Corrective Action Plans

Browse how organizations respond to audit findings

Total CAPs
58,759
In database
Filtered Results
19,256
Matching current filters
Showing Page
482 of 771
25 per page

Filters

Clear
Head Start - AL #93.6000 Recommendation: The Organization should review and approve the related to the indirect costs that are automatically allocated by the system and retain support of this review and approval. Explanation of disagreement with audit finding: There is no disagreement with the audit...
Head Start - AL #93.6000 Recommendation: The Organization should review and approve the related to the indirect costs that are automatically allocated by the system and retain support of this review and approval. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: We implement a policy to ensure review and approval of cost allocations. Name(s) of the contact person(s) responsible for corrective action: Rita Zilka, Fiscal Director Planned completion date for corrective action plan: September 30, 2024
Action taken in response to finding: Esperanza reviewed the current year’s HRSA drawdown sheet and updated all personnel salaries. We will also revise the draw down sheet so each person’s current salary is visible each month, and apply conditional formatting to highlight any person making in excess ...
Action taken in response to finding: Esperanza reviewed the current year’s HRSA drawdown sheet and updated all personnel salaries. We will also revise the draw down sheet so each person’s current salary is visible each month, and apply conditional formatting to highlight any person making in excess of the salary cap. Name(s) of the contact person(s) responsible for corrective action: Ryan Gadia Planned completion date for corrective action plan: May 31, 2024. If there are any questions regarding this plan, please call Ryan Gadia at (773) 640-5792.
View Audit 295147 Questioned Costs: $1
Review check number sequencing monthly. Print outstanding check register for review with bank reconciliation on a monthly basis. Confirm gaps in sequence are corrected monthly as part of reconciliation process.
Review check number sequencing monthly. Print outstanding check register for review with bank reconciliation on a monthly basis. Confirm gaps in sequence are corrected monthly as part of reconciliation process.
Finding: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. The College is required to have doc...
Finding: The College did not have documented controls in place reviewing that the comprehensive information security program was in compliance with the Safeguards Rule and was prepared and in place by June 9, 2023. The College did meet the compliance requirements. The College is required to have documented internal controls in place to monitor compliance over special tests in accordance with the Uniform Guidance. On December 9, 2021, the Federal Trade Commission issued final regulations for 16 Code of Federal Regulations Part 314 to mplement the Gramm-Leach-Bliley Act (GLBA) information safeguarding standards that institutions must implement. These regulations significantly modified the requirements that institutions must meet under GLBA. The regulations established minimum standards that institutions must meet. The FTC stated that it "believes many of the requirements set forth in the Final Rule are so fundamental to any information security program that the information security programs of many financial institutions will already include them if those programs are in compliance with the current Safeguards Rule." Institutions are required to be in compliance with the revised requirements no later June 9, 2023. Institutions are required to develop, implement and maintain a comprehensive information security program that is written in one or more readily accessible parts. The College did not have proper documented controls in place to ensure that the College was compliant with GLBA Safeguards equirements in the timeframe specified by 16 CFR Part 314. Corrective Action: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
Finding: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. The College is responsible for designing, implementing, and maintaining internal control over compl...
Finding: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that the Department of Education (ED) considers high risk. The College's internal control over compliance for special tests are not operating effectively. The preparer did not update the student's status into NSLDS resulting in inaccuracies in significant Campus-Level and Program-Level enrollment date elements that ED considers high risk. Additionally, student with status changes were incorrectly reported as withdrawn but upon review of internal documentation, those same students graduated. We recommend management review and enhance its review policies and procedures surrounding enrollment reporting submissions to ensure the accuracy of data elements reported to ED. A review performed by an appropriate individual separate from the prepared prior to the submission of the enrollment reports to NSLDS may improve the accuracy of enrollment reporting. We also recommend management review all students reported to NSLDS to verify they are accurately reported. Corrective Action: Management agrees and has implemented necessary procedures/controls to ensure the College is in compliance with enrollment requirements.
FINDING 2023-002 Finding Subject: COVID-19 – Education Stabilization Fund – Subrecipient Monitoring Summary of Finding: The School Corporation received and passed through to subrecipients $495,386 of ESF funds. The School Corporation is to clearly identify the award and applicable requirements to th...
