Corrective Action Plans

FINDING 2022-001 Program: COVID-19: Coronavirus State and Local Fiscal Recovery Funds CFDA No.: 21.027 Federal Grantor: United States Department of the Treasury Passed-through: N/A Award No. and Year: Various Compliance Requirements: Reporting Management?s or Department?s Response: We concur. Views of Responsible Officials and Corrective Action: The City reported expenditures for the entire award amount based on the guidance available at the time of the initial reporting period for the award. This resulted in over reporting expenditures for the audit period since only half of the award was remitted to the City during the period under audit. The City has put measures in place to ensure only expenditures for the amount received in a particular period are reported. Name of Responsible Person: Kofi Antobam, Director of Administrative Services Implementation Date: June 30, 2022

Finding Number: 2022-001 Planned Corrective Action: The District acknowledges it did not obtain certified payroll information from Panzica Construction until December 2022 which was after the Auditor raised the issue with the District. The District will work to ensure compliance with grant terms, in this instance, by assigning compliance responsibility to the Cost Center Manager who negotiates, monitors, and receives invoices, and authorizes payments. Standard prevailing wage contract language will be developed in consultation with General Counsel?s Office with the language inserted into future contracts, as appropriate. Anticipated Completion Date: 06/30/23 Responsible Contact Person: Nathan J. Mortimer, Interim CFO

Finding 2022-002: The Organization made an unauthorized distribution of project funds, which is a violation of the Organization?s agreement with HUD. Program: Operating Assistance for Troubled Multifamily Housing Projects - 14.164 Description of Finding: During 2022, the Organization made operating advances of $9,208 for expenses belonging to organizations related by common control. These advances were in excess of amounts available from surplus cash as determined by HUD regulations and represent a control deficiency as the matter was not identified timely. Statement of Concurrence or Non-Concurrence: Management concurs with this finding. Corrective Action: At December 31, 2022, the Organization has surplus cash of $466,053 which will not be expended and covers the unapproved distributions. The Organization will also carefully monitor intercompany transactions on an ongoing basis to ensure that no funds are advanced to other entities. Name of Contact Person: Joseph Durand Projected Completion Date: March 31, 2023

Higher Education Emergency Relief Funding (HEERF) ? Assistance Listing No. 84.425 Recommendation: We recommend the colleges reevaluate their procedures surrounding allowable costs and costs being charged to the grant to ensure all are allowable costs. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: Clarkson College has reevaluated their procedures surrounding allowable costs and costs being charged to the grant to ensure all are allowable costs. The employee responsible for this finding is no longer associated with the college.

1 CORRECTIVE ACTION PLAN Project Legal Name: Evangeline Booth Friendship House Fort Worth, TX (A Project of Evangeline Booth Friendship House Residence, Inc., a Texas Corporation) HUD Project No.: 113-EE041 Audit Firm: CohnReznick LLP Period covered by the audit: 10/1/2021-9/30/2022 Corrective Action Plan prepared by: Name: Sriparna Mitra Position: HUD Specialist, THQ (Legal) Telephone Number: 404-728-6700 A. Current Findings on the Schedule of Findings, Questioned Costs and Recommendations 1. Finding 2022-001 a. Comments on the Finding and Each Recommendation Management agrees with the finding and is taking steps to address the issue that caused it. The $6,500 will be repaid to the property. b. Action(s) Taken or Planned on the Finding As of January 10, 2023, the check request for the reimbursement to Evangeline Booth Friendship House has been approved. Reimbursement is anticipated in the near future. B. Status of Corrective Actions on Findings Reported in the Schedule of the Status of Prior Year Findings, Questioned Costs and Recommendations Finding 2021-001 Cleared.

Finding: 2022-001 ? Reporting Program: AL # 21.024 ? Community Development Financial Institutions Rapid Response Program (CDFI RRP) Sponsor Award Number: 21RRP057316 Sponsor Agency: U.S. Department of Treasury Corrective Action Plan: To address the internal control issue noted, the Director of Finance & Administration and financial consultants will create reports from the loan servicing systems and general ledger and reconcile to the amounts reported on the Annual Performance Reports. The reconciliation and underlying reports will be provided to the Executive Director to review and approve prior to submitting the Annual Performance Reports.

