FAC Explorer

Corrective Action Plans

Browse how organizations respond to audit findings

Total CAPs
56,054
In database
Filtered Results
11,991
Matching current filters
Showing Page
290 of 480
25 per page

Filters

Clear
Active filters: Subrecipient Monitoring
Finding 386492 (2023-028)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Subrecipient Monitoring Eligibility
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. Since June 2023, DYS has made multiple changes to improve monitoring of suspension and reinstatement of Medicaid eligibility for incarcerated juveniles. For juveniles with SSI Medicaid, the Social Security A...
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. Since June 2023, DYS has made multiple changes to improve monitoring of suspension and reinstatement of Medicaid eligibility for incarcerated juveniles. For juveniles with SSI Medicaid, the Social Security Administration (SSA) is responsible for suspending Medicaid coverage. All incarcerations for cases noted in the findings involving SSI Medicaid were reported timely to SSA by the agency. DYS closely monitors these cases and continues to send closure requests to SSA until the cases are closed out. DYS has also updated its communication processes with DCO to ensure cases are suspended and reinstated in a timely manner. All payments noted as occurring during the incarceration period were capitated payments made for the PASSE, Dental Managed Care, NET, and PCCM programs. Some audit findings highlighted payments made for members during their month of incarceration, which is acceptable for all programs. The full monthly rate is paid for Dental Managed Care, NET, and PCCM even if the member is only eligible for part of the month. The PASSE program operates on a per-diem basis and any payments made for days when the member is ineligible are recouped as part of a monthly reconciliation. The agency currently has a reconciliation process for all four programs that identifies payments made after a member’s incarceration date that should be recouped. Some payments noted in the findings will be recouped as part of a reconciliation process that has yet to run. In addition to the current reconciliation process, the agency is in the process of developing an MMIS change that will automatically update member profiles to accurately reflect incarceration dates. This will ensure capitated payments are paused and reinstated in a timely manner and that recoupments and repayments are subsequently processed. Anticipated Completion Date: 6/30/2024 Contact Person: Name: Elizabeth Pitman Title: Director, Division of Medical Services Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-244-3944 Email Address: Elizabeth.Pitman@dhs.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386491 (2023-027)
Material Weakness 2023
State of Arkansas
AR
Allowable Costs / Cost Principles Eligibility Special Tests & Provisions
Views of Responsible Officials and Planned Corrective Action: DHS concurs, in part, and disputes, in part, the finding. Effective May 31, 2019, DMS established and implemented new procedures to improve the following areas of provider enrollment: maintenance of provider application documents, provid...
Views of Responsible Officials and Planned Corrective Action: DHS concurs, in part, and disputes, in part, the finding. Effective May 31, 2019, DMS established and implemented new procedures to improve the following areas of provider enrollment: maintenance of provider application documents, provider revalidation, site visits and fingerprint background requirements. The deficiency noted for the provider referenced in sample item 9 relates to non-compliance with site visit requirements pre-dating May 31, 2019, and CMS’s approval of the agency’s corrective action plan. Since CMS implemented 1135 waiver flexibilities during the Public Health Emergency (PHE), the provider was not terminated and was notified of the agency’s intent to revalidate their enrollment within six months of the end of the PHE. The provider successfully completed the revalidation process prior to the expiration of the 1135 waiver flexibilities. The absence of enrollment documentation noted in sample items 19 and 37 can be attributed to transitions and document storage issues that occurred within the legacy MMIS system. Since the time of enrollment for these two providers, the agency has made multiple updates to the MMIS system to capture and retain enrollment documentation. The agency has obtained the required documentation noted as missing for both sample items. The deficiency noted in sample item 33 has been resolved as the agency has verified licensure of the provider covering the audit period. Anticipated Completion Date: Complete Contact Person: Name: Elizabeth Pitman Title: Director, Division of Medical Services Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-244-3944 Email Address: Elizabeth.Pitman@dhs.arkansas.gov
View Audit 298801
Finding 386490 (2023-026)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Eligibility Special Tests & Provisions
Views of Responsible Officials and Planned Corrective Action: DHS disputes the finding. The revalidation date for the provider noted in sample item 28 was 7/20/2022. Per CMS guidance, revalidations, site visits, and fingerprint background checks were paused during the COVID Public Health Emergency ...
Views of Responsible Officials and Planned Corrective Action: DHS disputes the finding. The revalidation date for the provider noted in sample item 28 was 7/20/2022. Per CMS guidance, revalidations, site visits, and fingerprint background checks were paused during the COVID Public Health Emergency (PHE) (3/1/2020-5/11/2023) and states were given until 11/11/2023 to complete revalidations due during the PHE. As this provider’s revalidation and site visit were completed on 10/12/2023, the agency is in compliance with all provider revalidation requirements. Based on research conducted by DMS, the provider noted in sample item 36 was not enrolled until 9/16/2018. Therefore, the revalidation date for this provider is 9/16/2023 as opposed to 6/12/2023 and there would be no questioned cost for the audit period. Anticipated Completion Date: Complete Contact Person: Name: Elizabeth Pitman Title: Director, Division of Medical Services Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-244-3944 Email Address: Elizabeth.Pitman@dhs.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386489 (2023-025)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Eligibility Subrecipient Monitoring
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency is conducting an ARIES system review to determine the root cause of the incorrect eligibility determinations and will identify and implement any needed updates to the automatic renewal process. ...
