Corrective Action Plans

Finding 2024-050 Refugee and Entrant Assistance State/Replacement Designee Administered Programs, ALN 93.566 - Assistance to Ineligible Refugees Management Views LEO and MDHHS agree with the finding. Planned Corrective Action MDHHS, in conjunction with LEO, will provide mandatory training for all specialists that determine eligibility for refugee cash assistance payments by September 30, 2025. MDHHS also will implement ongoing management and peer-to-peer spot checks of cases to ensure that documentation is maintained to support the client’s eligibility beginning October 2025. In addition, MDHHS will determine if technical changes are needed to help ensure the proper documentation is in the electronic case file by December 31, 2025. If potential system modifications are needed, the Bridges technical team will follow the Departmental Work Intake Process for prioritization and determine an anticipated completion date for implementation. Anticipated Completion Date MDHHS has not yet determined an anticipated completion date because the date is dependent on the determination of whether system modifications are necessary. Responsible Individual(s) Benjamin Cabanaw, LEO Nicole Adams, LEO Bethany Cabanaw, MDHHS Kent Schutz, MDHHS Mariah Schaefer, MDHHS

Finding 2024-048 Temporary Assistance for Needy Families, ALN 93.558 - Child Support Non-Cooperation Management Views MDHHS disagrees with part a. of the finding. MDHHS’s eligibility system, Bridges, was functioning as intended for the two cases identified because each case was in a non-ongoing mode at the time the automated interface occurred. A case is placed into this status if the client circumstances have changed for any MDHHS program within Bridges and the case requires a redetermination. TANF policy cannot mandate Bridges to change the non-ongoing mode because each impacted program is required to be certified prior to changing the status. MDHHS policy does not mandate a specific length of time that a case can be in a non-ongoing status. The results of the redetermination can impact the client’s non-cooperation status and therefore the client should not be sanctioned until the certification by all programs is complete. For one of the cases, the client was appropriately sanctioned after the case review was complete and for the other case, the client was determined to be in compliance once the case was removed from the non-ongoing status mode. MDHHS agrees with part b. of the finding. Planned Corrective Action For part a., MDHHS disagrees with the finding and does not intend to take further action. For part b., MDHHS ESA policy staff will work with the MDHHS Bridges technical team to determine if there was a technical aspect that contributed to the inappropriate sanction and identify a solution by September 30, 2025. If potential system modifications are needed, MDHHS will follow the Departmental Work Intake Process for prioritization and determine an anticipated completion date for implementation. Anticipated Completion Date a. Not applicable b. MDHHS has not yet determined an anticipated completion date because the date is dependent on the potential solution identified. Responsible Individual(s) Bethany Cabanaw, MDHHS Kenton Schulze, MDHHS Brian Sanborn, MDHHS

Finding 2024-046 Temporary Assistance for Needy Families, ALN 93.558 - Inappropriate TANF- Funded Emergency Foster Care Assistance Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS redetermined the Foster Care Title IV-E (Title IV-E) program eligibility after the birth certificate was identified and the youth was determined to be Title IV-E eligible. MDHHS will reclassify the funds to the appropriate funding source, allowing the department to claim Title IV-E for the eligible placement. For those cases in which Title IV-E funding is denied initially based on lack of a birth certificate or other documentation of citizenship, the Child Welfare Funding Specialists will continue to monitor the case for updated documentation in order to complete a redetermination of funding. Child Welfare Funding Specialists will be reminded to monitor cases for updated documentation during a Child Welfare Funding conference call in June 2025. Anticipated Completion Date June 30, 2025 Responsible Individual(s) Nancy Berger, MDHHS