Corrective Action Plan - Finding 2022-002 We agree with the finding and observations, which are consistent with Finding 2021-002, and specifically note the following coorective actions that were implemented subsequent to June 30, 2022: - The Chief of Staff will contact the DOE to determine if past reports not filed should be submitted at this time and if reports filed with incorrect amounts should be corrected. - The Associate VP for Finance & Controller will review HEERF repoting requirements to ensure any future reporting required is submitted on a timely basis. - The Associated VP for Finance & Controller will review any future reporting for HEERF funds before submission to ensure they reconcile to the College's accounting records. Responsible Official - Gillian King, Chief of Staff Anticipated Completion Date: Completed

FINDING 2022-004 ? ELEMENTARY AND SECONDARY SCHOOL EMERGENCY RELIEF FUND DAVIS-BACON PREVAILING WAGE REQUIREMENTS Contact Person Responsible for Corrective Action: Lisa Baker, Business Manager Contact Person's Phone Number: 765-664-0624 Views of Responsible Official: There is no disagreement with the audit finding. Description of Correction Action Plan: When the school district is awarded federal funds that will be used for construction, alteration, or repair projects in excess of $2,000, the superintendent and/or business manager will notify the contractors that the project is being funded by federal funds and the requirements as outlined by the Davis-Bacon Act. In addition, the superintendent and/or the business manager will ensure that the contractors provide weekly payroll report certifications and will review the documents to ensure compliance with the wage rate requirements. Anticipated Completion Date: March 24, 2023

FINDING 2022-003 ? ELEMENTARY AND SECONDARY SCHOOL EMERGENCY RELIEF FUND REPORTING Contact Person Responsible for Corrective Action: Lisa Baker, Business Manager Contact Person's Phone Number: 765-664-0624 Views of Responsible Official: There is no disagreement with the audit finding. Description of Correction Action Plan: The recipients of the ESSER Data Reporting notice from the Indiana Department of Education, which include the director of curriculum and assessment and the business manager, will work together to ensure the data reports are properly completed, approved, and submitted by the due date. The director of curriculum and assessment will complete the reports and present them to the business manager who will review and approve the reports. The director of curriculum and assessment will submit the reports and make record of the date and time submitted. Anticipated Completion Date: March 24, 2023

Finding 2022-002 Federal Agency: U.S. Department of the Treasury Program/Cluster: Coronavirus State and Local Fiscal Recovery Funds Federal Assistance Listing Number: 21.027 Pass-through: N/A Award No. and Year: N/A Compliance Requirement: Reporting Type of Finding: Significant Deficiency Views of Responsible Officials and Corrective Action Plan: The questioned submission was reviewed multiple times, the documents were reviewed prior to the submission through meetings, confirmation emails and the saving of the reports on a shared folder. We believe these procedures were sufficient for documenting the review process taking into account that the Treasury submission system is a single submit system that lacks the maker / checker (approver) feature. We do not believe this finding is a significant deficiency as noted by the Auditors. Moving forward we will add the additional step of having the reviewer sign off on the online report (printout) prior to submission. Responsible Individual(s): Ashely Doyle, Budget Officer Anticipated Completion Date: March 15, 2023

Program Name: Education Stabilization Fund ? Assistance Listing 84.425D & 84.425U Condition: All construction contracts in excess of $2,000 awarded by non-Federal entities must include a provision for compliance with the Davis-Bacon Act as supplemented by the Department of Labor regulations. This includes a requirement for the contractor to submit to the non-Federal entity weekly, for each week in which any contract work is performed, a copy of the payroll and a statement of compliance (certified payrolls). Corrective Action Plan: Management will work with contractors to get provisions included in construction contracts in progress and ensure new contracts have required provisions and obtain certified payrolls. Person Responsible for Corrective Action: David Jones, Business Manager Anticipated Completion Date ? FY2023

For 2022, quarterly reviews were being performed; however, due to the transition in personnel in the Accounting and Finance areas, the annual review was not done. The College has updated its procedures to include a review of the annual submission similar to the current practice of reviewing the quarterly submission.