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency is conducting an ARIES system review to determine the root cause of the incorrect eligibility determinations and will identify and implement any needed updates to the automatic renewal process. Anticipated Completion Date: 4/30/2024 Contact Person: Name: Mary Franklin Title: Director, Division of County Operations Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-681-8377 Email Address: Mary.Franklin@dhs.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386488 (2023-024)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Subrecipient Monitoring Eligibility
Views of Responsible Officials and Planned Corrective Action: DHS concurs with this finding. As the Public Health Emergency has concluded, the agency has returned to normal operations which requires disenrollment of any PASSE member that has not received an independent assessment within the last 12...
Views of Responsible Officials and Planned Corrective Action: DHS concurs with this finding. As the Public Health Emergency has concluded, the agency has returned to normal operations which requires disenrollment of any PASSE member that has not received an independent assessment within the last 12 months. Anticipated Completion Date: Complete Contact Person: Name: Elizabeth Pitman Title: Director, Division of Medical Services Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-244-3944 Email Address: Elizabeth.Pitman@dhs.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386486 (2023-023)
Material Weakness 2023
State of Arkansas
AR
Subrecipient Monitoring Special Tests & Provisions Matching / Level of Effort / Earmarking
Views of Responsible Officials and Planned Corrective Action: DHS concurs, in part, and disputes, in part, the finding. DHS has submitted and received approval from CMS for changes to the Dental Managed Care contract that requires the completion of annual audited financial reports. The agency disa...
Views of Responsible Officials and Planned Corrective Action: DHS concurs, in part, and disputes, in part, the finding. DHS has submitted and received approval from CMS for changes to the Dental Managed Care contract that requires the completion of annual audited financial reports. The agency disagrees that the audited financial reports submitted by the PASSE and Dental Managed Care Organizations (DMO) do not comply with 42 CFR 438.3(M). CMS guidance pertaining to that regulation provides that states have the flexibility to specify the applicable generally accepted accounting and auditing principles for the audited financial reports in the managed care plan contracts. The Arkansas Insurance Department also requires insurers to submit annual audited financial statements. Ark. Code Ann. 23-61-108 requires PASSE’s and DMO’s to follow the National Association of Insurance Commissioners Accounting Practices and Procedures Manual. DHS interprets 42 CFR 438.3(M) and its related guidance to permit the State Medicaid Agency flexibility to adopt the same accounting principles as the State Insurance Agency. As a practical matter, DHS reviewed the use of the audited financial statements and the information necessary to be contained within those statements. DMS discussed the use of the audited financial statements with the External Quality Review Organization (EQRO) that performs our External Quality Review. The EQRO confirmed that audited financial statements that complied with the Arkansas statutory basis would be satisfactory for review purposes. Anticipated Completion Date: Complete Contact Person: Name: Elizabeth Pitman Title: Director, Division of Medical Services Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-244-3944 Email Address: Elizabeth.Pitman@dhs.arkansas.gov
View Audit 298801
Finding 386484 (2023-022)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Subrecipient Monitoring Allowable Costs / Cost Principles
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency will update its written reporting instructions for Medicaid and CHIP to cover all items in the report workbooks. After the conclusion of the audit testing, the agency confirmed that the noted vari...
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency will update its written reporting instructions for Medicaid and CHIP to cover all items in the report workbooks. After the conclusion of the audit testing, the agency confirmed that the noted variance between the agency’s accounting system and reported expenditures for the quarter ended September 30, 2022, was below the 5% threshold which requires an explanation to be provided to CMS financial analysts. The agency has reassigned resources to the Medicaid reporting section which will allow for additional time to spend researching variances identified in quarterly reconciliations. The agency also confirmed that the understatement of the federal portion of the September 30, 2022, CMS-64 report was $10,582, and the overstatement of the federal portion of the of the March 31, 2023, CMS-64 report was $30,664. The agency will correct these errors through an adjustment on an upcoming submission of the CMS-64 report. Anticipated Completion Date: 7/31/2024 Contact Person: Name: Jason Callan Title: Medicaid Chief Financial Officer Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-320-6540 Email Address: Jason.Callan@dhs.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386482 (2023-021)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Matching / Level of Effort / Earmarking Subrecipient Monitoring
Views of Responsible Officials and Planned Corrective Action: DHS disputes this finding. All funds used as match for administrative and program expenditures were from an allowable funding source. The agency confirmed that the Arkansas Medicaid Program Trust Fund, which funds all bank accounts used ...