Finding 2024-045 Temporary Assistance for Needy Families, ALN 93.558 - Non-Financial Eligibility Documentation Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS ESA policy staff will work with the MDHHS Bridges technical team to determine the reason for the incomplete application by September 30, 2025, and implement a solution to correct the issue, if needed. If potential system modifications are needed, MDHHS will follow the Departmental Work Intake Process for prioritization and determine an anticipated completion date for implementation. MDHHS will also send a memo and template of the application to the local offices to highlight the required questions on the application to help ensure all required questions are appropriately answered. Anticipated Completion Date MDHHS has not yet determined an anticipated completion date because the date is dependent on the potential solution identified. Responsible Individual(s) Bethany Cabanaw, MDHHS Kenton Schulze, MDHHS Brian Sanborn, MDHHS

Finding 2024-044 Temporary Assistance for Needy Families, ALN 93.558 - MiSACWIS Security Management and Access Controls Management Views MDHHS agrees with the finding. Planned Corrective Action For part a., MDHHS currently has a process in place to review the user narrative describing the incompatible role exceptions within the DSA Michigan Statewide Automated Child Welfare Information System (MiSACWIS) request as part of the approval process. MDHHS will continue to work on adding an incompatible role form in the DSA MiSACWIS request with automated routing for appropriate approval. MDHHS anticipates completion of corrective action by October 30, 2025. For part b., MDHHS will evaluate the current DSA timelines for generation of access renewal and access drop requests and implement any necessary changes by September 30, 2025. MDHHS will continue to provide training for LOSCs via quarterly webinars to emphasize the appropriate procedures for granting access, reviewing, and comparing access. All new information related to security access is presented to the LOSCs during the webinars and one-on-one assistance is available as needed for additional support. Anticipated Completion Date a. October 30, 2025 b. September 30, 2025 Responsible Individual(s) Alana Lowe, MDHHS Deon Nelson, MDHHS

Finding 2024-042 Medicaid Cluster, ALN 93.775, 93.777, and 93.778 - Ineligible Home Help Assistance Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS added the Electronic Document Management system (EDM) to MiAIMS in March 2023 and issued an Adult Services Notification to adult services staff, communicating that medical needs forms should be uploaded into EDM. MDHHS issued an Adult Services Notification to adult services staff during May 2025 to communicate the exceptions identified and remind them of the medical needs form requirements. MDHHS will develop a procedure to monitor the expiration of medical needs forms using the MiAIMS Plan of Care by August 2025. In addition, MDHHS will research potential options to automate monitoring of the medical needs forms in MiAIMS and determine if any necessary system changes are needed by December 2026. Anticipated Completion Date December 2026 Responsible Individual(s) Elaina Brown, MDHHS

Finding 2024-041 Medicaid Cluster, ALN 93.775, 93.777, and 93.778 - Ineligible HHP Payments Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS generates a monthly hospitalization report and distributes to adult services workers as part of the post-payment review process. MDHHS enhanced the report query to improve the data used to identify overlaps in services and timely recover payments. MDHHS implemented the updated query during June 2025. Also, MDHHS issued an Adult Services Notification to managers and directors during February 2025, informing them of the audit finding and reminding local office management of the expectation to thoroughly monitor and review the hospitalization reports to ensure timely and accurate action is taken by adult services workers. In addition, MDHHS reissued the Home Help Recoupment Process training and procedural resources during February 2025 to adult services workers who manage Home Help cases to ensure process steps are consistently followed. Anticipated Completion Date Completed Responsible Individual(s) Elaina Brown, MDHHS Michelle Martin, MDHHS

Finding 2024-040 Medicaid Cluster, ALN 93.775, 93.777, and 93.778 - Payments on Behalf of Ineligible Beneficiaries Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS continues to work with DTMB on the underlying issues in Bridges causing these overpayment issues, as well as developing mitigation strategies to temporarily address the overpayment concerns while the more permanent system solutions are developed. MDHHS expects all remaining synchronization issues to be resolved once the remaining larger system changes are implemented in December 2025. Anticipated Completion Date December 31, 2025 Responsible Individual(s) Jamy Hengesbach, MDHHS