Finding 2022-002 Fed Agency Name: US Department of Treasury Program Name: Coronavirus State and Local Fiscal Recovery Fund CFDA #: 21.027 Finding Summary: During the Single Audit, it was discovered the City did not have adequate internal controls over reports filed with the U.S. Department of Treasury which resulted in incorrect information being reported. Responsible Individual: Sean Richardson, CPA City Clerk/Treasurer Corrective Action Plan: Management will closely review the project and expenditure report user guide to ensure future reports are in compliance and implement controls surrounding these reports. Anticipated Completion Date: December 2022

Appropriate care will be exercised in the future to ensure that we comply with all Agency loan resolution terms.

2022-003 Moving to Work Demonstration Program (HCVP Only) ? Federal Assistance Listing Number 14.881 Recommendation: The finding recommends BRHP review their process for tracking and scheduling inspections to ensure compliance. Explanation of disagreement with audit finding: There is no disagreement with the audit findings. Action taken in response to the finding: The two files reviewed with missed inspections have been scheduled for the biennial inspection and have passed inspection. BRHP has added two elements to the process for scheduling biennial inspections; including a check for excluded units prior to upload of inspections needing scheduling, as well as a validation report of scheduled inspections against those requested. Additional training has been provided to key HCV staff to review audit reports and subsequent process steps. Names(s) of the contact person(s) responsible for correction action: Pete Cimbolic, Managing Director, Operations & Program Evaluation Planned completion date for corrective action plan: August 31, 2023 If the U.S. Department of Housing and Urban Development has questions regarding this plan, please call Adria Crutchfield at (667) 207-2140.

2022-002 Moving to Work Demonstration Program (HCVP Only) ? Federal Assistance Listing Number 14.881 Recommendation: The finding recommends BRHP perform their reporting to HUD on a weekly basis rather than on a monthly basis. Explanation of disagreement with audit finding: There is no disagreement with the audit findings. Action taken in response to the finding: At this time, all files selected for the audit have corresponding records successfully submitted to HUD through the PIC submission portal. BRHP will continue weekly PIC submissions and clearing of fatal errors and now have two staff trained on PIC submissions as a redundancy measure. It is not unusual for BRHP to process retroactive actions and at times, the effective date of the action can be for a date several weeks in the past. If PIC submissions are completed weekly rather than monthly, there will be more opportunities to upload the 50058 in accordance with the 60-day required period. BRHP explored the possibility of submitting a Moving To Work activity specifically to allow for PIC submissions of retroactive actions past the 60-day window, however, ultimately decided it was not an activity that would fall within the regulatory framework for the Moving To Work program. As a result, BRHP will limit retroactive actions to no more than 45-days prior to effective date, ensuring ample time for submission prior to the 60-day window lapsing. Names(s) of the contact person(s) responsible for correction action: FaShaunDa Walton, Housing Mobility Director Planned completion date for corrective action plan: August 31, 2023 If the U.S. Department of Housing and Urban Development has questions regarding this plan, please call Adria Crutchfield at (667) 207-2140.

Management?s Response: Lamar Housing Authority will begin making a copy of what is put in MINC and will check income from the worksheet we get at the beginning of each month before we submit it we will make changes to what was submitted into MINC, this will be a double check of income to make sure it was entered into MINC correctly.

