Corrective Action Plans

Finding #2023-001 Prior Year Reporting Package and Data Collection Not Filed Timely: Recommendation: We recommend that management implement procedures to ensure that reporting packages and data collection forms are filed timely in the future. Action taken: Kaaterskill Commons, Inc. agrees with the auditor’s recommendations and will implement procedures to ensure timely filing in the future. For questions regarding this corrective action plan, please contact Bryan Mahoney, Chief Financial Officer, at (518) 828-8090.

2023-001-Reporting Federal Agency: U.S. Department of the Treasury Federal Program Name: Covid-19 Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Recommendation: We recommend corrections to quarterly reports be made in subsequent quarterly reports to ensure obligations match actuality. We recommend timely reconciliation of accounting transactions to allow for accurate reporting of expenditures through the quarter. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The findings noted on the FY 22/23 audit regarding expenditures and obligations were in direct correlation with the findings noted on the FY 21/22 audit. At the close of the FY 21/22 audit, quarter one and quarter two reports had been filed with Treasury. Leading into quarter three, corrections to reporting obligations were being addressed and corrected. As of the fourth quarter reporting cycle, all expenses and obligation issues were corrected. Name(s) of the contact person(s) responsible for corrective action: Christia Johnson, Budget and Management Services Director Planned completion date for corrective action plan: As mentioned above, this has already been addressed as part of the FY 21/22 audit that was finalized in April 2023, 7 months into FY 2022/23. The Budget Office will continue to follow the procedures that were put into place more than halfway through FY 22/23.

Condition: As of the June 30, 2023 reporting date, the City’s Project and Expenditure Reports understated expenditures by $629,040. Also, obligations were overstated by approximately $15,000,000. Corrective Action Planned: The City has implemented reconciliation procedures with the City Auditor and the City ARPA Director to reconcile the general ledger with the US Treasury portal prior to submission on a quarterly basis. The ARPA Director reached out to the US Treasury and communicated concerns that obligations cannot be edited on the portal and received guidance on remedies to edit obligations. Anticipated Completion Date: April 30, 2024 Contact: Bridget Almon, Director of Financial Services Kara Humm, ARPA Director Sedryk Sousa, City Auditor

Reference Number: 2023-003 Prior Year Finding: No Federal Agency: U.S. Department of Treasury Federal Program: COVID-19 – Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Award Number and Year: ARP17SL1 (5/23/2021 – 12/31/2026) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Criteria or specific requirement: Compliance: 2 CFR §200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per section 200.414. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Passthrough entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters. (2) Performing on-site reviews of the subrecipient's program operations. (3) Arranging for agreed-upon-procedures engagements as described in § 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non- Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Prince George’s County (the County) was unable to provide support that subawards it issued contained all required federal information nor that it properly monitored its subrecipients. Context: Five subrecipients were selected for testing, and the following exceptions were noted: For one of five subrecipients, the County did not have a subaward agreement in place with the subrecipient. As such, all required information was not furnished to the subrecipient. Five of five subaward agreements were missing the following required information: o Federal Award Identification Number (FAIN) For two of five subrecipients, the County was unable to provide support that it conducted during the award monitoring. For one of five subrecipients, the County was unable to provide support that it had verified that the subrecipients were audited as required by Subpart F. Questioned costs: Undetermined. Cause: The County did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific programs and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis. Recommendation: The County should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed. Action taken in response to findings: OCR has submitted the subaward agreement to include all required information for review and approval in SPEED. The subaward agreement is awaiting approval and will be sent to the Office of Finance in April 2024. Name of the contact person responsible for corrective action: Ameria Williams, Budget and Human Resources Manager. Planned completion date for corrective action plan: April 30, 2024. Explanation of disagreement with audit findings: There is no disagreement with the audit findings. Views of responsible officials: The Office of Community Relations (OCR) is reviewing and working to enhance internal controls and procedures to ensure all required information is included in the subaward, that proper subrecipient monitoring is conducted, and the evaluation of independent audits are performed. OCR is working with the subrecipient to gather payroll receipts and proof of the disbursement of funds to grantees selected through the RFPs managed by the subrecipient. Any questions concerning the findings or corrective action plan can be directed to Euniesha Davis, Director, OCR, at 301-952-4729.