Finding 2024-014 Medicaid Cluster, ALN 93.775, 93.777, and 93.778 and Children's Health Insurance Program, ALN 93.767 - Provider Eligibility Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS amended the Pharmacy Benefits Manager, Prepaid Inpatient Health Plan (PIHP), MI Choice Waiver Program (MI Choice), Medicaid Health Plan (MHP), and Dental Health Plan entity fiscal year 2025 contracts to require that signatures are obtained on the Provider Screening Information Collection Tool (PSICT) forms and returned timely when contracts and waivers are renewed and extended. Also, MDHHS is in the process of amending the remaining Integrated Care Organization contract to include this requirement. MDHHS will continue to educate the managed care entities and MDHHS contract areas on this process to help ensure compliance. MDHHS expects that signatures will be obtained on the PSICT forms effective September 2025 for the fiscal year 2026 contract cycle and will continue to send an annual reminder to the managed care entities to report any change in ownership to MDHHS within 35 days. In addition, MDHHS continues to review provider agreements as part of its monitoring process conducted for all MI Choice entities. MDHHS’s review of fiscal year 2024 provider agreements for MI Choice entities will be completed by December 31, 2025, and will be ongoing during the Administrative Quality Assurance Review process as outlined in the waiver application that was approved by CMS. MDHHS will continue to send annual reminders to MI Choice entities to submit completed PSICT forms by September 1 each year as required by MI Choice contracts. MDHHS obtained an updated provider agreement for the Home Help provider cited in the finding. Home Help providers are now enrolled in CHAMPS and provider agreements, including updated terms and conditions, are completed electronically. Anticipated Completion Date December 31, 2025 Responsible Individual(s) Heather Hill, MDHHS Kim Heinicke, MDHHS Elaina Brown, MDHHS

Finding 2024-012 Medicaid Cluster, ALN 93.775, 93.777, and 93.778 and Children’s Health Insurance Program, ALN 93.767 - Beneficiary Eligibility Management Views MDHHS agrees with the identified exceptions for parts a. and c. of the finding. However, MDHHS disagrees that 3 Medicaid cases and 20 Children’s Health Insurance Program (CHIP) cases with MAGI determinations cited in part b. did not have case file documentation supporting the beneficiary eligibility determination. The Centers for Medicare and Medicaid Services (CMS) has determined that a reasonable compatibility indicator can be used for CMS audit purposes to determine if the attested income information was electronically verified for MAGI cases and MDHHS disagrees that documentation was not maintained to support the eligibility determination. The SOM MiIntegrate system communicates with various State and federal electronic trusted data sources and sends the information from these sources, along with the beneficiaries’ attested income, to the SOM MAGI Rules Engine where the MAGI eligibility determination is made. As part of the MAGI eligibility determination, a reasonable compatibility test is completed to determine if beneficiary/applicant attested income is within a specified percentage of the electronic trusted data sources or if the attested and verified income are below the threshold for the applicable program. The results of the MAGI eligibility determination are sent back to MiIntegrate using an Account Transfer (AT) packet that contains the results. MiIntegrate then communicates the results to the SOM MAGI Viewer and Bridges using an AT packet and Bridges stores the AT packet number only that can be used to view the details of the AT packet within the SOM MAGI Viewer. The version of the AT packet within the MAGI Viewer also contains a reasonable compatibility indicator that documents the outcome of the reasonable compatibility test and supports the SOM MAGI Rules Engine eligibility decision. MDHHS stores the AT packet information, including facts essential to the eligibility determination, within MiIntegrate and the MAGI Viewer instead of Bridges to help protect and secure the federal income tax data and unemployment data used for the determination. The AT packet for each individual determination can be retrieved from the MAGI Viewer using the AT packet number stored in each beneficiary’s case file within Bridges. MDHHS is not aware of any federal regulations that preclude MDHHS from storing this information in a separate system to help secure the data and restrict access as required by federal and state law. Planned Corrective Action To address the exceptions identified that are not related to MAGI-based income verification results, MDHHS has developed mandatory training protocols for eligibility workers and expects to have the first Medicaid audit focused mandatory training implemented by July 2025. MDHHS will continue to determine where additional training or enhancements to training are needed to ensure eligibility is accurately determined and documentation is properly maintained within the electronic case file. MDHHS disagrees it did not maintain case file documentation that supports the beneficiary eligibility determination for MAGI cases and does not intend to take further action. Anticipated Completion Date MDHHS will implement the first Medicaid audit focused training by July 2025. Responsible Individual(s) Logan Dreasky, MDHHS Mariah Schaefer, MDHHS

