Corrective Action Plans

Browse how organizations respond to audit findings

Total CAPs
58,904
In database
Filtered Results
19,295
Matching current filters
Showing Page
724 of 772
25 per page

Filters

Clear
Finding No.: 2022-_ 002_ Condition: District personnel were unaware of their requirement to ensure that employees of vendors used on projects exceeding $2,000 and paid with federal funds were paid prevailing wage rates. Plan: Annually District personnel should read...
Finding No.: 2022-_ 002_ Condition: District personnel were unaware of their requirement to ensure that employees of vendors used on projects exceeding $2,000 and paid with federal funds were paid prevailing wage rates. Plan: Annually District personnel should read the 2 CFR Part 200, Appendix XI, Compliance Supplement for all federal programs received by the District to ensure they are aware of all applicable compliance requirements. Anticipated Date of Completion: 06/30/2023 Name of Contact Person: Melissa Ritter Management Response: Management will implement the auditor's recommendation in the year ended June 30, 2023.
Finding 23713 (2022-010)
Significant Deficiency 2022
Finding 2022-010 MARS User Access Management Views The Department of Labor and Economic Opportunity (LEO) agrees with the finding. LEO Administrative Services continues to experience challenges related to staffing shortages and competing priorities but recognizes the importance of maintaining sound...
Finding 2022-010 MARS User Access Management Views The Department of Labor and Economic Opportunity (LEO) agrees with the finding. LEO Administrative Services continues to experience challenges related to staffing shortages and competing priorities but recognizes the importance of maintaining sound access controls over the Michigan Administrative Review System (MARS). Accordingly, within LEO Administrative Services, the LEO Internal Controls Unit will assist the LEO Finance Unit in the interim with implementing corrective action until a permanent assignment is made. Planned Corrective Action LEO Administrative Services will continue to work with LEO Workforce Development to correct these exceptions. LEO will establish and fully implement a policy, procedure, and routine that addresses the following: a. Ensuring that LEO reviews MARS user access semiannually for privileged accounts or annually for all other accounts. b. Ensuring timely disabling of inactive user accounts (those not accessed in over 60 days). Anticipated Completion Date September 30, 2023 Responsible Individual(s) Lora MacKay, LEO Allen Williams, LEO
Finding 23703 (2022-002)
Significant Deficiency 2022
Finding 2022-002 SIGMA High-Risk Activity Monitoring Management Views DTMB agrees with the finding. Planned Corrective Action DTMB immediately, after the issue was identified in August 2022, reinstated processes to review transactions that have been bypassed and overridden in SIGMA and perform tas...
Finding 2022-002 SIGMA High-Risk Activity Monitoring Management Views DTMB agrees with the finding. Planned Corrective Action DTMB immediately, after the issue was identified in August 2022, reinstated processes to review transactions that have been bypassed and overridden in SIGMA and perform tasks according to the requirements. Furthermore, DTMB will continue to review their self-imposed limit for the number of users that have access to perform authorized bypass and override actions in SIGMA for DMVA and MSP. Anticipated Completion Date Completed Responsible Individual(s) Brenda Sprunger, DTMB
Finding 23676 (2022-014)
Significant Deficiency 2022
Finding 2022-014 MDE, Change Management Process Management Views MDE agrees with the finding. Planned Corrective Action Beginning March 15, 2023, MDE performs monthly reviews on the status of resolved MiND change order requests to verify that the tickets are closed in a timely manner and documente...
Finding 2022-014 MDE, Change Management Process Management Views MDE agrees with the finding. Planned Corrective Action Beginning March 15, 2023, MDE performs monthly reviews on the status of resolved MiND change order requests to verify that the tickets are closed in a timely manner and documented accordingly. MDE will review the change management processes with NexSys staff to ensure they understand and complete the required change management process steps to document testing results and to close and document the completion of change order requests. Anticipated Completion Date July 31, 2023 Responsible Individual(s) Monica Butler, MDE Peter Cyril Jones, MDE
Finding 23675 (2022-013)
Significant Deficiency 2022
Finding 2022-013 MDE, Security Management and Access Controls Management Views MDE agrees with the finding. Planned Corrective Action For part a.1., MDE has reviewed the security authorization process for the Grant Electronic Monitoring System (GEMS)/MARS with staff who can approve and modify user...
