FAC Explorer

Corrective Action Plans

Browse how organizations respond to audit findings

Total CAPs
51,849
In database
Filtered Results
11,001
Matching current filters
Showing Page
119 of 441
25 per page

Filters

Clear
Active filters: Subrecipient Monitoring
Finding 526648 (2024-001)
Significant Deficiency 2024
Lafontaine Center, Inc. Dba Lafontaine Center 073-Eh187
CA
Subrecipient Monitoring HUD Housing Programs
Finding 2024-001: The Corporation did not furnish HUD a complete annual financial report within ninety (90) days following the end of the fiscal year ending May 31, 2024. Additionally, Form SF-SAC Single Audit Data Collection Form for the year ended May 31, 2024 was not submitted to the federal audi...
Finding 2024-001: The Corporation did not furnish HUD a complete annual financial report within ninety (90) days following the end of the fiscal year ending May 31, 2024. Additionally, Form SF-SAC Single Audit Data Collection Form for the year ended May 31, 2024 was not submitted to the federal audit clearinghouse in the required timeframe. Comments on the Finding and Each Recommendation: The Corporation should submit the annual financial statements to HUD and Form SF-SAC Single Audit Data Collection Form for the years ended May 31, 2024 as soon as practical. Action(s) taken or planned on the finding: Management concurs with the finding and recommendation. The audited financial statements have been submitted to HUD and the federal clearinghouse. No further action is required.
View Audit 345587
Finding 526634 (2024-001)
Material Weakness 2024
Hanover Community School Corporation
IN
Procurement, Suspension & Debarment Subrecipient Monitoring School Nutrition Programs § 200.303
FINDING 2024‐001 Subject: Child Nutrition Cluster‐Suspension and Debarment Summary of Finding The School Corporation did not verify that three of three vendors tested were neither suspended nor debarred, or otherwise excluded or disqualified from participating in federal assistance programs. Contact...
FINDING 2024‐001 Subject: Child Nutrition Cluster‐Suspension and Debarment Summary of Finding The School Corporation did not verify that three of three vendors tested were neither suspended nor debarred, or otherwise excluded or disqualified from participating in federal assistance programs. Contact Person Responsible for Corrective Action: Adam C. Minth Contact Phone Number: 219-374-3504 Views of Responsible Official: The school corporation concurs with the finding and will be implementing corrective procedures by the end of this fiscal year. Description of Corrective Action Plan: Our Child Nutrition Director will conduct the necessary suspension and debarment check via Sam.gov to make certain that we are in compliance with each vendor throughout the entire fiscal year. This will be in addition to our Food, Dairy and Bakery vendors that are contracted, as their suspension and debarment information is checked by a third-party purchaser. Anticipated Completion Date: 4/30/2025
View Audit 345583
Finding 526633 (2024-001)
Significant Deficiency 2024
Housing Authority of Raleigh County
WV
HUD Housing Programs Subrecipient Monitoring Eligibility
2024-001 – ALN 14.871 – Housing Choice Voucher Program – Eligibility Current management acknowledges the finding and is following the auditor’s recommendations. Person Responsible for Correction of Exception: Ms. Amanda Fagio, Interim Executive Director Projected Completion Date: June 30, 2025
2024-001 – ALN 14.871 – Housing Choice Voucher Program – Eligibility Current management acknowledges the finding and is following the auditor’s recommendations. Person Responsible for Correction of Exception: Ms. Amanda Fagio, Interim Executive Director Projected Completion Date: June 30, 2025
View Audit 345576
Finding 526571 (2024-003)
Material Weakness 2024
East Gibson School Corporation
IN
Subrecipient Monitoring Internal Control / Segregation of Duties Matching / Level of Effort / Earmarking § 200.302 § 200.303 § 200.328 § 200.329 § 200.334
FINDING 2024-003 Finding Subject: COVID-19 - Education Stabilization Fund - Reporting Summary of Finding: Annual Report for ESSER grants were all submitted but there was no supporting documentation showing internal controls of another person reviewing the information that was submitted was accurate....