REPORTING Recommendation: We recommend the Department review the instructions for completion of the federal financial reports with training provided to the program staff preparing and reviewing the federal financial reports to ensure submitted reports are complete and timely. We recommend the Department implement effective processes and procedures to maintain the submitted reports and the documentation used to prepare the reports in the files of the Department. Corrective Action: The Department understands the issues and is taking corrective action to improve reporting. Due to the New Mexico emergent events that took place in FY22, the Department made the emergent events the Department?s priority and onboarding became a secondary focus for the Department. In FY23, the Department has shifted its priority to onboarding across the Department, and we have onboarded a Grants Unit Manager to oversee the reporting requirements of all federal grants. A procedural checklist will be implemented to ensure that: 1. the recipient share section is completed, 2. that financial reports are submitted to the Department timely, and 3. all Performance Progress Reports as submitted. Due Date of Completion: June 30, 2023 Responsible Person(s): Chief Financial Officer

CASH MANAGEMENT Recommendation: We realize the Department continues to have staff turnover. We recommend the Department review its process and implement effective policies, procedures, and controls to ensure the accounting records appropriately reflect the activity of the grant. The Department should consider efficiencies to make the process less cumbersome. While the Department has existing processes at the federal program level, there appears to be a need for higher level monitoring and reconciliation of federal program activity to ensure the completeness of federal program-level reconciliations and reimbursements. The Department should consider further contracting with an outside third party to aid in the process of performing reconciliations and billings. The deficit fund balance in the Federal Grants Fund (40280) should be reviewed and addressed. The Department should evaluate the need to obtain a deficiency appropriation or some other funding to cover this deficit. Corrective Action: The Department partially understands the issue. The Department will internally audit our expenditures to ensure that all transactions include an operating unit. The Department will also establish a checklist to include that all signatures are collected and that applicable documentation is received for reimbursement purposes. As part of our Sub Grant recipient review for Assistance Listings 97.036 and 97.067, we cannot reimburse the subrecipient until they submit applicable receipts for reimbursement and answer all requests for information as required by FEMA. Due Date of Completion: June 30, 2023 Responsible Person(s): Chief Financial Officer, Grants Unit Manager