FINDING 2023-002 Finding Subject: COVID-19 – Education Stabilization Fund – Subrecipient Monitoring Summary of Finding: The School Corporation received and passed through to subrecipients $495,386 of ESF funds. The School Corporation is to clearly identify the award and applicable requirements to the subrecipients, evaluate the risk of noncompliance related to the subrecipients to determine appropriate monitoring of the subaward, and monitor the activities of the subrecipients to ensure that the subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals. Contact Person Responsible for Corrective Action: Dr. Judi Hendrix, Director of WVEC and Michelle Cronk, CFO of West Lafayette Schools Contact Phone Number and Email Address: Dr. Judi Hendrix Michelle Cronk 765-894-0333 765-746-1602 judi.hendrix@esc5.k12.in.us cronkm@wl.k12.in.us Views of Responsible Officials: We concur with the finding regarding the informing and monitoring of subrecipients for federal grants. Description of Corrective Action Plan: We concur with the findings from the State Audit regarding the 3E grants funds; 2023-002. Our Corrective Action Plan would consist of the following:  Before ESF funds are dispersed to school districts (subrecipients), the WVEC Grant Director will ask districts for proper documentation such as receipts, college entrance letters, staff documented timesheets to support their request for funding.  The WVEC Grant Director will monitor the activities of the subrecipients to ensure that the financial subaward is used for authorized purposes, complies with the terms and conditions of the subaward, and achieves performance goals of the grant.  Once the school district’s information and documentation is received and approved, grant funding will be dispersed. Both the Service Center Executive Director and WVEC Grant Manager will approve and sign off on any payment made to a subrecipient.  On a biannual basis (periods ending June 30 and December 31), West Lafayette School Corporation will request the monitoring documentation from WVEC to ensure that proper monitoring is taking place. The WVEC Grant Director will create a sub-grantee reporting procedure:  Monthly spreadsheet with district allowable expense and sign off by Grant Manager, WVEC Executive Director and WVEC Treasurer approval.  This will take place every pay period to monitor the disbursement of any federal funds and to ensure that they are used for allowable expenditures under the grant.  This monitoring will begin in the month of March 2024 and continue until the end of the grant or Final Report, December 31, 2024. This procedure will also be used for other federal grants received.  On a biannual basis (periods ending June 30 and December 31), West Lafayette School Corporation will request the monitoring documentation from WVEC to ensure that proper monitoring is taking place. Anticipated Completion Date: Monthly monitoring will begin promptly (March 2024) and end with the final report of 3E grant activities on December 31, 2024.
Finding 377328 (2023-001)
Significant Deficiency 2023
CORRECTIVE ACTION PLAN (CAP): Explanation of Disagreement with Audit Findings: There is no disagreement with the audit finding as stated. Actions Planned in Response to Finding: Management will review expenditures coded to the food service program to ensure that only allowable expenditures are cha...
CORRECTIVE ACTION PLAN (CAP): Explanation of Disagreement with Audit Findings: There is no disagreement with the audit finding as stated. Actions Planned in Response to Finding: Management will review expenditures coded to the food service program to ensure that only allowable expenditures are charged there. Official Responsible for Ensuring CAP: The Executive Director is the official responsible for ensuring corrective action of the deficiency. Planned Complete Date for CAP: The planned completion date is June 30, 2024. Plan to Monitor Completion of CAP: The Executive Director and Financial Service Provider will monitor the expenditures in the food service program.
View Audit 295129 Questioned Costs: $1
Corrective Action Plan Payroll will need send out a reminder email to Directors and Coordinators with a list of employees with timesheets not yet approved as of 2:45pm on the date approvals are due. Automatic approval will be delayed util 4:00pm to allow the payroll accountant more time to follow-up...
Corrective Action Plan Payroll will need send out a reminder email to Directors and Coordinators with a list of employees with timesheets not yet approved as of 2:45pm on the date approvals are due. Automatic approval will be delayed util 4:00pm to allow the payroll accountant more time to follow-up with Directors/Coordinators, if employees remain unapproved at 3pm. Directors and Coordinators will review, have time sheets corrected and approved by 3pm on the date approvals are due. Responsible Person for Corrective Action Plan Amanda Knight, Director of Finance, and Brandon Meline, Director of Maternal & Child Health. Implementation Date of Corrective Action Plan 02/09/2024
Department of Health and Human Services Federal Assistance Listing #93.498 COVID-19 Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution Applicable Federal Award Number and Year – Period 4 TIN #860554593 Reporting Material Weakness in Internal Control Over Compliance and Material N...