FINDING 2024-003 Finding Subject: COVID-19 - Education Stabilization Fund - Reporting Summary of Finding: Annual Report for ESSER grants were all submitted but there was no supporting documentation showing internal controls of another person reviewing the information that was submitted was accurate. Contact Person Responsible for Corrective Action: Ginger Schenks Contact Phone Number and Email Address: 812-749-4755 ext 1143; gschenks@corp.egsc.k12.in.us Views of Responsible Officials: We concur with the finding Description of Corrective Action Plan: The Treasurer will work with the Superintendent and/or Grant Administrator ensuring that annual financial reporting for federal grants is completed on time with review by the Superintendent. The Treasurer will supply the financial data for the time period of reporting to the Grant Administrator and/or Superintendent for their approval and submission of the annual financial report. The Superintendent and/or Grant Administrator will ensure that expenses align with the grant application prior to submission. The report and supporting documentation will be downloaded and the Treasurer and Superintendent will sign and date that report. This document will be in the grant folder in the Treasurer’s Office. Anticipated Completion Date: This process will begin with the next annual financial report due date.
View Audit 345524
Finding 526522 (2024-001)
Significant Deficiency 2024
Orleans Community Schools
IN
Internal Control / Segregation of Duties Subrecipient Monitoring Reporting § 200.302 § 200.303 § 200.328
Views of Responsible Officials and Planned Corrective Actions: Management agrees with the finding and will take the following corrective action. The ESSER annual Data Collection reports will need to be reviewed more closely to ensure that they are matching to the disbursement detail in the accountin...
Views of Responsible Officials and Planned Corrective Actions: Management agrees with the finding and will take the following corrective action. The ESSER annual Data Collection reports will need to be reviewed more closely to ensure that they are matching to the disbursement detail in the accounting software. Once the superintendent has entered numbers into the report, there should be a second review of those numbers to the accounting software numbers by the corporation treasurer. In addition, detail of full-time equivalent employees needs to be documented by the deputy treasurer and retained with each report going forward. Responsible party and timeline for completion: Responsible party is Theresa Robbins, Corporation Treasurer. The timeline for completion is spring of 2025.
View Audit 345450
Finding 526514 (2024-001)
Significant Deficiency 2024
Gads Hill Center
IL
Questioned Costs Subrecipient Monitoring Reporting § 200.430
Views of Responsible Officials: Upon reviewing the audit finding, Gads Hill Center (GHC) acknowledges the importance of maintaining accurate and compliant documentation for personal services charged to federal and non-federal awards. To strengthen internal controls and ensure proper time reporting,...
Views of Responsible Officials: Upon reviewing the audit finding, Gads Hill Center (GHC) acknowledges the importance of maintaining accurate and compliant documentation for personal services charged to federal and non-federal awards. To strengthen internal controls and ensure proper time reporting, GHC has implemented enhanced procedures to align with federal requirements. These measures are designed to ensure that all salaries allocated to federal and non-federal awards are appropriately documented and substantiated based on actual work performed. Corrective Action Plan: In response to this finding, Gads Hill Center has immediately implemented a structured procedure to ensure compliance with federal regulations regarding time and effort reporting. Effective February 2025, the following corrective actions have been established: • Monthly After-the-Fact Time Reporting: Employees whose salaries are allocated to federal and non-federal awards must complete monthly time reports that accurately reflect the actual time worked on each funding source. • Review Process: These time reports are reviewed and signed by both the employee and their direct supervisor to confirm accuracy and compliance with the documented allocations and make any necessary adjustments. • Internal Monitoring and Compliance: GHC’s finance and program leadership teams will conduct periodic reviews to ensure adherence to this procedure and make any necessary refinements to maintain compliance with federal guidelines. By implementing these enhanced controls, Gads Hill Center is committed to ensuring accurate documentation of personal services and maintaining compliance with all federal funding requirements. Completion Date: Implemented and fully operational as of February 2025.
View Audit 345435 Questioned Costs: $1
Finding 526476 (2024-003)
Material Weakness 2024
Hamilton Community Schools
IN
Special Tests & Provisions Subrecipient Monitoring Material Weakness § 200.303
Contact Person Responsible for Corrective Action: Brittany Taylor Contact Phone Number: 260-488-2513 Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: For projects requiring Davis-Bacon wage requirements be met, we will obtain weeky payroll certificati...