Views of Responsible Officials and Planned Corrective Action: DHS disputes this finding. All funds used as match for administrative and program expenditures were from an allowable funding source. The agency confirmed that the Arkansas Medicaid Program Trust Fund, which funds all bank accounts used for administrative and program expenditures for Medicaid and CHIP, is only funded with statutorily allowed revenues. The complex nature of Medicaid and CHIP finance and frequency of transactions necessitates paying accounts be sufficiently funded to pay all costs associated with administering the programs. This often results in accounts carrying a fund balance that does not require the agency to draw down additional state general revenue or other non-federal funds to meet its state match obligation. While the agency disagrees that a dollar-for-dollar reconciliation of funding draws is the appropriate way to confirm program expenditures are from an allowable source, we continue to update our general ledger system to improve the ability to monitor state general revenues and other non-federal federal revenue sources used to match federal funding. Anticipated Completion Date: Complete Contact Person: Name: Misty Eubanks Title: Deputy Secretary for Operations and Budget and Interim Chief Financial Officer Agency: Department of Human Services Address: P.O. Box 1437, Slot S201 City, State, Zip: Little Rock, AR, 72203-1437 Phone Number: 501-320-6327 Email Address: misty.eubanks@dhs.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386478 (2023-019)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Allowable Costs / Cost Principles Subrecipient Monitoring
Views of Responsible Officials and Planned Corrective Action: DHS concurs, in part, and disputes, in part, this finding. The noted MLR remittance was submitted for collection on December 12, 2023. The agency has developed and implemented a process to collect all MLR rebates through monthly capitati...
Views of Responsible Officials and Planned Corrective Action: DHS concurs, in part, and disputes, in part, this finding. The noted MLR remittance was submitted for collection on December 12, 2023. The agency has developed and implemented a process to collect all MLR rebates through monthly capitation payments. The agency will amend its Dental Managed Care contract to address this recoupment process. The agency has provided its actuary with the audited financial statements for all Dental Managed Care and PASSE entities dating back to the beginning of these programs and will update its internal control to clarify the process for calculating the three years of reports that must be submitted to the actuary. The agency disagrees that approved contracted rates were not being used for calendar year 2022. 42 CFR § 438.4(b) only requires that capitation rates be set at an actuarially sound rate for a specified time period. The requirement to receive approval for capitated rates does not mean that states are required to use previously approved rates from a prior year until a new one is approved. Actuarial best practices dictate that it is not appropriate to pay actuarial rates developed for a prior time period because there may be material differences in trend rates, covered benefits, provider reimbursement, and covered populations. Instead, it is optimal to use rates specifically developed for the applicable time limit even if CMS has not approved the rates. By using this approach, the agency ensures that it is paying MCO’s and PASSE’s capitation rates developed to be consistent with their financial responsibilities. Continued adherence to this practice is necessary as CMS consistently approves rates well after the beginning of the contract year. While CMS approval is beyond the agency’s control, agency controls and contracts have been updated to ensure rates and contracts are submitted 90 days prior to the start of the contract year. Anticipated Completion Date: Complete Contact Person: Name: Elizabeth Pitman Title: Director, Division of Medical Services Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-244-3944 Email Address: Elizabeth.Pitman@dhs.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386477 (2023-018)
Material Weakness 2023
State of Arkansas
AR
Matching / Level of Effort / Earmarking Subrecipient Monitoring
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency will develop a procedure to monitor and accurately report adoption savings activities and will submit an updated Adoption Savings Report to correct any previously incorrectly reported amounts. A...
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency will develop a procedure to monitor and accurately report adoption savings activities and will submit an updated Adoption Savings Report to correct any previously incorrectly reported amounts. Anticipated Completion Date: 3/31/2024 Contact Person: Name: Tiffany Wright Title: Director, Division of Children and Family Services Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-396-6477 Email Address: Tiffany.Wright@dhs.arkansas.gov
View Audit 298801
Finding 386476 (2023-017)
Material Weakness 2023
State of Arkansas
AR
Matching / Level of Effort / Earmarking Subrecipient Monitoring
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency will develop a procedure to monitor and accurately report adoption savings activities and will submit an updated Adoption Savings Report to correct any previously incorrectly reported amounts. A...
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency will develop a procedure to monitor and accurately report adoption savings activities and will submit an updated Adoption Savings Report to correct any previously incorrectly reported amounts. Anticipated Completion Date: 3/31/2024 Contact Person: Name: Tiffany Wright Title: Director, Division of Children and Family Services Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-396-6477 Email Address: Tiffany.Wright@dhs.arkansas.gov
View Audit 298801
Finding 386475 (2023-016)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Subrecipient Monitoring Eligibility
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency has updated its internal controls procedures to require enhanced review of payments made after the death of a provider or a client and enhanced monitoring of when a client is removed from an adopt...
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency has updated its internal controls procedures to require enhanced review of payments made after the death of a provider or a client and enhanced monitoring of when a client is removed from an adoptive parent’s home. The Accounts Receivable Unit in the Office of Finance has implemented systems changes that ensures all claims will generate a collections notice with the correct claims data. The noted outstanding collection notices have been sent and data entry errors have been corrected. Anticipated Completion Date: Complete Contact Person: Name: Tiffany Wright Title: Director, Division of Children and Family Services Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-396-6477 Email Address: Tiffany.Wright@dhs.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386474 (2023-015)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Subrecipient Monitoring Eligibility
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency has updated its documented controls to require confirmation that agreements are signed by all parties before processing adoption subsidy packets. Adoption staff will be trained on the updated cont...