Department of Health and Human Services Federal Assistance Listing #93.498 COVID-19 Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution Applicable Federal Award Number and Year – Period 4 TIN #860554593 Reporting Material Weakness in Internal Control Over Compliance and Material Noncompliance Finding Summary: The Organization selected option iii to calculate lost revenue using budgeted gross revenues to actual gross revenues. The Organization’s HHS Period 4 Report included lost revenues for three quarters that did not agree to the supporting calculation of lost revenues. Without proper implementation of internal controls over the Organization’s budget prior to submission errors could occur resulting in the Organization not calculating lost revenues correctly. Status: The Organization will be adopting a policy to enhance internal controls over the budget to ensure that the lost revenue calculation is not changed after submission and follows the option iii methodology utilized to calculate lost revenues. Responsibility of: Richard Leonard (Controller) and Andrew Horan (Director of F.P. and A.) Estimated Completion Date: 3/31/24
Material Weakness - Internal Controls over Reporting and Noncompliance The Office of Financial Management (OFM) Grant Program Administrator, Heather Larson will monitor and ensure that Federal Funding Accountability and Transparency Act of 2006 (FFATA) reports are filed as required in the FSRS syste...
Material Weakness - Internal Controls over Reporting and Noncompliance The Office of Financial Management (OFM) Grant Program Administrator, Heather Larson will monitor and ensure that Federal Funding Accountability and Transparency Act of 2006 (FFATA) reports are filed as required in the FSRS system. Since the recent transition of the CDBG Entitlement Cluster from an outside agency back to Sarasota County, the County has implemented a standardized form to capture needed information from current and future subrecipients to report appropriately the requirements of the Federal Funding Accountability and Transparency Act of 2006 (FFATA). The OFM Grant Analyst assigned to the funding award, upon review of any pending subaward/ subaward amendment, will create an Action Item utilizing the Grants Administration module of OnBase. The Action Item will require completion of any required FSRS reporting. Action item will be assigned and have a deadline date no late than the last day of the month following the month in which the subaward/ subaward amendment obligation was made. Implementation date for this process - On or before February 28, 2024.
FINDING 2023-001 Finding Subject: Child Nutrition Cluster - Special Tests and Provisions - Verification of Free and Reduced Price Applications Summary of Finding: An effective internal control system, which would include segregation of duties, was not in place at the School Corporation in order to e...
FINDING 2023-001 Finding Subject: Child Nutrition Cluster - Special Tests and Provisions - Verification of Free and Reduced Price Applications Summary of Finding: An effective internal control system, which would include segregation of duties, was not in place at the School Corporation in order to ensure compliance with requirements related to the grant agreement and the Special Tests and Provisions - Verification of Free and Reduced Price Applications compliance requirement. Based upon the number of approved applications on file on October 1, the School Corporation was required to select a sample of three applications for fiscal year 2022- 2023 that were approved for free and reduced price meals, to verify the applicants' eligibility for the benefits received. The School Corporation requested income documentation from each applicant to perform the verifications as required. The School Corporation did not receive a response from any of the applicants. As a result, the student included in each application should have had a change in status from free or reduced to paid. However, for two of the applicants, the student was flagged in the system as no response, but the students' statuses were not updated to reflect that each was no longer eligible for free or reduced price meals. Contact Person Responsible for Corrective Action: Lana M. Miller Contact Phone Number and Email Address: Phone Number- 812-689-6282 Email- lmiller@sripley.k12.in.us INDIANA STATE BOARD OF ACCOUNTS 28 Views of Responsible Officials: We concur with the finding. Description of Corrective Action Plan: This finding was a result of a new staff person in the position working with software that was new to her. It was noted by the auditor that the application status was changed to paid in the verification status. The staff person involved did not know that she needed to make another change in the software other than changing the application status. We have discussed with the person responsible for this regarding the needed two-step process to change a student’s status. Additionally, the staff person has set up a process for segregation of duties. A second person will be reviewing the screens after verification changes are made. This person will also sign off on the paper/report to show the second review and segregation of duties. Anticipated Completion Date: Immediately, February 2024
Federal Agency Name: Department of Health and Human Services Program Name: COVID‐19 Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution Applicable Federal Award Number and Year – Period 4 TIN #420868216 Federal Financial Assistance Listing #93.498 Compliance Requirement: Reporting...