Contact Person Responsible for Corrective Action: Brittany Taylor Contact Phone Number: 260-488-2513 Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: For projects requiring Davis-Bacon wage requirements be met, we will obtain weeky payroll certification reports from the contractor to ensure pay rates comply with the federal wage rate requirements. Anticipated Completion Date: 6/30/2025
View Audit 345388
Finding 526460 (2024-002)
Significant Deficiency 2024
Morton College Community College District No. 527
IL
Student Financial Aid Special Tests & Provisions Subrecipient Monitoring
Enrollment Reporting – The College will review and update current procedures to ensure timely processing and monitoring of NSLDS reports. Internal reports will be run simultaneously to make sure all students are captured and their status is correctly reported. Anticipated Completion Date - Decembe...
Enrollment Reporting – The College will review and update current procedures to ensure timely processing and monitoring of NSLDS reports. Internal reports will be run simultaneously to make sure all students are captured and their status is correctly reported. Anticipated Completion Date - December 31, 2024. Responsible Contact Person for Planned Corrective Action Plan - Mireya Perez, Chief Financial Officer
View Audit 345382
Finding 526451 (2024-001)
Significant Deficiency 2024
North Olmsted City School District
OH
Subrecipient Monitoring Reporting Significant Deficiency
Finding Number Planned Corrective Action Anticipated Completion Date Responsible Contact Person 2024- 001 The District has extensive controls to monitor the expenditure and FER process related to Federal programs. Expenditures were reported accurately in totality. There were no funds that were not r...
Finding Number Planned Corrective Action Anticipated Completion Date Responsible Contact Person 2024- 001 The District has extensive controls to monitor the expenditure and FER process related to Federal programs. Expenditures were reported accurately in totality. There were no funds that were not record or not represented on the FER, total spent by the district was reported. There was a clerical error when sorting the report to process the information; a salary account (object 100) was sorted in the middle of the benefits (objects 200), exhibit of what occurred is below. Unfortunately this error was not recognized at the time the FER was being completed and the incorrectly sorted totals were used to complete the FER. FER’s are submitted annually and do have to be approved by the Department of Education. This FER was approved with no errors identified. It was not the final FER of the award remaining unused funds did carryover form the 2023 grant year to 2024. 6/30/2025 Katherine Henes, Treasurer
View Audit 345379
Upper Iowa University
IA
Subrecipient Monitoring Special Tests & Provisions
UIU has both a written information security program and a plan that identifies what is being done and what needs to be done. UIU has retained Columbia Advisory group to serve as the University virtual Security Information Officer. They are managing the plan and will address any questions or concerns...
UIU has both a written information security program and a plan that identifies what is being done and what needs to be done. UIU has retained Columbia Advisory group to serve as the University virtual Security Information Officer. They are managing the plan and will address any questions or concerns. This contract began January of 2024, UIU commits to having the Executive Director of Information Technology Systems monitor requirements Name(s) of Contact Person(s) Responsible for Corrective Action: Terry Smid, Executive Director of Information Technology Services.
View Audit 345374
Finding 526425 (2024-001)
Material Weakness 2024
Oregon-Davis School Corporation
IN
Subrecipient Monitoring Material Weakness Reporting § 200.303
The treasurer will manage the grant with the superintedent providing oversight. The superintendent will review all financial reports and approve them in writing with a notification to the treasurer.
The treasurer will manage the grant with the superintedent providing oversight. The superintendent will review all financial reports and approve them in writing with a notification to the treasurer.
View Audit 345367
Finding 526403 (2024-002)
Material Weakness 2024
Charles A. Beard Memorial School Corporation
IN
Internal Control / Segregation of Duties Subrecipient Monitoring Material Weakness § 200.302 § 200.303 § 200.328
Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: This is isolated to FY23 reporting. Internal controls over ESSER reporting were not implemented by previous business office personnel. Corrective action involves the Treasurer preparing the reporting, r...
Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: This is isolated to FY23 reporting. Internal controls over ESSER reporting were not implemented by previous business office personnel. Corrective action involves the Treasurer preparing the reporting, reviewing the reports with the Superintendent, and confirming accuracy before submitting to the Department of Education. The approval is documented. This was implemented for Year 4 reporting submitted April 23, 2024. Completion Date: 4/23/2024
View Audit 345329
Finding 526390 (2024-002)
Significant Deficiency 2024
Father Bills & Mainspring, Inc. and Affiliates
MA
Procurement, Suspension & Debarment Subrecipient Monitoring
Federal Awards Findings and Questioned Costs Item# 2024-002 - Procurement, Suspension and Debarment – Significant Deficiency Name of Federal Agency: U.S. Department of the Treasury Federal Program Name: Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Federal ...
Federal Awards Findings and Questioned Costs Item# 2024-002 - Procurement, Suspension and Debarment – Significant Deficiency Name of Federal Agency: U.S. Department of the Treasury Federal Program Name: Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Federal Award Identification Number and Year: Identification number unavailable. Program year 2024. Name of Pass-through Entity (if applicable): The Community Economic Development Assistance Corporation, the City of Brockton and the Plymouth County Commissioners. Recommendation: It is recommended the Agency establish written procurement policies and procedures to ensure that the Agency is in compliance with the Uniform Guidance and that all staff are trained on this policy to ensure compliance and related internal controls over compliance are operating effectively. Action Taken: Management is in the process of revising internal controls to address procurement, suspension, and debarment requirements. Additionally, management has retroactively performed this requirement to the applicable transactions during the audit period, noting no vendors were suspended or debarred. As the agency has experienced significant growth and increasingly complex reporting requirements, the investment was made early in FY24 to have a department dedicated to agency compliance. FBMS is committed to ensuring compliance with all funder requirements. Anticipated Completion Date: Management estimates that additional processes will be in place by June 30, 2025.
View Audit 345320
Finding 526382 (2024-002)
Significant Deficiency 2024
Vigo County School Corporation
IN
Subrecipient Monitoring Special Tests & Provisions Matching / Level of Effort / Earmarking § 200.303 § 200.333 § 200.334
Contact Person Responsible for Corrective Action: Dr. Tammy Rowshandel, Chief Accountability Officer Contact Phone Number: 812-462-4224 Views of Responsible Official: The School Corporation's management will establish an effective system of internal control to ensure compliance and comply with the g...
Contact Person Responsible for Corrective Action: Dr. Tammy Rowshandel, Chief Accountability Officer Contact Phone Number: 812-462-4224 Views of Responsible Official: The School Corporation's management will establish an effective system of internal control to ensure compliance and comply with the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. Description of Corrective Action Plan: A system will be put in place that ensures compliance with the Special Tests and Provisions-Annual Report Card, High School Graduation Rate requirements. Records will be retained for audit so that appropriate documentation is available to substantiate all future reporting. Building registrars will enter state exit codes for students and upload documentation to substantiate the exit codes that are chosen. Once the documents are uploaded, the registrars will place the word “AUDIT” in the withdrawal comments. This indicates the exit is now audit ready. Schools will conduct regular internal cohort audits. Comparisons of IDOE cohort data and withdrawal information in Skyward will be done. The registrar, assistant principal, and data counselor in each building will work together to check the original uploads of documentation done by the registrar and keep record of this work. One final internal audit will take place at the school level by head counselors and assistant principals to indicate all graduates are correctly identified and all exits have proper documentation on file. The CFO and superintendent will digitally sign off on these records during IDOE July certification. Anticipated Completion Date: March 1, 2025
View Audit 345306
Finding 526381 (2024-003)
Material Weakness 2024
Fairfield Community Schools
IN
Matching / Level of Effort / Earmarking Special Tests & Provisions Subrecipient Monitoring § 200.303
Subject: Education Stabilization Fund – Special Tests and Provisions - Wage Rate Requirements Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listing Number: 84.425D Federal Award Numbers: S425D210013 Pass-Through Entity: Indiana Department...