Finding 2024-007 CHAMPS Eligibility Interface Errors Management Views MDHHS agrees with the finding. Planned Corrective Action Bridges is the system of record for eligibility and produces reports with potential duplicate records for local office staff to review. In addition, the Community Health Automated Medicaid Processing System (CHAMPS) is currently designed to reject potential duplicate records to prevent duplicate payments for the same individuals that already exist in CHAMPS and places these records on a CHAMPS report for review. These two reports could potentially contain the same duplicate records identified by both CHAMPS and Bridges. As part of the Departmental Work Intake Process for prioritization, MDHHS submitted a work request during January 2023 for a Bridges system modification that would allow data from the Bridges reports to be exported to the Bridges data warehouse and MDHHS is currently working with DTMB to obtain access to the data. MDHHS central office will develop a process to reconcile the rejected records identified on the CHAMPS and Bridges reports and ensure that MDHHS is appropriately reviewing those records and making any necessary corrections. Anticipated Completion Date September 30, 2025 Responsible Individual(s) Jamy Hengesbach, MDHHS

Finding 2024-024 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Grant Reimbursement Approval Procedures Management Views EGLE agrees with the finding. Planned Corrective Action The EGLE Water Resources Division’s (WRD) administration staff adjusted their review process in April 2024 to comply with overall EGLE guidance that all reimbursement requests should be reviewed by a program representative and financial representative to ensure payments are made for activities authorized by the grant agreement. However, WRD had not fully completed the retroactive review of payments for fiscal year 2024. This has since been corrected and all retroactive reviews to ensure compliance with program technical specifications were completed as of May 1, 2025. Anticipated Completion Date Completed Responsible Individual(s) Phil Argiroff, EGLE Amy Hicks, EGLE

Finding 2024-008 MDE, IT General Controls Management Views DTMB agrees it did not fully implement its user access removal and recertification processes when transitioning responsibilities between employees. Planned Corrective Action DTMB corrected the issues noted and the reassigned employee resumed DTMB’s existing user access removal and recertification processes in November 2024. Anticipated Completion Date Completed Responsible Individual(s) Rex Menold, DTMB Aaron Dupre, DTMB