Reference Number: 2023-001 Prior Year Finding: 2022-002 Federal Agency: U.S. Department of Housing and Urban Development Federal Program: Community Development Block Grants/Entitlement Grants Assistance Listing Number: 14.218 Award Number and Year: B-19-UC-24-0002 (7/31/2019 – 9/1/2027), B-20-UC-24- 0002 (8/17/2020 – 9/1/2028), B-21-UC-24-0002 (10/27/2021 – 9/1/2029), B-22-UC-24-002 (7/1/2022 – 9/1/2029) Compliance Requirement: Reporting – Federal Funding Accountability and Transparency Act (FFATA) Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Recommendation: We recommend that the County develop internal controls and procedures to ensure that FFATA reporting requirements are met. We further recommend the County develop controls and procedures to ensure that all required subawards are reported accurately and timely to FSRS. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: DHCD will review and update procedures to ensure the department is in full compliance with the FFATA guidelines. In addition, DHCD will review all remaining balances from prior year grant awards and record the awards in FSRS. Name(s) of the contact person(s) responsible for corrective action: Edren Lewis, Chief Budget, Accounting and Loan Servicing Manager Planned completion date for corrective action plan: June 30, 2024 Any questions concerning the findings or corrective action plan can be directed to Aspasia Xypolia, Director, DHCD at 301-883- 5531.

Gramm-Leach-Bliley Act (GLBA) Compliance Planned Corrective Action: The University will proceed with approval and implementation of draft policies and procedures and will expand the information security program to address identified issues. The University will allocate necessary resources and will contract with necessary third-party providers to meet existing resource and technology gaps. Person Responsible for Corrective Action Plan: Jeff Lundblad, AVP and Chief Information Officer Anticipated Date of Completion: October, 2024

FINDING 2023-007: Misclassification of Capital Purchases Response: District Clerk and Business Manager will ensure all capital purchases are correctly classified and coded within the 730 [major equipment-new] or 740 [major equipment- replacement] object line items. It will also be the Clerk's responsibility to ensure capital purchase expenditure lines arc built within annual budgets.

Reference Number 2023-001 Quality Assurance Program Verification Activities (ALN 20.205) Corrective Action: Upon notification by TxDOT of the non-compliance on the 365 Tollway Project, the Authority took the following action: 1. Suspended work with consultant on November 10, 2023, and subsequently terminated their contract on December 21, 2023, for non-compliance with quality assurance requirements. 2. Enforced the contract with its Owner’s Independent Assurance Program (IAP) consultant to provide continuous monitoring of all technician certifications/accreditations for the life of the project. 3. Procured services to perform forensic investigation and evaluation of the work performed by the non-compliant technicians to confirm materials meet quality assurance standards. Proposed Completion Date: The IAP is monitoring all technician certifications/accreditation and will continue monitoring for the life of the project. The forensic investigation and evaluation of the work performed by the non-compliant technicians will be completed by December 2024. Name of contact person: Pilar Rodriguez, P.E., Executive Director Contact Information: (956) 402-3762 prodriguez@hcrma.net