Subject: Education Stabilization Fund – Special Tests and Provisions - Wage Rate Requirements Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listing Number: 84.425D Federal Award Numbers: S425D210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Special Tests and Provisions - Wage Rate Requirements Audit Findings: Material Weakness Condition: An effective internal control system was not in place at the School Corporation in order to ensure compliance with requirements related to the grant agreement and the Special Tests and Provisions – Wage Rate Requirements compliance requirements. The School Corporation did not include Davis Bacon wage rate requirements in its contract with vendor which includes labor installation. The School Corporation did not obtain the weekly payroll reports certifications from vendor installing equipment. Context: The School Corporation had one project during the audit period which included labor installation costs which were charged to the ESSER II (84.425D) grant award. For the vendor selected for testing, the School Corporation did not include federal wage rate requirement clauses in the contract with the vendor and did not have an internal control designed to collect the weekly payroll reports certifications from vendors and its subcontractors, as applicable, to comply with Davis Bacon wage rate requirements. The amount disbursed for the project during the audit period which includes material and labor totaled $94,444. Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: Management will ensure all federal funded renovation, remodeling, or construction projects anticipated to incur labor costs greater than $2,000 include a signed contract containing a Davis-Bacon wage rate provision and will monitor the vendor to ensure compliance with certified payroll reporting requirements. Responsible Party and Timeline for Completion: Effective immediately for any future projects.
View Audit 345299
Finding 526368 (2024-004)
Material Weakness 2024
North Vermillion Community School Corporation
IN
Internal Control / Segregation of Duties Material Weakness Reporting § 200.302 § 200.303 § 200.328
Context: The School Corporation was required to submit two Annual Data Reports to the Indiana Department of Education (IDOE) during the audit period to meet federal reporting requirements for ESSER grant awards. We noted that the ESSER I and ESSER II amounts reported for the reports covering the FY2...
Context: The School Corporation was required to submit two Annual Data Reports to the Indiana Department of Education (IDOE) during the audit period to meet federal reporting requirements for ESSER grant awards. We noted that the ESSER I and ESSER II amounts reported for the reports covering the FY22 time period ($90,217 and $238,439, respectively) did not agree to the underlying expenditure records ($81,958 and $400,439 respectively, for the period of July 1, 2021 through June 30, 2022). Contact Person Responsible for Corrective Action: Michele Harrison/ Corporation treasurer Brian Byrum I Superintendent Contact Phone Number: M. Harrison:765-492-5101 B. Byrum: 765-492-5102 Views of Responsible Official: We concur with the finding. De cription of Corrective Acti0n Pl an: Our management team noted that the ESSER 1 and ESSR II spreadsheet submitted to the state was incorrect; however, the actual expenditures were correct every month. The spreadsheet was corrected in the following annual submission to the DOE (which is outside this audit window). The next Audit will show the corrected spreadsheet for ESSER I and ESSER II. It is also noted that the management team will implement more internal controls with regard to the preparer and reviewer being different personnel. For year 5 collection, the corporation treasurer will provide the expenditure reports, an outside consultant will prepare the spreadsheet, and have the current superintendent review before submitting. Anticipated Completion Date: 3/7/2025
View Audit 345287
Finding 526366 (2024-003)
Material Weakness 2024
North Vermillion Community School Corporation
IN
Internal Control / Segregation of Duties Allowable Costs / Cost Principles Material Weakness § 200.303
Context: We noted there was no secondary, documented formal review for the seven sample accounts payable vouchers. All the payroll vouchers selected were properly reviewed. Contact Person Responsible for Corrective Action: Michele Harrison/ Corporation treasurer Brian Byrum / Superintendent Contact ...
Context: We noted there was no secondary, documented formal review for the seven sample accounts payable vouchers. All the payroll vouchers selected were properly reviewed. Contact Person Responsible for Corrective Action: Michele Harrison/ Corporation treasurer Brian Byrum / Superintendent Contact Phone Number: M. Harrison:765-492-5101 B. Byrum: 765-492-5102 Views of Re ponsible Official: We concur with the finding. Description of Corrective Action Plan: Prior to printing accounts payable checks, the corporation treasurer prints the AP voucher register for the superintendent to review and sign. After this internal control, the treasurer processes the checks. Once checks are printed, the voucher is paired with the invoice, initialled by the corporation treasurer and signed by the superintendent. Anticipated Completion Date: 3/7/2025
View Audit 345287
Finding 526361 (2024-002)
Material Weakness 2024
Fremont Community Schools
IN
Matching / Level of Effort / Earmarking Special Tests & Provisions Subrecipient Monitoring § 200.303
See attached letter that was sent to the DOE on 2/25/25 along with the approval email and documents from DOE. During ESSER II Constmction we had several companies work on projects at Fremont Community Schools. To no one's fault but my own, the Davis-Bacon requirements wore not fully communicated to ...