SPECIAL TEST AND PROVISIONS - ADP RISK ANALYSIS & SYSTEM SECURITY REVIEW Department of Health and Human Resources (DHHR) Assistance Listing Number 93.775, 93.777, COVID-19 93.777, 93.778, ARRA 93.778 The DHHR utilizes an external service organization for the design, development, implementation, and operation of the West Virginia Medicaid Management Information System (MMIS). The system furnishes the core MMIS functionality to support the State's Medicaid program, including maintaining provider, member/recipient, and reference/procedure code data, as well as processing and adjudication rules for claims, encounters, and prior authorizations. The system also provides configuration and system management tools to govern access to data, user security, and communications. The system is an object-oriented, rules-based software program that is designed to manage multiple lines of health care business. The system employs a unified relational database that enables efficient use of data and consistent information throughout all applications. The system includes functionality for claims processing and adjudication, provider administration, benefit plan and policy administration, member administration, and medical service authorization management. The service organization has developed a variety of policies and procedures including related control activities to help ensure their objectives are carried out and risks are mitigated. The control environment includes control objectives related to claims input (hard copy/paper claims and electronic claims); claims processing; claims payment; file maintenance (provider master file, recipient master file, and procedure codes); logical access (passwords and authentication, adding and modifying user access, terminating user access, access to privileged functions, and access review monitoring); change management; production scheduling; and backup procedures. Control activities are performed at a variety of levels throughout the organization and at various stages during the relevant business or information technology process. As expected, controls may be preventive or detective in nature and may encompass a range of manual and automated controls, including authorizations, reconciliations, and information technology controls. The service organization has a formal program in place to review and update the service organization's policies and procedures on at least an annual basis. Any changes to the policies and procedures are reviewed and approved by the service organization?s management and communicated to its employees. As indicated in the Condition section of this finding, the DHHR obtains a Service Organization Controls (SOC) 1 Type 2 report from its service organization on an annual basis. For the period ended June 30, 2022, although the DHHR did not formally document its review of the service organization?s SOC 1 Type 2 report, the DHHR did indeed review it and can hereby confirm that the service organization provided an assertion about the fairness of the presentation of the description and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives stated in the description. The service organization was responsible for preparing the description and assertion, including the completeness, accuracy, and method of presentation of the description and assertion; providing the services covered by the description; specifying the control objectives and stating them in the description; identifying the risks that threaten the achievement of the control objectives; selecting the criteria stated in the assertion; and designing, implementing, and documenting controls that are suitably designed and operating effectively to achieve the related control objectives stated in the description. The DHHR can also hereby confirm that the service organization?s service auditor conducted the examination in accordance with attestation standards established by the American Institute of Certified Public Accountants. Those standards required the service auditor to plan and perform the examination to obtain reasonable assurance about whether, in all material respects, based on the criteria in the service organization?s assertion, the description is fairly presented, and the controls were suitably designed and operating effectively to achieve the related control objectives stated in the description throughout the specified period. Finally, the DHHR can hereby confirm that in the service auditor?s opinion, in all material respects, based on the criteria described in the service organization?s assertion: 1) the description fairly presented the West Virginia MMIS that was designed and implemented throughout the period July 1, 2021 to June 30, 2022; 2) the controls related to the control objectives stated in the description were suitably designed to provide reasonable assurance that the control objectives would be achieved if the controls operated effectively throughout the period July 1, 2021 to June 30, 2022 and the subservice organizations and the user entity applied the complementary controls assumed in the design of the service organization?s controls throughout the period July 1, 2021 to June 30, 2022; and 3) the controls operated effectively to provide reasonable assurance that the control objectives stated in the description were achieved throughout the period July 1, 2021 to June 30, 2022 if the complementary subservice organizations and the user entity controls assumed in the design of the service organization?s controls operated effectively throughout the period July 1, 2021 to June 30, 2022. The DHHR is of the opinion that it is in compliance with 45 CFR 95.621 since it receives and reviews the SOC 1 Type 2 report from the service organization and since the report documents that the service organization establishes and maintains a program for conducting periodic risk analyses to ensure appropriate, cost-effective safeguards are incorporated into new and existing systems or whenever significant system changes occur. However, the DHHR recognizes the concern expressed within this finding, in that the DHHR does not include the SOC 1 Type 2 report as part of its own policies and procedures for ADP security over the MMIS. To enhance its controls, the DHHR will implement a policy and related procedures to document MMIS compliance with 45 CFR 95.621. The procedures will include but not be limited to a requirement to review and approve the SOC 1 Type 2 report from the MMIS service organization and document the review and approval process (e.g., for such matters as the service organization?s assertions, descriptions of its systems and controls, control objectives, and related controls, and the service auditor?s description of tests of controls and results). The anticipated date for implementation of the policy and related procedures is September 30, 2023, which is prior to the anticipated date for receipt of the next SOC 1 Type 2 report from the service organization.

SPECIAL TESTS AND PROVISIONS ? MANAGED CARE FINANCIAL AUDIT Department of Health and Human Resources (DHHR) Assistance Listing Number 93.775, 93.777, COVID-19 93.777, 93.778, ARRA ? 93.778 The DHHR Bureau for Medical Services (BMS) collected and reviewed the audited financial statements from the managed care organizations (MCOs); however, review and approval of the financial statements were not documented. The BMS is establishing a process to document this approval process for the next reporting period. The BMS also understands the requirements related to 42 CFR 438.602(e). These requirements became effective for contracts starting on or after July 1, 2017. The BMS acknowledges their responsibility to audit the financial and encounter data for the MCOs no less than once every three years and to post the results on the state website. The BMS has previously relied upon agreed-upon procedures engagements conducted by an independent auditor to support the accuracy, truthfulness, and completeness of the MCO reported encounter and financial data. For the reporting period ended June 30, 2022, the BMS has contracted and engaged with an MCO oversight and actuarial vendor to conduct the independent audits and post them to the state website upon completion and approval by the BMS; however, as of the date of this report, the audit has not yet been completed by the vendor. For future reporting periods, the BMS intends to retain an MCO oversight and actuarial vendor to conduct the required independent audits to ensure continued compliance with 42 CFR 438.602(e).