Federal Agency Name: Department of Health and Human Services Program Name: COVID‐19 Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution Applicable Federal Award Number and Year – Period 4 TIN #420868216 Federal Financial Assistance Listing #93.498 Compliance Requirement: Reporting Finding Summary: There was no evidence retained that the Hospital’s special report submitted to the Department of Health and Human Services for Period 4 TIN #420868216 was reviewed or approved by an individual separate from the preparer prior to submission. Responsible Individuals: Craig Carstens, CFO Corrective Action Plan: Management agrees with this finding. Management will designate specific individuals to review HHS special report submissions before submission to HHS. Management will require documentation verifying independent review and approval prior to submission. Management will provide comprehensive training to staff on the importance of independent review processes. Management will set up automated workflow systems and checklists to enforce review procedures. Management will regularly audit the review process, gather feedback, and make necessary adjustments for enhancement. Anticipated Completion Date: 2/26/2024.
Responsible Contact Person(s): Angela Morse, Director of Benefit Programs Frank Smith, Associate Director of Benefit Programs Corrective Action Planned: DSS will perform an analysis of identified reporting errors to determine causality and the appropriate actions to resolve reporting errors. Additio...
Responsible Contact Person(s): Angela Morse, Director of Benefit Programs Frank Smith, Associate Director of Benefit Programs Corrective Action Planned: DSS will perform an analysis of identified reporting errors to determine causality and the appropriate actions to resolve reporting errors. Additionally, DSS will create a systems modification request to correct errors that are identified as occurring as a result of inaccurate programming in the data modification phase of federal report creation. Estimated Completion Date: 12/31/2024
Responsible Contact Person(s): Angela Morse, Director of Benefit Programs Mark Golden, Economic Assistance and Employment Manager Division of Benefit Programs Corrective Action Planned: Perform an analysis of identified reporting errors to determine causality and the appropriate actions to resolve r...
Responsible Contact Person(s): Angela Morse, Director of Benefit Programs Mark Golden, Economic Assistance and Employment Manager Division of Benefit Programs Corrective Action Planned: Perform an analysis of identified reporting errors to determine causality and the appropriate actions to resolve reporting errors. Create a systems modification request to correct errors that are identified as occurring as a result of inaccurate programming in the data modification phase of federal report creation. Estimated Completion Date: 6/30/2024
Responsible Contact Person(s): Angela Morse, Director of Benefit Programs Frank Smith, Associate Director of Benefit Programs Corrective Action Planned: DSS has requested the vendor's records. Once received, DSS will audit those records to provide reasonable assurance that the contractor administer...
Responsible Contact Person(s): Angela Morse, Director of Benefit Programs Frank Smith, Associate Director of Benefit Programs Corrective Action Planned: DSS has requested the vendor's records. Once received, DSS will audit those records to provide reasonable assurance that the contractor administered the LIHWAP federal grant program in accordance with federal statutes, regulations, and the terms and conditions of the federal award before it closes the grant award. Estimated Completion Date: 6/30/2024
Responsible Contact Person(s): Angela Morse, Director of Benefit Programs Frank Smith, Associate Director Senior Benefit Programs Denise Surber, EAP Manager - Division of Benefit Programs Corrective Action Planned: DSS will work to provide additional training to local agency eligibility workers on h...
Responsible Contact Person(s): Angela Morse, Director of Benefit Programs Frank Smith, Associate Director Senior Benefit Programs Denise Surber, EAP Manager - Division of Benefit Programs Corrective Action Planned: DSS will work to provide additional training to local agency eligibility workers on how to properly determine and document eligibility determinations in the case management system. Additionally, DSS will consider monitoring local agency eligibility worker’s use of manual overrides to confirm that they properly document eligibility determinations in the case management system. Estimated Completion Date: 12/31/2024
View Audit 295106 Questioned Costs: $1
Responsible Contact Person(s): Ross McDonald, Director of Compliance Ousman Kah, Subrecipient Monitoring Coordinator Corrective Action Planned: A Grants Management solution is being pursued by DSS in anticipation that it can be deployed with Subrecipient Monitoring capabilities needed to comply with...
Responsible Contact Person(s): Ross McDonald, Director of Compliance Ousman Kah, Subrecipient Monitoring Coordinator Corrective Action Planned: A Grants Management solution is being pursued by DSS in anticipation that it can be deployed with Subrecipient Monitoring capabilities needed to comply with these requirements. A new budget request has been submitted for funding of a contingent Subrecipient Monitoring System solution. This will help bridge the deficiencies noted until an integrated permanent solution is implemented. Estimated Completion Date: 3/31/2025
Responsible Contact Person(s): Steve Hanoka, Chief Information Security Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virgin...
Responsible Contact Person(s): Steve Hanoka, Chief Information Security Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 4/1/2024
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Corrective Action Planned: DSS has 15 plus applications that are in active oversight; IT Business Administration is in receipt of the required SOC 2, Type 2 reports. However, additional requirements to capture the SOC 1, Type 2 ...