Finding 2022-013 MDE, Security Management and Access Controls Management Views MDE agrees with the finding. Planned Corrective Action For part a.1., MDE has reviewed the security authorization process for the Grant Electronic Monitoring System (GEMS)/MARS with staff who can approve and modify user accounts. MDE also provided the same staff with training in April 2023 to review the correct procedure to help ensure appropriate documentation is maintained. MDE no longer used the functionality to directly replace a user with another user at the beginning of fiscal year 2023 and the functionality was removed entirely in April of 2023. For part a.2., MDE has reviewed its established policies and procedures over the granting of access to the Next Generation Grant, Application and Cash Management System (NexSys) with staff and will continue to work to appropriately process forms according to policy guidelines and minimize human error. For part b., MDE will notify program office directors during the collection of the Semi-Annual Reviews of Privileged Users that failure to return the certification will result in deactivation of program office users. The next collection of the Semi-Annual Reviews of Privileged Users will be completed by June 30, 2023. For part c., as part of the Annual Certification of Non-Privileged users, MDE now requests all entities to review and update all active users in the Michigan Electronic Grants System Plus (MEGS+), NexSys, GEMS/MARS and Michigan Nutrition Data (MiND). Entities can then submit the certification indicating they have either reviewed their system users or that they do not have any users in the listed system. MDE implemented the first Annual Certification of Non-Privileged users on March 23, 2023 and the certification will be released again in late 2023. For part d., MDE received an exception from the DTMB Enterprise Technical Review Board for the control that would have required MDE to deactivate users after 60 days of inactivity. The exception was issued in November 2023 and now allows MDE to keep inactive users up to 18 months. Anticipated Completion Date a.1. Completed a.2. Ongoing b. June 30, 2023 c. Completed d. Completed Responsible Individual(s) Aimee Alaniz, MDE David Judd, MDE Spencer Simmons, MDE
Finding 23652 (2022-007)
Significant Deficiency 2022
Finding 2022-007 ADP Security Program Management Views MDHHS agrees with part a. of the finding. MDHHS and DTMB disagree with parts b. and c. of the finding. For part b., for the first system identified, although DTMB did not proactively schedule an annual disaster recovery test, DTMB successfully...
Finding 2022-007 ADP Security Program Management Views MDHHS agrees with part a. of the finding. MDHHS and DTMB disagree with parts b. and c. of the finding. For part b., for the first system identified, although DTMB did not proactively schedule an annual disaster recovery test, DTMB successfully performed an actual failover and supporting documentation was provided to the auditors. The actual failover demonstrated that the disaster recovery plan (DRP) worked, was complete, and no delays were experienced in restoring the critical system, therefore DTMB did not perform additional testing activities and it was unnecessary to perform a separate review or update. For the second system identified, the DRP was tested in accordance with the SOM Standard and DTMB provided the auditors with supporting documentation that updates were made to the DRP within the SOM DRP repository. The State?s environment and data centers leverage an infrastructure that is comprised of fully redundant load balanced systems at alternate sites, data mirroring, and data replication to help ensure high availability. For part c, although MDHHS agrees that system security plans were not updated timely for the systems cited, MDHHS disagrees that effective controls were not implemented to ensure confidentiality, integrity, and availability of its automated data processing (ADP) information systems. MDHHS also disagrees that the security of critical systems was at risk by failing to mitigate potential vulnerabilities as described above. MDHHS has compensating controls in place to ensure confidentiality, integrity, and availability of its ADP information systems in addition to mitigating potential vulnerabilities. MDHHS monitors remediation of Plans of Actions and Milestones for all information systems even after expiration of the authority to operate. In addition, MDHHS is required to audit a portion of these systems (Community Health Automated Medicaid Processing System (CHAMPS), Bridges, Enterprise Common Controls) as part of responsibilities related to the Affordable Care Act and the Medicaid Expansion marketplace. Those audits are conducted to show compliance with federal information security and privacy requirements related to the data stored in those systems. In addition, 2 of the 3 ADP systems cited for not having an updated risk assessment are reviewed biennially through the Internal Control Evaluation process where control evidence is updated to demonstrate effectiveness of controls. Planned Corrective Action For part a., MDHHS will add the missing elements identified to the business continuity plan (BCP) and perform annual reviewing and testing of the BCP. For parts b. and c., MDHHS and DTMB disagree with the finding and do not intend to take further action. Anticipated Completion Date a. December 31, 2023 b. and c. Not applicable Responsible Individual(s) Jim Bowen, MDHHS Nathan Buckwalter, DTMB Heather Frick, DTMB Alana Lowe, MDHHS Jennifer Tate, MDHHS
Finding 23650 (2022-005)
Significant Deficiency 2022
Finding 2022-005 Bridges Change Management Process Management Views MDHHS agrees with the finding. Planned Corrective Action For Bridges releases that do not have field testers performing post-implementation validation, MDHHS will document an alternate validation approval following the release. MD...