SPECIAL TESTS AND PROVISIONS ? UTILIZATION CONTROL AND PROGRAM INTEGRITY Department of Health and Human Resources (DHHR) Assistance Listing Number 93.775, 93.777, COVID-19 93.777, 93.778, ARRA ? 93.778 The DHHR Bureau for Medical Services plans to leverage existing case closure policies and procedures and implement an updated case tracking system which, through workflow rules, will make the closure process and requirements explicit so the system will not permit closures without record of all required information and manager approval. This new system is being implemented as part of an ongoing data warehouse project and should be in place by April 1, 2023.

INTERNAL CONTROLS OVER CHILD CARE PROVIDER ELIGIBILITY FOR ARP ACT STABILIZATION FUNDS Department of Health and Human Resources (DHHR) Assistance Listing Number 93.489, 93.575, 93.596, COVID-19 93.575 The DHHR Bureau for Family Assistance, Division of Early Care and Education, has a process in place for the approval of ARP stabilization funding for childcare providers set forth in the West Virginia Child Care Stabilization Payment Policy and Procedure Manual that includes: ? Eligibility of childcare providers (Chapter 2: Overview of WV Child Care Stabilization Payment Eligibility, Section 2.1), ? Conditions under which childcare providers are eligible (Chapter 2: Overview of WV Child Care Stabilization Payment Eligibility, Section 2.2), ? Ineligible childcare providers (Chapter 2: Overview of WV Child Care Stabilization Payment Eligibility, Section 2.3) ? An application process for childcare providers to apply for ARP stabilization funding (Chapter 5: Application Process, Sections 5.0, 5.1 and 5.2). Beginning in August 2022, the Division of Early Care and Education began auditing childcare providers (in batches of 300) to ensure appropriate use of the funds by requesting invoices and statements showing how the provider has utilized the ARP funding they have been awarded. Each quarter, a new batch is being audited until all childcare providers participating in the ARP stabilization funding have been audited. The procedure manual referenced above explains that the documentation relevant to providers? applications, eligibility, and audit findings are maintained within each provider?s FACTS provider case record. The Division?s tracking of providers deemed to be ?in good standing? is maintained within a manually updated tracking form housed on the Division?s internal server. By May 1, 2023, the Division of Early Care and Education will modify the West Virginia Child Care Stabilization Policy and Procedure Manual to document workflows more clearly for the award and monitoring of stabilization grants, as well as how the Division will more effectively produce such documentation to ensure that controls are operating effectively.

TRANSPARENCY ACT REPORTING Department of Health and Human Resources (DHHR) Assistance Listing Number 93.788 For the one report that had an incorrect subaward amount, the subrecipient?s DUNS number was mistakenly keyed into the FSRS system as the subaward amount. For the one report that was not submitted timely, the DHHR awarded the grant to the subrecipient on December 5, 2021. The amount of the subaward was $220,000. The identifying information for the subaward was submitted to FSRS.gov on January 30, 2022, which was timely. On June 2, 2022, the DHHR approved a change order to the subaward, which increased the amount of the subaward to $502,131. Accordingly, the FSRS report was reopened on July 29, 2022, whereby the subaward amount was increased to $502,131. However, the report was not actually submitted within the FSRS system until November 8, 2022. Both of these instances were due to human error and were passed on to the appropriate offices within the DHHR. The staff member in charge of the FFATA reporting for the DHHR was made aware of the instances in an effort to improve controls and has corrected the reports in FSRS.

SPECIAL TESTS AND PROVISIONS ? MANAGED CARE FINANCIAL AUDIT Department of Health and Human Resources (DHHR) Assistance Listing Number 93.767 Starting July 1, 2023, WV CHIP will be included in the Medicaid managed care contracts and will be consolidated into Medicaid's oversight and monitoring processes. This consolidation will ensure that audited financial reports are submitted by the managed care organizations and documentation of review and approval is maintained.