Finding 2024-005 Income Eligibility and Verification System Management Views MDHHS agrees with parts a., b., d., f., and g. of the finding. MDHHS disagrees with parts c. and e. of the finding. For part c., MDHHS disagrees that a process is not fully established to monitor the electronic notifications provided to county/district office caseworkers to ensure they utilized the Income Eligibility and Verification System (IEVS) information to determine the recipients’ eligibility. MDHHS had policies and procedures in effect during fiscal year 2024 to help ensure monitoring of electronic notifications was taking place. Review of IEVS information is fully incorporated into the case read procedure governed by Bridges Administrative Manual 301 and detailed further in desk aids and reading guides. The MDHHS Economic Stability Administration (ESA) provides regular direction and reminders of case read requirements via ESA Memos. For part e., MDHHS disagrees that IEVS information is required to be requested and obtained for modified adjusted gross income (MAGI) based recipients since eligibility is verified upon determination through the MAGI eligibility determination process and then granted for a 12-month continuous eligibility period. Requesting and obtaining IEVS information throughout the eligibility period would be irrelevant since eligibility is continuous. Planned Corrective Action For parts a. and b., MDHHS ESA will continue to provide guidance and trainings to the local office specialists on utilizing the IEVS data timely and appropriately if the data is critical for current eligibility determinations. MDHHS ESA will also continue to review any technical automated solutions of the IEVS data to help ensure its proper utilization and timeliness. For parts c. and e., MDHHS disagrees with the finding and does not intend to take further action. For part d., MDHHS is collaborating with other work areas to identify potential solutions to establish and implement IEVS interfaces for adoption subsidies recipients funded by Temporary Assistance for Needy Families (TANF). For part f., MDHHS worked with the Social Security Administration (SSA) to resolve a discrepancy in how the file was reported to DTMB by SSA and processed the fiscal year 2024 file during February 2025. For part g., MDHHS worked with the National Technical Information Service (NTIS) to regain access to the data during February 2024 and resume receiving the data monthly. Once access was re-established, NTIS sent a complete base file containing the data for the three months identified and the file exceeded the normal processing limit. MDHHS will work with DTMB to identify potential solutions and will process the complete file base by September 30, 2025. Anticipated Completion Date a. and b. Ongoing c. Not applicable d. MDHHS has not yet determined an anticipated completion date because the date is dependent on the potential solutions identified. e. Not applicable f. Completed g. September 30, 2025 Responsible Individual(s) a., b., and c. Veronica Maxson, MDHHS d. Kathonya Rice, MDHHS e. Logan Dreasky, MDHHS f. Brant Cole, MDHHS g. Brant Cole, MDHHS Nathan Buckwalter, DTMB

Finding 2024-003 Bridges Security Management and Access Controls Management Views MDHHS agrees with the finding. Planned Corrective Action For parts a., b., c., and d., MDHHS implemented the Database Security Application (DSA) on October 2, 2023, which includes documenting incompatible role exception requests and user access request approvals, semi-annual review of privileged users, and annual review for all users. Security management and access control processes will continue to be a standing agenda item for ongoing quarterly training sessions with Local Office Security Coordinators (LOSCs). For parts a., c., and d., the Access Management Section began conducting quarterly reconciliations of DSA to the Bridges Integrated Automated Eligibility Determination System (Bridges) during the first quarter of fiscal year 2025. For part b., MDHHS is currently evaluating the feasibility of establishing a quarterly review process to help ensure documentation is maintained for a sample of LOSC monitoring reports. MDHHS anticipates completing the evaluation by September 30, 2025, and will determine an anticipated completion date for implementation, if necessary, at that time. For part e., MDHHS Local Office Directors, District Managers, or designees review a monthly sample of high-risk Bridges transactions to ensure documentation was properly maintained. Beginning September 2024, MDHHS Business Service Centers (BSC) implemented a monitoring process to ensure monthly reviews are completed by the local offices timely and that the documentation is properly maintained. Anticipated Completion Date a., c., d., and e. Completed b. September 30, 2025 Responsible Individual(s) a., b., c., and d. Jim Bowen, MDHHS e. Veronica Maxson, MDHHS

Finding 2024-002 Bridges Interface Controls Management Views DTMB disagrees with the condition and the effect of the OAG’s finding. The OAG sampled 85 total files across eight interfaces. Of these, seven appeared to present issues. For five of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB’s technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified five instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of two exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Planned Corrective Action DTMB disagrees with the finding and does not intend to take further action. Anticipated Completion Date Not applicable Responsible Individual(s) Nathan Buckwalter, DTMB