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Corrective Action Planned: DSS has 15 plus applications that are in active oversight; IT Business Administration is in receipt of the required SOC 2, Type 2 reports. However, additional requirements to capture the SOC 1, Type 2 reports have not yet been accomplished. Several SOC reports were not captured by VITA and then provided to DSS for review. Additional requirements to capture SOC 1, Type 2 reports have been identified and VITA is requesting this information of the providers. Estimated Completion Date: 12/31/2024
Responsible Contact Person(s): Naveen Abraham, Chief Core Infrastructure Services Corrective Action Planned: Ensuring that infrastructure suppliers fulfill all contractual requirements with respect to Commonwealth security policies and standards necessitates a programmatic, continuous improvement ap...
Responsible Contact Person(s): Naveen Abraham, Chief Core Infrastructure Services Corrective Action Planned: Ensuring that infrastructure suppliers fulfill all contractual requirements with respect to Commonwealth security policies and standards necessitates a programmatic, continuous improvement approach. VITA has made improved cybersecurity a primary goal and major initiatives have completed and are underway. VITA has established a scoring mechanism, based on the Common Vulnerability Scoring System (CVSS), that delineates the necessary response based on the criticality of the vulnerability (critical, high, and medium). For vulnerabilities with a CVSS score of (critical and high), service level agreement (SLA) 1.1.3 is now in place to measure supplier performance and adjust supplier compensation accordingly through SLA credits and RCDs. For vulnerabilities below the critical and high score, in Q4 of 2023, suppliers started providing data in a quarterly report to the MSI and VITA. The new SLAs combined with the reports of vulnerabilities below the critical and high score are used to ensure suppliers’ contractual compliance. VITA’s data shows that patches for software on the enterprise software list are being applied on an ongoing basis. VITA will work with agencies and suppliers if there are any new technical difficulties or questions about patching. New tools are now available to agencies so that they can monitor and verify the remediation of the vulnerabilities for which infrastructure suppliers are responsible. Dashboards have also been provided to the suppliers so that they can review a shared and common vulnerability list. VITA and the suppliers monitor and review enterprise level logs and security events on behalf of customer agencies through the system dashboard and a 24x7 Security Operations Center. The dashboard is available for access by agencies as of Q4 2023. VITA will continue to monitor and improve the security of infrastructure services through ongoing governance, including the requirements of architecture documentation, system security plans, and audit reports. VITA’s infrastructure services group will work with the VITA security group to confirm that the current state achieves security standards compliance. Estimated Completion Date: 6/30/2024
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Stephen Schleck, Associate Director of Enterprise Business Solutions Corrective Action Planned: A Change Request for the case management system was developed 2 years ago and DSS is reviewing the change request to determine a stat...
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Stephen Schleck, Associate Director of Enterprise Business Solutions Corrective Action Planned: A Change Request for the case management system was developed 2 years ago and DSS is reviewing the change request to determine a status. It was agreed by Line of Business and ITS EBS & a vendor (the systems provider) that there will be an iterative approach to completing the record retention and purge rules for implementation in the case management system. Estimated Completion Date: 12/31/2024
Responsible Contact Person(s): Diane Carnohan, Chief Information Security Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virg...
Responsible Contact Person(s): Diane Carnohan, Chief Information Security Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 6/1/2024
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Fede...
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 12/31/2024
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management John Vosper, Information Technology Audit Manager Corrective Action Planned: DSS has contracted with a contractor to perform IT audits once every three years on an on...
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management John Vosper, Information Technology Audit Manager Corrective Action Planned: DSS has contracted with a contractor to perform IT audits once every three years on an ongoing rotating basis. Estimated Completion Date: 12/31/2023
Responsible Contact Person(s): Mike Jones, Chief Information Officer Corrective Action Planned: The vendor started the security audit in September 2023 and completed in December 2023. The report was sent to DMAS in February 2024. Next steps- The report needs to be reviewed and the Contract Administ...
Responsible Contact Person(s): Mike Jones, Chief Information Officer Corrective Action Planned: The vendor started the security audit in September 2023 and completed in December 2023. The report was sent to DMAS in February 2024. Next steps- The report needs to be reviewed and the Contract Administrator will work with the vendor to ensure Plan of Action and Milestones (POAMs) are completed to address the risks and control gaps. The Contract Administrator will monitor the vendor to ensure the vendor meets to terms of the contract and submits a security audit every two years. Estimated Completion Date: 6/30/2024
« 1 480 481 483 484 771 »