Views of Responsible Officials and Planned Corrective Action: DHS concurs with the finding. The agency has updated its documented controls to require confirmation that agreements are signed by all parties before processing adoption subsidy packets. Adoption staff will be trained on the updated controls. Anticipated Completion Date: 3/31/2024 Contact Person: Name: Tiffany Wright Title: Director, Division of Children and Family Services Agency: Department of Human Services Address: 700 Main Street City, State, Zip: Little Rock, AR 72201 Phone Number: 501-396-6477 Email Address: Tiffany.Wright@dhs.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386470 (2023-013)
Material Weakness 2023
State of Arkansas
AR
Matching / Level of Effort / Earmarking Subrecipient Monitoring Material Weakness § 200.302 § 200.303
Views of Responsible Officials and Planned Corrective Action: Arkansas Department of Education recognizes this finding. ADE Finance understands the importance of supporting documentation for non-LEAs and has implemented a plan for FY23 communications. Furthermore, ADE Finance conducted follow-up com...
Views of Responsible Officials and Planned Corrective Action: Arkansas Department of Education recognizes this finding. ADE Finance understands the importance of supporting documentation for non-LEAs and has implemented a plan for FY23 communications. Furthermore, ADE Finance conducted follow-up communication with the U.S. Department of Education (ED) on March 1, 2024. It was concluded that FTE position data for non-LEAs were optional for Years 1 and 2 Annual Performance Reports per the ESSER Form Review Webinar Guidance. ADE was further instructed to omit non-LEA information from the template should it be unreasonable to provide for the FY22 reporting year in question. ADE will ensure non-LEA entities provide the requested 5.a – Full-Time Equivalent (FTE) Compliance Supplement information for supporting documentation with FY23 and subsequent Reporting Periods. Anticipated Completion Date: May 2024. ADE Finance is coordinating communication with non-Local Educational Agencies (non-LEAs) in effort to revise the data for FY22, however will omit the related data per U.S. Department of Education (ED) guidance provided on March 1, 2024, should non-LEAs be unable to provide quality data. Contact Person: Name: Amy Thomas Title: Accounting Operations Manager Agency: Arkansas Department of Education Address: Four Capitol Mall, Room 204 City, State, Zip: Little Rock, AR, 72201 Phone Number: 501-682-3636 Email Address: Amy.Thomas@ade.arkansas.gov
View Audit 298801
Finding 386469 (2023-012)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Subrecipient Monitoring Matching / Level of Effort / Earmarking § 200.302
Views of Responsible Officials and Planned Corrective Action: Arkansas Department of Education recognizes this finding. The ADE Finance unit utilized data extracted from the statewide Local Educational Agencies (LEAs) system, APSCN, for the majority of parameters reported. However, APSCN does not h...
Views of Responsible Officials and Planned Corrective Action: Arkansas Department of Education recognizes this finding. The ADE Finance unit utilized data extracted from the statewide Local Educational Agencies (LEAs) system, APSCN, for the majority of parameters reported. However, APSCN does not have the ability to cross-reference financial expenses with Local Educational Agency’s (LEAs) personnel data, which led to the creation of the survey. LEAs were expected to report data during a subsequent school year post COVID-19 Pandemic. ADE gathered state total expenses for requested categories from the system compiled with the requested breakdowns by position type obtained in the manual survey. The two data sets did not align, thus seen in Questioned Costs which reflects the difference between the two datasets. LEA actual expenses, associated drawdowns, and disbursements were not affected by the amounts reported in the annual ESSER data. ADE Finance is currently working with APSCN personnel to explore options for assembling data without manual input from LEAs. When implemented, discrepancies in the state data reported to federal systems and LEAs data should not exist. ADE has the goal of utilizing this method for FY23 reporting in May 2024. Anticipated Completion Date: ADE Finance will revise its uploaded FY22 ESSER data template during the allowable period of July 29, 2024, through August 15, 2024. Contact Person: Name: Amy Thomas Title: Accounting Operations Manager Agency: Arkansas Department of Education Address: Four Capitol Mall, Room 204 City, State, Zip: Little Rock, AR, 72201 Phone Number: 501-682-3636 Email Address: Amy.Thomas@ade.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386468 (2023-011)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Subrecipient Monitoring Matching / Level of Effort / Earmarking § 200.302
Views of Responsible Officials and Planned Corrective Action: Arkansas Department of Education recognizes this finding. ADE Finance completed the named report which contained a subtotal error that overstated the totals when provided to Legislative Auditors. However, logic verifications built into t...
Views of Responsible Officials and Planned Corrective Action: Arkansas Department of Education recognizes this finding. ADE Finance completed the named report which contained a subtotal error that overstated the totals when provided to Legislative Auditors. However, logic verifications built into the Federal System disallowed the items mentioned to be submitted. Therefore, the data reflected in Federal reporting for Arkansas was not overstated nor actual expenses and associated drawdowns completed erroneously. This information was confirmed with the U.S. Department of Education (ED) on February 21, 2024. ADE Finance assures that revisions to the FY23 ESSER data template will be made and uploaded to the Federal Reporting System during the allowable period of July 29, 2024, and August 15, 2024. Anticipated Completion Date: Data was effectively corrected at the time of reporting within the Federal System. ADE Finance will revise its uploaded FY23 ESSER data template during the allowable period of July 29, 2024, through August 15, 2024. Contact Person: Name: Amy Thomas Title: Accounting Operations Manager Agency: Arkansas Department of Education Address: Four Capitol Mall, Room 204 City, State, Zip: Little Rock, AR, 72201 Phone Number: 501-682-3636 Email Address: Amy.Thomas@ade.arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386464 (2023-010)
Significant Deficiency 2023
State of Arkansas
AR
Subrecipient Monitoring Student Financial Aid Special Tests & Provisions
Views of Responsible Officials and Planned Corrective Action: We agree with the auditor’s finding and recommendations, and the following corrective action will be taken to improve the situation: • The Director of Computing Services will oversee the review subsections of 16 CFR 314 to ensure complian...