Finding 2022-005 Bridges Change Management Process Management Views MDHHS agrees with the finding. Planned Corrective Action For Bridges releases that do not have field testers performing post-implementation validation, MDHHS will document an alternate validation approval following the release. MDHHS will send a communication within three business days after each release that validates the changes to Bridges were applied as expected and this validation will be documented as part of the release close-out process. Anticipated Completion Date Completed Responsible Individual(s) Holly Roderick, MDHHS
Finding 2022-004 Bridges Security Management and Access Controls Management Views MDHHS agrees with parts a., b., and d. through g. of the finding. MDHHS and DTMB disagree with part c. of the finding. For part c., although MDHHS and DTMB had not fully documented all database specific configuratio...
Finding 2022-004 Bridges Security Management and Access Controls Management Views MDHHS agrees with parts a., b., and d. through g. of the finding. MDHHS and DTMB disagree with part c. of the finding. For part c., although MDHHS and DTMB had not fully documented all database specific configuration standards until after the audit period, DTMB disagrees that during the audit period the system contained potentially vulnerable database configurations and disagrees that DTMB cannot ensure the security of the data. DTMB has been and continues to implement the manufacturer?s recommendations regarding security configurations. In addition, the databases reside in restricted trusted internal security zones, protected by firewalls, which are specific to each application and database, in conjunction with intrusion protection, antivirus software, and SOM standard security safeguards. Planned Corrective Action For parts a., d., and e., MDHHS will implement the Database Security Application (DSA) Bridges form which establishes a method to document user access request approval electronically and includes a semi-annual review of privileged users and an annual review of all users that is required to prevent automatic removal of access. For part b., MDHHS will prioritize updates to Bridges that will require the local office security coordinator (LOSC) to document security monitoring reports within Bridges alerts and generate a reminder to the LOSC and their manager to reconcile the report. Before the alert can be closed, the LOSC will be required to enter comments for actions taken and approve the report. For part c., DTMB developed an organization-wide framework for database security configuration management. For part f., MDHHS?s Economic Stability Administration (ESA) issued a revised memo on October 3, 2022, to Business Service Centers (BSCs) and local offices to reiterate the need for reviewing, documenting, and completing the required high-risk transaction reports timely. For part g., during February 2022, MDHHS?s Bridges Resource Center (BRC) revised their reconciliation process of high-risk transactions to comply with the changed policy requirements and ensure separate reviews are performed for each type of high-risk transaction. MDHHS?s ESA issued a revised memo on July 11, 2022, to address changes made for non-BRC Central Office staff transactions to reiterate the need for reviewing, documenting, and completing the required high-risk transactions timely. Also, an email reminder is sent out two days prior to the high-risk transaction report due date to help ensure timeliness of the reviews. Anticipated Completion Date a, d., and e. MDHHS anticipates the first phase of the DSA Bridges form will be implemented by October 2023 as a pilot and then roll out statewide with full automation by September 2024. Semi-annual and annual reviews will begin 6 months and 12 months, respectively, from the time each DSA Bridges form is implemented for each respective user. b. August 2024 c. DTMB anticipates having compliance documentation by September 30, 2023. f. Completed with ongoing monitoring. g. Completed Responsible Individual(s) a., b., d., and e. Deon Nelson, MDHHS c. Nathan Buckwalter, DTMB f. MDHHS ESA and BSC Directors g. Todd Gore and Russell Gruber, MDHHS
Finding 23648 (2022-003)
Significant Deficiency 2022
Finding 2022-003 Bridges Interface Controls Management Views DTMB disagrees with part a. of the finding. MDHHS agrees with part b. of the finding. For part a., DTMB disagrees the interface over the Bridges Integrated Automated Eligibility Determination System (Bridges) data exchanges is not operat...