Finding Number: 2023-005 Assistance Listing, Federal Agency, and Program Name 10.558, U.S. Department of Agriculture, Child Care and Adult Food Program Federal Award Identification Number and Year 15-016-271P-00 Pass through Entity Illinois State Board of Education Finding Type Material weakness Repeat Finding No Criteria Per 2 CFR 200.303(a), the nonfederal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in "Standards for Internal Control in the Federal Government," issued by the Comptroller General of the United States, or the "Internal Control Integrated Framework," issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Other requirements include: a) Per 7 CFR 226.10(c)(1), prior to submitting its consolidated monthly claim to the State agency, each sponsoring organization must perform edit checks on each facility's meal claim; per 7 CFR sections 226.16(g) and (h), a sponsoring organization must disburse advance and meal reimbursement payments to centers and day care homes under its sponsorship within five working days of receiving them from its state agency. b) Per 7 CFR 226.15(f), each sponsoring organization of day care homes shall determine which of the day care homes under its sponsorship are eligible as tier I day care homes c) Communication from the passthrough entity to return to pre COVID 19 monitoring, as required under 7 CFR 226.16(d)(4)(iii), effective October 1, 2022, where sponsoring organizations are required to perform onsite monitoring of each of its facilities three times every year, which includes requirements to ensure the amount of time between reviews does not exceed six months (unless review average is used). Condition A lack of documented controls as evidence of supervisory review and segregation of duties to ensure compliance with Federal program requirements, specifically over: a) monthly expenditure reports submitted to the passthrough entity b) tier (day care home eligibility) determinations c) subrecipient monitoring Questioned Costs None Identification of How Questioned Costs Were Computed N/A no instances of material noncompliance noted that would result in questioned costs Context a) During testing a sample of 5 monthly expenditure submissions, we noted no formally documented supervisory review in place. Additionally, during testing of 40 disbursements to providers, we noted no formally documented supervisory review to ensure disbursements to providers are made within 5 working days of receipt from the State passthrough entity. b) While gaining an understanding of controls over tier (day care home eligibility) determinations, we noted no controls established to ensure supervisory review of these determinations. c) While testing a sample 40 provider monitoring visits, we noted 3 visits without evidence of supervisory review and 6 visits where the visit was completed and validated in the software by the same individual. Additionally, we noted 16 day care homes and 2 day care centers with less than the required 3 annual on site monitoring visits for the year, and 15 day care homes and 2 day care centers where onsite monitoring performed were more than the required 6 months apart. Cause and Effect A lack of effectively designed, implemented, and operating controls in any of these areas could result in a material noncompliance with program requirements or Uniform Guidance. Recommendation We recommend management formalize documentation of a supervisory review of: a) monthly expenditure submissions before submitting to the passthrough entity, including documented supervisory controls to ensure disbursement timeliness is met within 5 working days as part of this review; b) of data used in making tier/eligibility determinations for accuracy and completeness; and c) of subrecipient monitoring. Additionally, we recommend management work with its passthrough entities to confirm compliance requirements, especially when compliance requirements change as the result of ending or expiring waivers and flexibilities. Planned Corrective Action Plan –Organization will document process that is used for second review of the monthly expenditure submissions by 04/30/2024. There are no instances of the Organization not providing funds to provider within the mandated 5 days, however, the Organization will document the process for provider payments within 5 days by 04/30/2024. The software required to be used by the funder for management of the program does have limitations on how the data input for making tier/eligibility determinations second review is documented. Organization will design process to document this second review has occurred by 04/30/2024. Staffing shortages coming out the COVID-19 waivers resulted in the inability to perform all required Subrecipient monitoring. This staffing shortage was rectified by 08/31/2023. Contact person responsible for corrective action: Loukisha Pennex, Chief of Youth and Family Potential, Anjanette Brown, CFO and Teresa Rodriguez, Senior Director of Grants and Contracts. Anticipated Completion Date: April 2024

FINDING 2023-004 Compliance Requirement(s): Reporting Audit Finding(s): Material Weakness and Other Matters Summary of Finding: An effective internal control system, which would include segregation of duties, was not in place at the School Corporation in order to ensure compliance with requirements related to the grant agreement and the following compliance requirements: Reporting The Unit has not separated incompatible activities within the managing of the federal award programs. The failure to establish these controls could enable material misstatements and noncompliance to be undetected. Management reviews award agreements, contracts and DOE reporting dates and requirements and submits the Annual report to IDOE. Management reviews report for accuracy between the Treasurer and Grant Manager (Asst. Superintendent). A second approval could not be verified. Segregation of duties during the process of entering, approving, and submitting the Annual Reports failed. Views of Responsible Officials: We Concur with this finding. Description of Corrective Action Plan: In the future, the Required DOE Reports will be prepared by the assistant superintendent, who oversees all grant management. Then, the Business Manager will review the prepared reports; upon review, both the business manager and the assistant superintendent will sign/initial the signifying their review of the documents. The report will also be shared with the Superintendent, who will sign off as well. Anticipated Completion Date: Effective Immediately

In  the  future,  the  Hospital  will  maintain  adequate  financial  records  and  supporting  documentation for federal awards. The Hospital will use a spreadsheet to track all federal awards. The spreadsheet will be prepared by the accountant and reviewed by the Chief Financial Officer. The spreadsheet will be included in the monthly financial information provided to the Board of Directors for review and approval. Responsible Individuals: Stephani Tipton, Accountant and Ken Fisher, CFO Anticipated Completion Date: Ongoing

·         Equipment and Real Property Management

o   Responsible Person(s): Rashunna Rodgers, General Business Manager & Denise Palmer, AR Public School Resource Center

o   Finding:

§  Criteria or specific requirement: Purchase of real property and/or construction for improvements require the prior written approval of the Federal awarding agency or pass-through entity, as specified in OMB 2 CFR section 200.439.