Views of Responsible Officials and Planned Corrective Action: We agree with the auditor’s finding and recommendations, and the following corrective action will be taken to improve the situation: • The Director of Computing Services will oversee the review subsections of 16 CFR 314 to ensure compliance with requirements. o Perform a more thorough GLBA Risk Assessment, which will be used to improve the institution’s security policy and posture. This is outlined in 16 CFR 314(b). o Improve safeguards and more frequent testing to improve system security and threat transparency will be added, including email security and log file monitoring, in addition to other controls as outlined in 16 CFR 314(c) and (d). Several quotes have been acquired and are in the process of being reviewed. o Conduct a review of policies and training, as outlined in 16 CFR 314(e), and mitigate deficiencies in awareness training and policies. o Improve documentation around third-party service providers to ensure compliance with 16 CFR 314(f). o All response plans are to be reviewed and improved as needed because of the Risk Assessment and other monitoring activities to ensure appropriate activities are included and tested at regular intervals. o The institution will develop a compliance document to record efforts according to each section of 16 CFR 314, including those areas that are already compliant. It is the goal of SEARK College to remain in a state of continuous improvement and in compliance with required regulations. The Director of Computing Services will work with the Senior Leadership Team to ensure that appropriate resources are made available, and that activities occur in a timely manner. Anticipated Completion Date: The indicated reviews and assessments are already in progress, with a goal of June 30, 2024, to have fully integrated the stated improvements into our systems and procedures. Contact Person: Name: JoAnn Dupra Title: Director of Computing Services Agency: Southeast Arkansas College Address: 1900 Hazel St City, State, Zip: Pine Bluff, AR 71603 Phone Number: (870) 543-5993 Email Address: jdupra@seark.edu
View Audit 298801
Finding 386459 (2023-009)
Significant Deficiency 2023
State of Arkansas
AR
Student Financial Aid Subrecipient Monitoring Special Tests & Provisions
Views of Responsible Officials and Planned Corrective Action: Management understands the recommendations provided in the finding. We are planning on updating our 2021 Risk Assessment with our campus community in the near future. In accordance with ALA's recommendation, we will focus on GLBA 16 CFR...
Views of Responsible Officials and Planned Corrective Action: Management understands the recommendations provided in the finding. We are planning on updating our 2021 Risk Assessment with our campus community in the near future. In accordance with ALA's recommendation, we will focus on GLBA 16 CFR 314 elements and financial aid data. As with our 2021 Risk Assessment, our plan will be reviewed and accepted by our Chancellor. We intend to have the Risk Assessment updated and reviewed by June 30, 2024. We will also coordinate the risks identified with the extensive list of controls and policies that currently protect student’s financial aid information. These include: Acceptable Use Policy_V7_3.pdf Antivirus and Malware Policy_V2_1.pdf Cloud Services Policy_V1_2.pdf Confluence Screenshots Of Contact Information For Critical Systems (1).pdf Data Classification Policy_V1_2.pdf Data Encryption Policy_V7_1.pdf Data Management Use Protection Policy_V7_2.pdf Data Protection Policy_V7_2 Data Protection Policy_V7_2.pdf Disaster Recovery Business Continuity System Recovery Prioritization List_V1_2.pdf Disaster Recovery Procedure_V1_5.pdf Drive Data Deletion Policy_V7_2.pdf E-Learning Policies_V7_1.pdf Email and Digital Communication Policy_V8_2.pdf Email and Digital Communication Policy_V8_2.pdf Employee Data Deletion Policy_V7_2.pdf Encryption of Sensitive Data on Transmission Policy_V7_2.pdf Faculty Senate Legislation Reference_V6.1.pdf Firewall Blacklist and Whitelist Policy_V7_2.pdf Firewall Management Procedure_V7_2.pdf GLBA Risk assessment.docx Incident Response and Forensic Analysis Procedures_V7_5.pdf IT Employee Departure Procedures_V7_2.pdf IT Security Awareness and Competencies Policy_V1_5.pdf IT Services System Administration Privileged Access Management Policy_V7_2.pdf IT System Backup Procedures_V7_2.pdf IT System Patching Process_V7_3.pdf Lab / Classroom Administrative Rights Exception Request_V6_1.pdf Local Firewall Procedures for Workstations and Mobile Devices_V7_2.pdf Log Review Policy_V2_1.pdf Mobile Device Security - Remote Email Destruction Process_V1_1.pdf Mobile Device Security Policy_V2_1.pdf Multi-factor Authentication - Information Technology Services - UA Little Rock.pdf Network Patching Process_V1_1.pdf PCI Compliance _ Training Policy_V7_2.pdf Physical Security Policy_V1_3.pdf Retention of Records Policies_V7_2.pdf Security and Incident Response Team Policy_V1_3.pdf Security and IT System Access Policy_V1_2.pdf Student Account Deletion Policy_V7_2.pdf System Log Requirements_V8_2.pdf UALR Change Management Policy 2.2.pdf Vendor Remote Access Policy_V1_1.pdf Vulnerability Scan Policy_V7_2.pdf Wireless Network Guest Security Policy_V1_1.pdf Wireless Security Policy_V1_2.pdf Workstation Administrative Rights Exception Request_V6_1.pdf Anticipated Completion Date: June 30, 2024 Contact Person: Name: Gerald J. Ganz, Jr. Title: Vice Chancellor for Finance & Administration Agency: University of Arkansas at Little Rock Address: 2801 S. University Avenue City, State, Zip: Little Rock, AR, 72204 Phone Number: 501-916-5622 Email Address: GJGanz@ualr.edu
View Audit 298801
Finding 386458 (2023-008)
Material Weakness 2023
State of Arkansas
AR
Subrecipient Monitoring § 200.332
Views of Responsible Officials and Planned Corrective Action: ASBO has developed a Notice of Subgrant Award Information Form providing required information to each subrecipient. We have already sent this form out for CPF grants as an amendment to the current grant award. This form will be part of ...