Finding 2022-003 Bridges Interface Controls Management Views DTMB disagrees with part a. of the finding. MDHHS agrees with part b. of the finding. For part a., DTMB disagrees the interface over the Bridges Integrated Automated Eligibility Determination System (Bridges) data exchanges is not operating as needed. For one interface, the auditors sampled 27 different daily batches, including 9,945 records, and only four records (0.04 percent) were cited by the auditors as having inconsistencies. DTMB reviewed these four records and determined they were processed in accordance with business rules and the reporting inconsistency identified did not impact the accuracy of the reconciliation. Additionally, the auditors did not identify inconsistencies in the other eight interfaces sampled across multiple days, which totaled more than 2.95 million records. Therefore, the interface controls are effective and reasonably ensure that data transferred from a source system to a receiving system is processed accurately, completely, and timely. Planned Corrective Action For part a., DTMB disagrees with the finding and does not intend to take further action. For part b., MDHHS, in collaboration with the business program area, will work to establish all missing agreements. Anticipated Completion Date a. Not applicable b. September 30, 2023 Responsible Individual(s) a. Heather Frick and Nathan Buckwalter, DTMB b. James Bowen and Candy Calvert, MDHHS
Unaudited REAC Reporting Recommendation: CLA recommends the CDA develops an internal control monitoring system to ensure unaudited REAC filings are submitted on time. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding:...
Unaudited REAC Reporting Recommendation: CLA recommends the CDA develops an internal control monitoring system to ensure unaudited REAC filings are submitted on time. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: Management will work closely with our outside accountant to ensure timely REAC reporting, securing a submission confirmation email. Management will also further confirm submission via HUD online systems. Name(s) of the contact person(s) responsible for corrective action: Betty Noel, Assistant Director Planned completion date for corrective action plan: April 18, 2023
Finding 23646 (2022-003)
Significant Deficiency 2022
2022-003 Research and Development Cluster ? Assistance Listing No. 93.310 Recommendation: We recommend the Blood Bank implement procedures to ensure only allowable charges outlined within 200 CFR 200.68 are included in the Modified Total Direct Costs (MTDC) subject ...
2022-003 Research and Development Cluster ? Assistance Listing No. 93.310 Recommendation: We recommend the Blood Bank implement procedures to ensure only allowable charges outlined within 200 CFR 200.68 are included in the Modified Total Direct Costs (MTDC) subject to the indirect cost rate. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The Blood Bank added review and approval processes to ensure only allowable charges are included in the MTDC subject to the indirect cost rate. Names of the contact persons responsible for corrective action: Bryan Eleazar, CFO; Lisa Alexander, Direct of Grant Accounting; Jeanette Lysse, Controller Planned completion date for corrective action plan: October 29, 2021
View Audit 19755 Questioned Costs: $1
Finding 23645 (2022-002)
Significant Deficiency 2022
2022-002 Research and Development Cluster ? Assistance Listing No. 93.310 Recommendation: We recommend the Blood Bank implement procedures to ensure all personnel charges to the program are supported by the minimum time and effort documentation outlined within 200 CFR 200.430. Explanation of disagr...
2022-002 Research and Development Cluster ? Assistance Listing No. 93.310 Recommendation: We recommend the Blood Bank implement procedures to ensure all personnel charges to the program are supported by the minimum time and effort documentation outlined within 200 CFR 200.430. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The Blood Bank added review and approval processes to compare actual vs budgeted vs allowable time and effort. Names of the contact persons responsible for corrective action: Bryan Eleazar, CFO; Lisa Alexander, Direct of Grant Accounting; Jeanette Lysse, Controller Planned completion date for corrective action plan: October 29, 2021
View Audit 19755 Questioned Costs: $1
Condition: School District did not comply with the requirements of filing quarterly reports that support the accounting records. Plan: The District will strengthen there controls to make sure supporting documentation agrees with the accounting records and the claims to ISBE. Anticipated Date of Comp...
Condition: School District did not comply with the requirements of filing quarterly reports that support the accounting records. Plan: The District will strengthen there controls to make sure supporting documentation agrees with the accounting records and the claims to ISBE. Anticipated Date of Completion: June 30, 2023. Name of Contact Person: Dr. Kevin J. Nohelty, Superintendent. Management Response: The District experienced turnover for key employees within the grant reporting process and is currently strengthening internal control procedures over grant reporting and monitoring.
View Audit 27423 Questioned Costs: $1
Condition: School District did not comply with the requirements of filing quarterly reports that support the accounting records. Plan: The District will strengthen there controls to make sure supporting documentation agrees with the accounting records and the claims to ISBE. Anticipated Date of Comp...