§  Condition: During our examination of real property and construction improvements from the Education Stabilization Fund, we identified a facilities improvement purchase that was denied approval of Education Stabilization funding. Expenditures paid from Education Stabilization Funds for this project totaled $622,511.

§  Cause: Lack of internal controls and management oversight over program expenditures.

§  Effect or potential effect: Unallowable costs of $622,511 were paid from COVID-19 Education Stabilization Fund.

§  Questioned costs: The amount of questioned cost was $622,511.

§  Context: Examination of all payments made for construction for improvements to land, buildings, and equipment totaling $1,577.417.

o   Corrective Action Plan (Anticipated Completion Date: June 1, 2024)

The issue related to this finding will be resolved by reclassifying the fund to the appropriate fund source. The district sought the guidance of Division of Elementary and Secondary Education (DESE) to confirm the reclassification along with returning the funds to the Arkansas Department of Education. A system of checks and balances has been established for spending approval of all purchases including construction or contracted services.

Finding Number: 2023-017 Federal Program: 14.218, Department of Housing and Urban Development (HUD), CDBG – Entitlement Grants Cluster, Community Development Block Grants/Entitlement Grants Program (CDBG) Condition Per Auditor: The County filed the FFATA report seven months late Planned Corrective Action: Management agrees with this finding. The County will implement a notification process to include communication to the grants division once grant contracts are approved. Subsequent FFATA reports will be filed of notification of approval no later than the last day of the month following the month in which the subaward/subaward amendment obligation. Anticipated Completion Date: 6/30/25 Responsible Contact Person: Shauntika Bullard

Finding Number: 2023-016 Federal Program: 14.218, Department of Housing and Urban Development (HUD), CDBG – Entitlement Grants Cluster, Community Development Block Grants/Entitlement Grants Program (CDBG), COVID 19 Community Development Block Grants/Entitlement Grants Program (CDBG-CV) Condition Per Auditor: The County did not have adequate controls in place to submit the Consolidated Annual Performance and Evaluation Report (CAPER) for the program year ended June 30, 2023 within 90 days after the close of the program year. Planned Corrective Action: Management agrees with the finding. Prior to submitting the CAPER, it was brought to the attention of staff that the CDBG Financial Summary Report had to be completed and attached to the CAPER. Staff held discussions with HUD during a MSHDA Conference (September of 2022) to obtain assistance in completing the report. It was suggested that a meeting would be necessary to provide technical assistance for the report. Staff met with HUD October 4th to discuss the report and provide further guidance. The CAPER report was completed and submitted October 6th. The CDBG Financial Summary Report was completed as part of the CAPER. Management will ensure the CAPER is submitted prior to the deadline moving forward. Anticipated Completion Date: 6/30/25 Responsible Contact Person: Tuesday Redmond

Finding Number: 2023-015 Federal Program: 14.218 – U.S. Department of Housing and Urban Development (HUD) – Community Development Block Grant (CDBG) – Entitlement Grants Cluster 93.563 – Title IV-D, U.S. Department of Health and Human Service - Child Support Enforcement (CSE) 10.557, U.S. Department of Agriculture – WIC Special Supplemental Nutrition Program for Women, Infants, and Children Condition Per Auditor: Controls in place were not adequate to ensure compliance with 2 CFR 200 Appendix V submission requirements for the County’s self insurance cost allocation process and annual chargeback plan. Planned Corrective Action: Management communicated with the cognizant agency which confirmed in November 2021, OMB issued guidance relating to CARES Act funding and its effect on indirect cost. Part of this guidance stated that “CARES Act funding should not be included toward the threshold amount for indirect cost submission required in 2 C.F.R. part 200, Appendix VII, paragraph D.1.b”. Therefore, County governments that met the $100 million threshold as a result of CARES Act funding are not required to submit their Central Service Cost Allocation Plan for approval. The CARES Act funding would have increased the County’s funding in excess of $100 million, which should not have been a part of the determination for the original finding. However, since CSLFRF funds were also received increasing the County’s funding in excess of $100 million the annual chargeback plans were submitted to the cognizant agency and U.S. Treasury in 2023 for implementation in FY 24 and will continue to submit subsequent plans to federal cognizant agency, as required by 2 CFR 200 Appendix V. Anticipated Completion Date: 9/30/24 Responsible Contact Person: Shauntika Bullard and Michael Bridges