mileage rate instead of FY24 mileage rate when entering mileage for reimbursement.
Questioned Costs: None. The finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Significant Deficiency
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the statenetwork without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable.
Identification of Repeat Finding: This is a repeat finding from the immediate previous audit, 2023-001.
Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
submitted with this report.
Non‐Material Non‐Compliance
Material Weakness, Reporting
Criteria: In accordance with the DSS Fiscal Manual, Section II, travel expenditures must be within allowable limits in accordance with a county wide travel plan. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure thatactivities allowed and allowable cost policies are implemented and functioning as intended. Management should have an adequate system of internal control procedures in place to properly review and assess travel expense reimbursement to ensure that proper mileage rates are being used when calculating travel reimbursement expense checks.
Condition: Employee used FY25 mileage rate when entering mileage to be reimbursed and management missed it during reconciliation of requisition. County did not maintain all receipts necessary to support the claim with signatures from employees and supervisors.
Context: Employee keyed the wrong fiscal year mileage rate and resulting in them being improperly reimbursed. Employee was paid for $108 instead of correctly calculated amount of $106.
Effect: County overpaid in travel reimbursement expenses to employee and did not maintain adequate receipts necessary to support claim.
Cause: Employee keyed in FY25 mileage rate instead of FY24 mileage rate when entering mileage for reimbursement.
Questioned Costs: None. The finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Significant Deficiency
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the statenetwork without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable.
Identification of Repeat Finding: This is a repeat finding from the immediate previous audit, 2023-001.
Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
submitted with this report.
Non‐Material Non‐Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internalcontrol procedures in place to ensure that casefile evidence is appropriately updated. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services had one case file with evidence that did not match the online data verification system.
Context: Of the 1,642,149 benefit payments valued at $651,425,953, we examined 60 payment records ($45,425 value) and determined that one casefile (2%) was not properly updated on the online data verification system.
Effect: Casefile information was not properly updated on the online data verification system resulting in incorrect calculation of eligibility benefits, but the applicant remained eligible due to still meeting threshold requirements.
Cause: Online data verification system was not properly updated resulting in eligibility benefit determination not being properly calculated. Second party review quarterly reports were not being timely submitted, resulting in failure to meet compliance requirements for submissions.
Questioned Costs: None, the finding represents an internal control issue, therefore, no questioned costs are applicable. The client was able to substantiate that the applicant was eligible to receivebenefits.
Recommendation: Caseworkers should review their eligibility determinations and ensure all information is entered correctly. Calculations should be reviewed for accuracy before approving benefits.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plansubmitted with this report.
Non‐Material Non‐Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that second party review quarterly reports are submitted timely and accurately before the required due date. Second party reviews are an essential tool in monitoring eligibility determinations.
Condition: The county did not timely perform and submit second party review documents for two of the quarterly reports (third and fourth quarter).
Context: Of the four quarterly reports that were submitted, two of them were not submitted timely.The third quarter report was submitted nine days after the required due date and the fourth quarter report was submitted 25 days after the due date.
Effect: The County did not have internal controls being properly followed for timely completion of second part reviews and submission of the required reports. The third and fourth quarter reports for second party review were not submitted until after the required due date.
Cause: Lack of internal controls being followed to ensure proper and timely second party reviews and submission of the second party review quarterly reports.
Questioned Costs: None, the finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should review quarterly reports to ensure that timely and accurate second party reviews are being performed and reports are being submitted by the required due date.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Non‐Material Non‐Compliance
Material Weakness, Reporting
Criteria: In accordance with the DSS Fiscal Manual, Section II, travel expenditures must be within allowable limits in accordance with a county wide travel plan. In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure thatactivities allowed and allowable cost policies are implemented and functioning as intended. Management should have an adequate system of internal control procedures in place to properly review and assess travel expense reimbursement to ensure that proper mileage rates are being used when calculating travel reimbursement expense checks.
Condition: Employee used FY25 mileage rate when entering mileage to be reimbursed and management missed it during reconciliation of requisition. County did not maintain all receipts necessary to support the claim with signatures from employees and supervisors.
Context: Employee keyed the wrong fiscal year mileage rate and resulting in them being improperly reimbursed. Employee was paid for $108 instead of correctly calculated amount of $106.
Effect: County overpaid in travel reimbursement expenses to employee and did not maintain adequate receipts necessary to support claim.
Cause: Employee keyed in FY25 mileage rate instead of FY24 mileage rate when entering mileage for reimbursement.
Questioned Costs: None. The finding represents an internal control issue, therefore, no questioned costs are applicable.
Recommendations: Management should ensure that employees being paid in NC CORELS are being paid according to proper pay codes and requirements.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.
Significant Deficiency
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the statenetwork without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable.
Identification of Repeat Finding: This is a repeat finding from the immediate previous audit, 2023-001.
Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan
submitted with this report.