Condition: School District did not comply with the requirements of filing quarterly reports that support the accounting records. Plan: The District will strengthen there controls to make sure supporting documentation agrees with the accounting records and the claims to ISBE. Anticipated Date of Completion: June 30, 2023. Name of Contact Person: Dr. Kevin J. Nohelty, Superintendent. Management Response: The District experienced turnover for key employees within the grant reporting process and is currently strengthening internal control procedures over grant reporting and monitoring.
View Audit 27423 Questioned Costs: $1
Finding 2022-001 United States Small Business Administration Program Name: Economic Injury Disaster Loan Federal Assistance Listing Number - 59.008 Responsible Individuals: Jamie Morgan, Chief Executive Officer Finding Summary: The YMCA should implement proper internal controls and procedures to ens...
Finding 2022-001 United States Small Business Administration Program Name: Economic Injury Disaster Loan Federal Assistance Listing Number - 59.008 Responsible Individuals: Jamie Morgan, Chief Executive Officer Finding Summary: The YMCA should implement proper internal controls and procedures to ensure that documentation filing requirements included in the loan agreement are identified and related filings made in a timely manner. Corrective Action Plan: The YMCA did not provide proof of hazard insurance to the lender within the timeline specified by the loan agreement; however, sufficient insurance coverage was maintained and was active during the required period. The YMCA provided the lender with the proof of insurance in June 2023. The YMCA will contact the lender to determine the specific form and content of the requested financial statements and provide the information to the lender as soon as possible. Anticipated Completion Date: The proof of hazard insurance was sent to the lender in June 2023. The filing of the YMCA's financial statements with the lender is ongoing and is expected to be completed in July 2023.
Finding ref number: 2022-001 Finding caption: The District did not have adequate internal controls for ensuring compliance with wage rate requirements. Name, address, and telephone of District contact person: Jeri Carlson 33330 8th Ave S Federal Way, WA 98003 253.945.2045 During the course of the...
Finding ref number: 2022-001 Finding caption: The District did not have adequate internal controls for ensuring compliance with wage rate requirements. Name, address, and telephone of District contact person: Jeri Carlson 33330 8th Ave S Federal Way, WA 98003 253.945.2045 During the course of the audit, the District immediately took steps to obtain and review all certified payroll documents from the beginning of the project to current and verified that the contractor was compliant with federal prevailing wage rules. This information was provided to the Auditors. The District has already taken steps to ensure the additional compliance steps are followed for federally funded construction projects. The District will also ensure staff are appropriately trained on these requirements.
COMMENT COMMENT CORRECTIVE ACTION PLAN CONTACT PERSON, TITLE, ANTICIPATED DATE REFERENCE TITLE PHONE NUMBER OF COMPLETION 2022-001 SEGREGATION ...
COMMENT COMMENT CORRECTIVE ACTION PLAN CONTACT PERSON, TITLE, ANTICIPATED DATE REFERENCE TITLE PHONE NUMBER OF COMPLETION 2022-001 SEGREGATION SEE RESPONSE AND CORRECTIVE TERESA SADLER N/A DUTIES ACTION PLAN AT 2022-001. BUSINESS MANAGER 515-448-4749 2022-002 PREPARATION SEE RESPONSE AND CORRECTIVE TERESA SADLER N/A OF FINANCIAL ACTION PLAN AT 2022-002. BUSINESS MANAGER STATEMENTS 515-448-4749
2022-067a ? In amendment 5 with the health plans, signed in the fall of 2021, EOHHS strengthened its contractual requirements with the health plans by requiring the plans to reconcile differences between claims submitted and accepted via the encounter submission process to encounterable claims as re...
