Significant Deficiency, Activities Allowed/Allowable Costs
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that federal funds expended are for allowable costs under the terms of the grant agreement. Payroll costs that are charged to the program should be for authorized and approved hours actually worked.
Condition: One hourly employee was paid for eight hours in excess of hours reported on her approved timesheet.
Context: Of the 41 employee paychecks tested totalling $93,718 for 3,537 hour worked, one paycheck include eight hours, or $193, over the amount actually worked and approved by the supervisor.
Effect: The employee was overpaid and the County charged the grant for expenditures that did not represent direct costs of responding to the COVID-19 pandemic.
Cause: The accounting for EMS employee hours requires a true-up process by payroll personnel. During this true-up process, a clerical error was made by the payroll clerk and not caught and corrected by the County’s internal controls over payroll processing.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-004.
Questioned Cost: The error has been corrected and the employee paid back the over payment. Other eligible costs are available that satisfy CSLFRF requirements. This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County’s processing of payroll should incorporate further reconciliation and review procedures to ensure employees are paid for time actually worked.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Significant Deficiency, Activities Allowed/Allowable Costs
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that federal funds expended are for allowable costs under the terms of the grant agreement. Payroll costs that are charged to the program should be for authorized and approved hours actually worked.
Condition: One hourly employee was paid for eight hours in excess of hours reported on her approved timesheet.
Context: Of the 41 employee paychecks tested totalling $93,718 for 3,537 hour worked, one paycheck include eight hours, or $193, over the amount actually worked and approved by the supervisor.
Effect: The employee was overpaid and the County charged the grant for expenditures that did not represent direct costs of responding to the COVID-19 pandemic.
Cause: The accounting for EMS employee hours requires a true-up process by payroll personnel. During this true-up process, a clerical error was made by the payroll clerk and not caught and corrected by the County’s internal controls over payroll processing.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-004.
Questioned Cost: The error has been corrected and the employee paid back the over payment. Other eligible costs are available that satisfy CSLFRF requirements. This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County’s processing of payroll should incorporate further reconciliation and review procedures to ensure employees are paid for time actually worked.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Non-Material Non-Compliance
Material Weakness, Eligibility
Criteria: In accordance with 2 CFR 200, management should have an adequate system of internal control procedures in place to ensure that casefiles include all required documentation. In accordance with 45 CFR 435, documentation must be maintained to support eligibility determinations.
Condition: The County Department of Social Services failed to obtain the applicant’s signature, including an online or telephonic signature, on the DSS-8178 Energy Programs Application. Upon further review, the applicants were ultimately eligible.
Context: Of the 3,540 benefit payments valued at $2,012,801, we examined 60 payment records ($34,530 value) and determined that in two casefiles (3%) did not include a client’s signature authorizing the application. The applicants were deemed eligible.
Effect: Casefile did not include documentation of a signed application form, which could allow benefits to be provided to individuals who are not eligible.
Cause: Caseworker failed to obtain a signed application form.
Identification of Repeat Finding: This finding has been modified and repeated from the immediate previous audit, finding 2022-001.
Questioned Cost: The finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: Additional training should be provided to ensure caseworkers are aware of documentation requirements.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan.
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan
Significant Deficiency, Special Tests and Provisions
Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe.
Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network without anyone attending to the workstation.
Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition.
Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building.
Cause: Lack of proper internal controls over data security.
Questioned Cost: This finding represents an internal control issue; therefore, questioned costs are not applicable.
Recommendation: The County should implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended.
Views of Responsible Officials and Planned Corrective Action: Management concurs with the finding. See Corrective Action Plan