Finding-002 Eligibility – Significant deficiency in internal control over compliance (Unit Inspection Documentation) Management Response Management acknowledges that this finding resulted in part from an over-reliance on partner organizations for performing initial and annual unit inspections, without ensuring that full inspection documentation was consistently maintained in internal records. To address this, the following corrective actions have been implemented: •The Leasing Department and Support Services teams are now required to collect and retain copies of all unit inspection documentation (both initial move-in inspections and annual reinspection), even when performed by partner organizations. •A centralized tracking log for unit inspections has been created and will be maintained by the Program Director to monitor inspection status and ensure document retention for each client. •Program staff are required to upload inspection documents to a secure central drive and log inspection completion in the client case management database. •Quarterly reviews will be conducted by the Compliance team to ensure all required inspection documentation is properly retained and accessible. Training on these updated procedures will be conducted on June 10, 2025, with quarterly refresher trainings planned. Responsible Staff: Program Directors and Leasing Manager Implementation Date: June 2, 2025

Corrective Action Plan Corrective Action Plan – Uniform Guidance Audit Finding Organization: Scripps Health and Affiliates Federal Agency: U.S. Department of Homeland Security Pass-Through Agency: California Governor’s Office of Emergency Services UEI Number: JJRCL53EXL36 Audit Period: Year Ended September 30, 2024 Finding Reference Number: 2024-001 Federal Program: COVID-19 – Disaster Grants – Public Assistance (Presidentially Declared Disasters) Assistance Listing Number: 97.036 Finding Summary: The organization did not employ an adequate internal control review of expenditures to support activities allowed or unallowed, allowable costs/cost principles, reporting and special tests and provisions related to amounts reimbursed for the project worksheet as it relates to the FEMA disposition requirements for COVID-19 related supplies. As a result, Management was reimbursed by FEMA for expenditures that were not in compliance with the FEMA disposition requirements which resulted in a questioned costs of $480,606. Corrective Action Plan: Management will develop and implement an additional layer of review in future FEMA project worksheet submissions to ensure expenditures reporting for reimbursement in the FEMA project worksheet comply with the FEMA disposition requirements. Management will work with FEMA to refund the questioned costs and discuss the extent of the additional courses of action. Management will ensure this is performed through the closeout process of the project worksheet with FEMA. Responsible Officials & Contact Person: Brett Tande, Executive Vice President & Chief Financial Officer Scripps Health and Affiliates Expected Completion Date: June 30, 2025

Views of Responsible Officials: HIAS management accepts the recommendation and is implementing procedures to ensure that FFATA reports are submitted in a timely manner.

Finding 2024-005 The Authority has hired a new Executive Director in April of 2025. She is undertaking the process of learning the systems in place and adjusting them to meet the requirements of the program. The Authority has hired a consultant that has significant experience in HUD regulations to help guide them to implement the appropriate systems. Planned corrective actions are to be implemented immediately.

Name of Contact Person: Wendy Ellis, Executive Director We will implement proper internal control procedures for the Low Rent Public Housing program eligibility requirements. Immediately.

Name of Contact Person: Sherry Joyner, Executive Director. We will implement proper internal control procedures for the Housing Choice Voucher program eligibility requirements. Immediately.

Name of Contact Person: Sherry Joyner, Executive Director. We will implement proper internal control procedures for the Section 8 New Construction program eligibility requirements. Immediately.

Recommendation: It is recommended that a supervisor or peer perform regular internal reviews on MAXIS and METS casefiles to determine that proper policies and procedures are followed in determining eligibility. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The County will implement policies to complete casefile reviews over all Medical Assistance casefiles. Name of the contact person responsible for corrective action plan: Kayla Matter, HHS Deputy Director Planned completion date for corrective action plan: December 31, 2025

2024-010 - ALN 14.850 - Public Housing Operating Fund - Special Tests and Provisions - Declaration of Trust Planned Corrective Action: The Executive Director acknowledges the finding and is following the auditor's recommendation as presented in the Audit Report. Issues are a result of prior management, and a corrective action plan is in place to address these weaknesses and deficiencies. Person Responsible for Correction of Finding: Christy Amacher, Executive Director Anticipated Completion Date: September 30, 2025