2022-067a ? In amendment 5 with the health plans, signed in the fall of 2021, EOHHS strengthened its contractual requirements with the health plans by requiring the plans to reconcile differences between claims submitted and accepted via the encounter submission process to encounterable claims as reported in the quarterly financial data cost reports within 0.1%. The contract at section 2.13.02.04 includes the following language: ?Contractor is responsible to reconcile Financial Data Cost Report (FDCR) cost allocations and the File Submission Report (FSR), which contains the encounter data reporting outlined above. The reported Incurred Expenditures submitted in the File Submission Report must align with the sum of the Direct Paid, Non-State Plan Paid, and Subcapitated Proxy Paid expenditures submitted in the Financial Data Cost Report for each state fiscal year within the point one percent (.1%) threshold. The FSR and FDCR used for this comparison will include the same paid run-out period. Failure to meet threshold will result in financial penalty and/or corrective action by EOHHS as outlined in ?Rhode Island Medicaid Managed Care Encounter Data Methodology, Thresholds and Penalties for Non-Compliance.?? Achieving this level of compliance has proven more difficult than anticipated. To date, EOHHS has not imposed any financial penalties as a result of this new requirement. We have, however, worked proactively with the health plans to resolve outstanding issues and reconcile differences. EOHHS staff meet with managed care staff regularly throughout the month to resolve issues that arise during the claims submission process and to determine the root cause for claim rejections. This work is ongoing. EOHHS plans to further strengthen its oversight and improve plan compliance with the procurement of the managed care contracts. That revised encounter data quality plan, which is subject to further modification into the fall as we prepare the revised procurement documentation, is available on EOHHS?s website, here: https://eohhs.ri.gov/sites/g/files/xkgbur226/files/2021-10/4.1-rhode-island-medicaid-managed-care-encounter-data-quality-measurement-20210826.pdf Anticipated Completion Date: Ongoing Contact Person: Bill McQuade, Chief of Program Analytics Executive Office of Health and Human Services bill.mcquade@ohhs.ri.gov 2022-067b ? Over the course of the last two FY audits, EOHHS continued to make improvements to automatically identify and terminate Medicaid eligibility for deceased individuals. EOHHS has completed root cause analysis and has submitted business requirements for SFY24 Annual Planning to resolve downstream issues in the MMIS when Date of Death (DoD) is not received from RI Bridges or associated interface. EOHHS has submitted both an interim business plan (IBP) and permanent system interface modification to align date of death data between RI Bridges and MMIS. Anticipated Completion Date: Ongoing. IBP is scheduled for implementation in June 2023, while the permanent system modification will be scheduled later in CY2024 post SFY24 annual planning decisions. Contact Person: Brian Tichenor, RIBridges Medicaid Administrator Executive Office of Health and Human Services brian.tichenor@ohhs.ri.gov
View Audit 23102 Questioned Costs: $1
Significant Deficiency ? Item No. 2022-003 Criteria: The Hospital must establish and maintain effective internal control over federal awards that provides reasonable assurance that the Hospital is managing the federal awards in compliance with federal statutes, regulations and terms and conditions o...
Significant Deficiency ? Item No. 2022-003 Criteria: The Hospital must establish and maintain effective internal control over federal awards that provides reasonable assurance that the Hospital is managing the federal awards in compliance with federal statutes, regulations and terms and conditions of the federal award. 2 CFR 200.327 and 2 CFR 200.328 require the auditee to collect financial information and monitor its activities under federal awards to assure compliance with applicable federal requirements and performance expectations are being achieved and report these items in accordance with program requirements. Terms and conditions of the federal award require the audited financial statements to be provided to the federal agency annually within 9 months of fiscal year-end, as well as quarterly internal financial statements. Condition: The Hospital did not submit the audited financial statements within the prescribed period or request an extension and did not submit any quarterly reports to the federal agency. The Hospital was not asked for the information after they failed to submit it. The audit financial statements are readily available to the federal agency through the federal clearinghouse website. Planned Corrective Action: Management agrees with the finding and are implementing procedures to ensure that the required financial reports are submitted in a timely manner in accordance with the terms and conditions of the federal award. Planned Completion Date: June 30, 2023 Person Responsible: Nate Thompson, Chief Executive Officer
DHS will complete training and review with field staff on the required documentation for RIW. This will include training with CSDL, office hours with eligibility field staff, attending supervisors meeting to verify documentation during case reviews, and utilizing new reports from MMIS. MMIS team a...
DHS will complete training and review with field staff on the required documentation for RIW. This will include training with CSDL, office hours with eligibility field staff, attending supervisors meeting to verify documentation during case reviews, and utilizing new reports from MMIS. MMIS team are developing a report for verification to be provided to RIW vendors to ensure accurate documentation is sent to DHS and is retained accurately. Anticipated Completion Date: June 30, 2024 Contact Person: Kimberly Rauch, RI Works / TANF Administrator Department of Human Services kimberly.rauch@dhs.ri.gov
View Audit 23102 Questioned Costs: $1
Finding 23462 (2022-058)
Significant Deficiency 2022
Thoroughly review requirements of Higher Education Emergency Relief Funds, HEERF Student Aid Portion Public Reporting Requirements, 86 FR 26213. Adjust website to ensure that all reporting requirements are properly posted. Identify and document roles and applicable procedures as it related to HEERF...