See attached letter that was sent to the DOE on 2/25/25 along with the approval email and documents from DOE. During ESSER II Constmction we had several companies work on projects at Fremont Community Schools. To no one's fault but my own, the Davis-Bacon requirements wore not fully communicated to these companies. One company that did work for us could not respond with a positive affirmation on Davis-Bacon. Their response is as follows: "We will not be able tQ v.rovide a letter stating we paid our employees a Prevailing Wage (pr work completed at Fremont Community Schools. We do not have any proposals or signed contracts stating these iobs were Prevailing Wage. As such, our employees were not p_aid a Prevailing Wage when working on these proiects. •~ I (Dr. William Stitt) have watched the webinar regarding Davis-Bacon requirements provided by the U.S. Department of Education (USDE) and U.S. Department of Labor (DO1). I have also read through the questions and responses for the December 7, 2023 webinar. I attest that I and Fremont Community Schools commit that applicable Davis-Bacon requfrements will be utilized on any future construction, or construction related, activities using $2,000 or greater of Federal grant funds and will follow Davis-Bacon requirements.
View Audit 345281
Finding 526306 (2024-001)
Material Weakness 2024
Greenwood Community School Corporation
IN
Procurement, Suspension & Debarment Subrecipient Monitoring School Nutrition Programs § 200.303
FINDING 2024-001 (Auditor Assigned Reference Number) Finding Subject: Child Nutrition Cluster Summary of Finding: Lack of an internal control system to ensure compliance with the Suspension and Debarment requirements for contractors and subrecipients Contact Person Responsible for Corrective Action:...
FINDING 2024-001 (Auditor Assigned Reference Number) Finding Subject: Child Nutrition Cluster Summary of Finding: Lack of an internal control system to ensure compliance with the Suspension and Debarment requirements for contractors and subrecipients Contact Person Responsible for Corrective Action: Katy Dowling Contact Phone Number and Email Address: 317-889-4060 and kdowling@gws.k12.in.us Views of Responsible Officials: The district concurs with the finding. The procurement of the item in question began with the prior Director of Food Service and was then completed at a later date by her successor. We believe this is a contributing factor to this error. The district participates in CIESC’s Region 9 Child Nutrition Cooperative. This cooperative conducts the bidding/procurement process on behalf of its members in compliance with all Federal Procurement and Suspension and Debarment requirements. From time to time, there are items needed that are not available through the cooperative. Most often, this is food service equipment purchases. Description of Corrective Action Plan: Policy 6325 covers procurement for federal grants/funds. Within this policy, procurement and suspension and debarment expectations are provided. The district plans to add an administrative guideline that will cover the process for any purchase reasonably expected to exceed $25,000 including, but not limited to, (1) how to verify if a vendor is suspended or debarred; (2) what documentation is required and how it is submitted/tracked; (3) validation process involving accounts payable for purchases over $25,000 from federal grants/funds to confirm steps 1 and 2 were properly followed. In addition, communication and direction will be provided to any staff in the district who have the ability to make purchases for grant-funded items. Anticipated Completion Date: 3/1/25 – Review of purchases from grant funds from 7/1/24 through 2/20/25 to ensure compliance. 3/1/25 – Completion of Administrative Guidelines 6325 to specify the internal control process. 3/1/25 – Communication to impacted staff regarding the policy and administrative guideline.
View Audit 345221
Finding 526260 (2024-082)
Material Weakness 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring § 200.303 § 200.332
Responsible Contact Person(s): Ousman Kah, Subrecipient Monitoring Coordinator Corrective Action Planned: A Grants Management solution is being pursued by DSS in anticipation that it can be deployed with Subrecipient Monitoring capabilities needed to comply with these requirements. A new budget requ...