Views of Responsible Officials and Planned Corrective Action: ASBO has developed a Notice of Subgrant Award Information Form providing required information to each subrecipient. We have already sent this form out for CPF grants as an amendment to the current grant award. This form will be part of the subawards that will be issued for the upcoming BEAD subgrants. We are currently developing this form for all SLFRF grants to be sent out as an amendment. It is currently being reviewed for changes. Our goal is to have this form out as an amendment to all SLFRF subgrantees by June 1, 2024. Anticipated Completion Date: June 1, 2024 Contact Person: Name: Glen Howie Title: Director Agency: Department of Commerce, Arkansas State Broadband Office Address: 1 Commerce Way, Suite 601 City, State, Zip: Little Rock, AR 72202 Phone Number: 501-682-1123 Email Address: Glen.howie@arkansasEDC.com
View Audit 298801
Finding 386457 (2023-007)
Material Weakness 2023
State of Arkansas
AR
Procurement, Suspension & Debarment Subrecipient Monitoring § 200.214 § 200.302 § 200.303
Views of Responsible Officials and Planned Corrective Action: ASBO has made the registration at Sam.gov part of the application process that will be handled through the subgrant portal being developed with our new grants monitoring contractor. This will now be an electronic field that will be entere...
Views of Responsible Officials and Planned Corrective Action: ASBO has made the registration at Sam.gov part of the application process that will be handled through the subgrant portal being developed with our new grants monitoring contractor. This will now be an electronic field that will be entered by the subgrantee. The 3rd party administrator will be responsible for verifying the subgrant applicant Sam.gov registration is valid and active. Anticipated Completion Date: System anticipated go live Date: April 26, 2024 Contact Person: Name: Glen Howie Title: Director Agency: Department of Commerce, Arkansas State Broadband Office Address: 1 Commerce Way, Suite 601 City, State, Zip: Little Rock, AR 72202 Phone Number: 501-682-1123 Email Address: Glen.howie@arkansasEDC.com
View Audit 298801
Finding 386456 (2023-006)
Material Weakness 2023
State of Arkansas
AR
Questioned Costs Procurement, Suspension & Debarment Subrecipient Monitoring § 200.303 § 200.403
Views of Responsible Officials and Planned Corrective Action: ASBO has entered a contract with a new 3rd party administrator to provide oversight for all subgrant awardees. This contact is active now. We developed our contract to ensure improved monitoring for expenditures and verification of receip...