Thoroughly review requirements of Higher Education Emergency Relief Funds, HEERF Student Aid Portion Public Reporting Requirements, 86 FR 26213. Adjust website to ensure that all reporting requirements are properly posted. Identify and document roles and applicable procedures as it related to HEERF federal reporting to ensure continuity as employee responsibilities change. As part of the procedures, institute a cross-departmental approval process to ensure new or existing HEERF federal reporting requirements are met. Anticipated Completion Date: March 31, 2023 Contact Person: Victoria McNeil, Senior Associate Director, Enrollment Services University of Rhode Island victoria.mcneil@uri.edu
Finding 23460 (2022-056)
Significant Deficiency 2022
2022-056a ? RIDE finance will establish procedures by 10/31/23. 2022-056b ? RIDE finance and IT will develop and implement a schedule by 10/31/23. 2022-056c ? RIDE finance and IT will determine relevancy of complementary controls in the SOC2 report by 9/30/23. 2022-056d ? RIDE finance and IT will...
2022-056a ? RIDE finance will establish procedures by 10/31/23. 2022-056b ? RIDE finance and IT will develop and implement a schedule by 10/31/23. 2022-056c ? RIDE finance and IT will determine relevancy of complementary controls in the SOC2 report by 9/30/23. 2022-056d ? RIDE finance and IT will develop and implement an IT vendor management process by 12/31/23. Anticipated Completion Date: December 31, 2023 Contact Person: Mark Dunham, Director, Finance Office Department of Elementary and Secondary Education mark.dunham@ride.ri.gov
Finding 23459 (2022-055)
Significant Deficiency 2022
The Department finance office will work with the charter office to update its policies, procedures, and internal controls for review of charter schools with charter management organizations (CMO) to ensure proper risk assessment for conflicts of interest, related party transactions, and segregation ...
The Department finance office will work with the charter office to update its policies, procedures, and internal controls for review of charter schools with charter management organizations (CMO) to ensure proper risk assessment for conflicts of interest, related party transactions, and segregation of duties between the CMO and the charter school. Anticipated Completion Date: December 31, 2023 Contact Person: Mark Dunham, Director, Finance Office Department of Elementary and Secondary Education mark.dunham@ride.ri.gov
Finding 23431 (2022-043)
Significant Deficiency 2022
The DLT will develop and implement procedures for a secondary review to be performed on all reports prior to submission. Deadlines will be prepared that allows sufficient time for preparation of all reports, a secondary review, a period for corrections to be made, and for timely submission in accor...
The DLT will develop and implement procedures for a secondary review to be performed on all reports prior to submission. Deadlines will be prepared that allows sufficient time for preparation of all reports, a secondary review, a period for corrections to be made, and for timely submission in accordance with the federal requirements. Anticipated Completion Date: June 30, 2023 Contact Persons: Denise Paquet, Assistant Director of Business Affairs Department of Labor & Training denise.paquet@dlt.ri.gov Donna Murray, Assistant Director of Labor Market Information Department of Labor & Training donna.murray@dlt.ri.gov
Finding 23424 (2022-040)
Significant Deficiency 2022
2022-040a ? The State will expand its formalized risk assessment procedures for the MMIS and RIBridges by enhancing its documentation of the responsibilities of the various State agencies that utilize and manage the systems. 2022-040b ? The MARSE-2.2 Security Framework implemented for RIBridges, in...
2022-040a ? The State will expand its formalized risk assessment procedures for the MMIS and RIBridges by enhancing its documentation of the responsibilities of the various State agencies that utilize and manage the systems. 2022-040b ? The MARSE-2.2 Security Framework implemented for RIBridges, including a formal Risk Assessment performed on RIBridges at startup that determined the System Security and Privacy Control Plan (SSP) that has been implemented. All new system changes are assessed and the SSP controls are updated to remain compliant as needed. The SSP is assessed annual by a third party auditor and defects in the controls are tracked on the system POAM for these as well as other defects that are identified through continuous monitoring and other audits. A General Attestation (in lieu of SOC2 Type2) is in progress for next fiscal year and this will be one of the corrective actions. Anticipated Completion Date: Ongoing Contact Person: Deb Merrill, Information Security Officer Department of Administration, Division of Information Technology deb.merrill@doit.ri.gov
« 1 722 723 725 726 772 »