Responsible Contact Person(s): Ousman Kah, Subrecipient Monitoring Coordinator Corrective Action Planned: A Grants Management solution is being pursued by DSS in anticipation that it can be deployed with Subrecipient Monitoring capabilities needed to comply with these requirements. A new budget request has been submitted for funding of a contingent Subrecipient Monitoring System solution. This will help bridge the deficiencies noted util an integrated permanent solution is implemented. Estimated Completion Date: 6/30/2025
View Audit 345214
Finding 526259 (2024-071)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Naveen Abraham, Chief Core Infrastructure Services Corrective Action Planned: Ensuring that infrastructure suppliers fulfill all contractual requirements with respect to Commonwealth security policies and standards necessitates a programmatic, continuous improvement ap...
Responsible Contact Person(s): Naveen Abraham, Chief Core Infrastructure Services Corrective Action Planned: Ensuring that infrastructure suppliers fulfill all contractual requirements with respect to Commonwealth security policies and standards necessitates a programmatic, continuous improvement approach. VITA has made improved cybersecurity a primary goal and major initiatives have completed and are underway. Based on the improved SLAs and with the improved tools previously implemented, VITA will continue to monitor and improve the security of infrastructure services through ongoing governance, including the requirements of architecture documentation, system security plans, and audit reports. VITA’s infrastructure services group will work with our security group to confirm that the current state achieves security standards compliance. VITA will also continue to work with agencies to drive continued vulnerability remediation and access to log data and to further refine documentation regarding SOPs of the security program and regarding the responsibilities of VITA vs the responsibilities of agencies and suppliers. Estimated Completion Date: 6/30/2025
View Audit 345214
Finding 526253 (2024-053)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Mike Jones, Chief Information Officer Steve Hanoka, Information Security Officer Corrective Action Planned: Vulnerability Management policies and procedures exist. These include scanning for both vulnerabilities and baseline configuration. They are being tracked acco...
Responsible Contact Person(s): Mike Jones, Chief Information Officer Steve Hanoka, Information Security Officer Corrective Action Planned: Vulnerability Management policies and procedures exist. These include scanning for both vulnerabilities and baseline configuration. They are being tracked according to SEC530 resolution standards. Goal is to ensure that all vulnerabilities are remediated within the SLA or have approved exceptions by May 30, 2025. In addition, DMAS has gained guidance from VITA on acceptable alternatives to penetration testing and are tracking completion. Estimated Completion Date: 5/30/2025
View Audit 345214
Finding 526248 (2024-025)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Dwayne Sneade, Director of Cybersecurity Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3...
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Dwayne Sneade, Director of Cybersecurity Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 12/31/2025
View Audit 345214
Finding 526247 (2024-024)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management John Vosper, Assistant Director of Information Security & Risk Management Sam Owusu, IT Risk Manager of Information Security & Risk Management Corrective Action Plann...
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management John Vosper, Assistant Director of Information Security & Risk Management Sam Owusu, IT Risk Manager of Information Security & Risk Management Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 12/31/2026
View Audit 345214
Finding 526245 (2024-022)
Material Weakness 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring Material Weakness Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Steve Hanoka, Information Security Officer Corrective Action Planned: 1. The requirements in the IT Security Governance or general requirements in SEC 530 are going to be addressed as part of the IT Security Planning and IT Security Program Management Policies and Pr...
Responsible Contact Person(s): Steve Hanoka, Information Security Officer Corrective Action Planned: 1. The requirements in the IT Security Governance or general requirements in SEC 530 are going to be addressed as part of the IT Security Planning and IT Security Program Management Policies and Procedures which are targeted to be complete by February 28, 2025. In addition, as part of this effort DMAS will publicize and communicate to system owners those control families which will have general / organizational procedures and which will require system specific procedures. 2. Access Management policies and procedures are in place. As part of annual SSP reviews DMAS is now verifying compliance or issues found 3. All SSPs are current and under SEC530 4. Incident Response Policies and Procedures exist 5. Vulnerability Management policies and procedures exist. These include scanning for both vulnerabilities and baseline configuration. They are being tracked according to SEC530 resolution standards. Goal is to ensure that all vulnerabilities are remediated within the SLA or have approved exceptions by May 30, 2025. In addition, DMAS has gained guidance from VITA on acceptable alternatives to penetration testing and are tracking completion. 6. Comprehensive third-party Management procedures are being developed and will be implemented by March 31, 2025. 7. Security Training is up to date and compliant Estimated Completion Date: 5/31/2025
View Audit 345214
« 1 117 118 120 121 441 »