Views of Responsible Officials and Planned Corrective Action: ASBO has entered a contract with a new 3rd party administrator to provide oversight for all subgrant awardees. This contact is active now. We developed our contract to ensure improved monitoring for expenditures and verification of receipts. Also, we are in the process of developing a portal which will allow this contractor and ASBO to have full access to all documents from subgrantees. Our new vendor does have prior experience with subgrants management. In addition, ASBO commits internally to the following: • We will monitor all capital purchases when the invoices are received at our office. • We will pull a random sample of five invoices per month and conduct our own review of expenses. Views of Responsible Officials and Planned Corrective Action (Continued): Highlights for the Baker contract: ASBO’s broadband grant program management vendor-partner, Michael Baker International (MBI), is contracted for the following activities and deliverables: • Developing the workflow, process, and online forms that facilitate project monitoring and expense reimbursement. • Responsible for pursuing and documenting additional information required for project monitoring and reimbursement activities. These activities shall be completed within the framework of the Broadband Grants Project Monitoring and Reimbursement System (see below for details) and not through external email or other document exchange system. • Develop and apply standardized naming conventions for all project documents that will be maintained throughout the life of the project. Documents shall be stored in a manner that promotes transparency and facilities ease of use by auditors. • Take all reasonable measures to ensure grant activities are implemented in a manner that ensures transparency, accountability, and oversight sufficient to (1) minimize the opportunity for waste, fraud, and abuse; (2) ensure that subrecipients use funds to further the objectives of Federal programs and the Arkansas State Broadband Office; and (3) allow the public to understand and monitor subgrants awarded under the program. • Ensuring all reimbursement activity complies with Federal requirements, including Section 60102 of the Infrastructure Act, 2 C.F.R. Part 200 and any supplemental guidance issued by the Federal government. • Responsible for knowing what constitutes eligible and ineligible expenses under both state and Federal rules. • Provide education and guidance to subrecipients and the ASBO on key oversight and compliance requirements. • Ensure payment activities follow all state and Federal policies and procedures. Contractor acknowledges policies may change over the life of the contract. • Identify policies the ASBO is required to adopt and assist in drafting those policies to ensure ASBO compliance with Federal regulations. • Assist the Arkansas State Broadband Office in enforcing program rules and laws and imposing penalties for nonperformance, failure to meet statutory obligations, or wasteful, fraudulent, or abusive expenditure of funds. Such penalties include, but are not limited to, imposition of additional award conditions, payment suspension, award suspension, grant termination, de-obligation/clawback of funds, and debarment of organizations and/or personnel. Views of Responsible Officials and Planned Corrective Action (Continued): • Conduct audits of subrecipients as are necessary and appropriate. Contractor shall report the results of any audits it conducts to the Arkansas State Broadband Office. • Develop a template contract for subrecipients, specifying key terms including contract length, performance standards, construction and service rollout schedules, competitive access requirements, regulatory compliance requirements, environmental controls, grant reporting and data sharing requirements, monitoring and oversight procedures, and penalties for non-compliance. • Retain and provide to the Arkansas State Broadband Office upon request all records, documents, and communications of any kind that relates in any manner to grant awards and project procurement, performance, and reimbursement. This data shall be labeled and stored in a manner that promotes transparency and facilitates ease of use by auditors. Additionally, MBI is building two new systems for ASBO and subgrantee use: 1. Broadband Grants Project Monitoring and Reimbursement System 2. Grant Application Submission, Evaluation, Award, and Appeal System These systems will have the following features: • Facilitate inputs, responses, data gathering, analysis, and adjudication decision recommendations and subsequent documentation of payment decisions for the Arkansas State Broadband Office’s final approval. • Provide a secure mechanism for grant applications and safeguard protected, proprietary, and other confidential information. • Assign a unique identifier to each application and each project. Contractor shall develop and apply a standardized naming convention to all applications and associated documents that will be maintained throughout award, technical review, project monitoring, and project closing. Documents shall be named and stored in a manner that facilitates ease of use by auditors. • System shall exhibit built-in quality controls, such as pre-screening, that assist applicants in submitting applications that meet all minimal requirements for consideration (such as requiring a SAM number). • MBI shall be responsible for pursuing and documenting additional information required for clarification of submitted applications, technical reviews of applications, and project monitoring Views of Responsible Officials and Planned Corrective Action (Continued): • and reimbursement activities. These activities shall be completed within the framework of the Grant Application Submission, Evaluation, Award, and Appeal System or the Broadband Grants Project Monitoring and Reimbursement System and not through external email or other document exchange systems. Anticipated Completion Date: System anticipated go live Date: April 26, 2024 Contact Person: Name: Glen Howie Title: Director Agency: Department of Commerce, Arkansas State Broadband Office Address: 1 Commerce Way, Suite 601 City, State, Zip: Little Rock, AR 72202 Phone Number: 501-682-1123 Email Address: Glen.howie@arkansasEDC.com
View Audit 298801 Questioned Costs: $1
Finding 386455 (2023-005)
Significant Deficiency 2023
State of Arkansas
AR
Questioned Costs Subrecipient Monitoring Eligibility § 200.303 § 200.516
Views of Responsible Officials and Planned Corrective Action: Due to the health concerns of the pandemic as well as unprecedented claims volume, claimants were not required to come into a local office for identity verification, the waiting week was waived for 2020, and the requirements for work sear...
Views of Responsible Officials and Planned Corrective Action: Due to the health concerns of the pandemic as well as unprecedented claims volume, claimants were not required to come into a local office for identity verification, the waiting week was waived for 2020, and the requirements for work search were adjusted in order to protect employees and claimants. Before the pandemic, all claimants were required to come to the local office to verify their identity. Removing these process controls resulted in several consequences as itemized below: • By waiving the waiting week, the claimant was able to receive payment the following week. For example, a fraudster could file a claim on Friday, then receive payment on Sunday, removing the typical week that an employer would respond to validate the separation from employment. • The information mailed to the employer and claimant were not received before payments were made due to the lack of waiting week. • Businesses were closed at that time and did not respond to the unemployment paperwork timely to report fraudulent claims. • Identity theft fraudsters often changed the address of the individuals for which they had filed claims in order to prevent the victims from being notified and reporting the fraud. In 2020, the work search requirement was reinstated. In 2021, all claimants had to verify their identity in-person at the local office before the claim was opened for a regular unemployment claim. The UIdentify program was utilized for identity verification for the PUA claims filed after January 1, 2021. The waiting week was reinstated in January 2021, which lengthened the time period for employers to respond before payment was issued. In addition, Internal Audit created the Fraud Investigation Unit and hired additional staff to focus on investigating the identity theft fraud claims. When the perpetrator is identified, a determination is issued and an overpayment is established in the perpetrator’s name/SSN for collection. The NASWA Integrity Data Hub (IDH) crossmatch was implemented in July 2020 as well in an effort to identify additional fraudulent claims for investigation. ADWS was the first UI program to implement 2 projects with the Department of Labor for identity verification. One is using Login.gov and the other involves the United States Postal Service where they verify the identity of claimants for using multifactor authentication and in person presentation of ID. The Login.gov pilot started in 2022 and the USPS pilot project started in 2023. 1. The Login.gov project uses the current system that Federal agencies use to verify identity and went into service in Arkansas as of March 2022. A link is given to the claimant, when they select verify ID through login.gov and go through the steps to verify their identity through the federal government system. If they are approved, we are sent an IA2 verification to the UI processing system to allow staff to match back to the claim to prove ID verification. 2. The United States Postal Service project, implements in Arkansas March 2023, offers the claimant the same link as Login.gov, but grants the additional option to verify their identity at any US Post Office in the country. A barcode is created and must be taken with a valid government-issued ID (they are given examples) along with proof of current address to the post office in person. If they are approved, we are sent an IA2 verification to the UI processing system to allow staff to match back to the claim to prove ID verification. Anticipated Completion Date: Corrective action was taken for the controls the ALA staff recommended. Contact Person: Name: Sheri Rooney Title: Program Administrator Agency: Division of Workforce Services Address: 2 Capitol Mall City, State, Zip: Little Rock, AR 72201 Phone Number: 501-682-3382 Email Address: Sheri.Rooney@arkansas.gov
View Audit 298801 Questioned Costs: $1
Finding 386454 (2023-004)
Material Weakness 2023
State of Arkansas
AR
Procurement, Suspension & Debarment Subrecipient Monitoring Matching / Level of Effort / Earmarking § 200.214 § 200.303
Views of Responsible Officials and Planned Corrective Action: Department of Human Services Response DHS concurs with the finding. The SNP database has been updated to reflect that a National Disqualified List (NDL) search was run on the 15 providers that were reviewed. The Health and Nutrition Uni...
Views of Responsible Officials and Planned Corrective Action: Department of Human Services Response DHS concurs with the finding. The SNP database has been updated to reflect that a National Disqualified List (NDL) search was run on the 15 providers that were reviewed. The Health and Nutrition Unit for the Office of Early Childhood conducted a staff training on the written application procedure with an emphasis on performing and documenting NDL searches prior to approval of the application. (Note: Effective August 1, 2023, DHS DCCECE has transitioned to Arkansas Department of Education.) Arkansas Department of Education Response Arkansas Department of Education’s Office of Early Childhood, Health and Nutrition unit conducted training December 2023 and continues to maintain staff training on the written application procedure to ensure providers are reviewed against the National Disqualified List (NDL) database and prior to approval. Anticipated Completion Date: Department of Human Services Response Complete Arkansas Department of Education Response Continuous Contact Person: Name: Pamela Burton Title: Director, Health and Nutrition Unit, Division of Elementary and Secondary Education Agency: Arkansas Department of Education Address: 700 Main Street, Room 1216 City, State, Zip: Little Rock, AR, 72203 Phone Number: 501-320-8978 Email Address: Pamela.Burton@ade.arkansas.gov
View Audit 298801
Finding 386440 (2023-004)
Significant Deficiency 2023
T.a. Lawson State Community College
AL
Subrecipient Monitoring Reporting Significant Deficiency § 200.328
Management’s Response: The College will strengthen its policies and procedures to ensure documentation of review and approvals for reporting to ensure reporting compliance. Anticipated Completion Date: February 28, 2024
Management’s Response: The College will strengthen its policies and procedures to ensure documentation of review and approvals for reporting to ensure reporting compliance. Anticipated Completion Date: February 28, 2024
View Audit 298782
Galva Community Unit School District No. 224
IL
Questioned Costs Subrecipient Monitoring Cash Management § 200.305
Condition - The District's expenditure report filed for June 30, 2023 included expenditures that were not disbursed as of June 30, 2023. These amounts were not reported as committed or obligated and were not liquidated within 90 days of the end of the fiscal year. Plan - Management will monitor exp...
Condition - The District's expenditure report filed for June 30, 2023 included expenditures that were not disbursed as of June 30, 2023. These amounts were not reported as committed or obligated and were not liquidated within 90 days of the end of the fiscal year. Plan - Management will monitor expenditure reports to ensure that amounts claimed have been disbursed prior to submitting the report or included them as obligated. Anticipated Date of Completion - June 30, 2024. Management Response - There is no disagreement with this finding and management will monitor all future federal reimbursement requests. Committed or obligated expenditures will be reported appropriately, and will be liquidated within 90 days of the end of the fiscal year.
View Audit 298743 Questioned Costs: $1
« 1 288 289 291 292 480 »