FAC Explorer

Corrective Action Plans

Browse how organizations respond to audit findings

Total CAPs
58,279
In database
Filtered Results
12,520
Matching current filters
Showing Page
468 of 501
25 per page

Filters

Clear
Active filters: Subrecipient Monitoring
Finding 23961 (2022-016)
Material Weakness 2022
City of Baltimore, Maryland
MD
Questioned Costs Subrecipient Monitoring Allowable Costs / Cost Principles § 200.303 § 200.309
Finding 2022-016 U.S. Department of Health and Human Services AL No. 93.767 Children?s Health Insurance Program (CHIP) Material Weakness Over Compliance and Internal Control over Period of Performance Repeat Finding: Yes Auditee?s Corrective Action Plan: BCHD will implement controls to al...
Finding 2022-016 U.S. Department of Health and Human Services AL No. 93.767 Children?s Health Insurance Program (CHIP) Material Weakness Over Compliance and Internal Control over Period of Performance Repeat Finding: Yes Auditee?s Corrective Action Plan: BCHD will implement controls to allow only costs within the period of performance to be charged to a grant. BCHD will ensure that if there are any exceptions that allow for costs to be charged outside the period of performance, the proper supporting documents will be kept. Baltimore City's new financial system, Workday, allows for all supporting documentation to be kept electronically in one system. Policies and procedures for internal controls will be updated to incorporate processes in Workday and the accounting staff will be trained appropriately. Contact Person: Chief Financial Officer ? Unyime Ekpa Completion Date: December 2023
View Audit 23759 Questioned Costs: $1
Finding 23949 (2022-002)
Significant Deficiency 2022
Metro Towers, Inc. St. James Place
MO
Questioned Costs HUD Housing Programs Special Tests & Provisions
Finding 2022-002 Responsible Party Name: Fred Gibbs Position: President ? Management Agent Telephone Number: 913-709-1811 Federal Agency U.S. Department of Housing and Urban Development Federal Program Mortgage Insurance for Purchase or Refinancing of Existing Multifamily Rental Housing (Section 207...
Finding 2022-002 Responsible Party Name: Fred Gibbs Position: President ? Management Agent Telephone Number: 913-709-1811 Federal Agency U.S. Department of Housing and Urban Development Federal Program Mortgage Insurance for Purchase or Refinancing of Existing Multifamily Rental Housing (Section 207/223(F)) Compliance Requirements N ? Special Tests and Provisions Finding Type Federal Awards Auditee?s Comment on Finding We agree with the auditor?s finding. Corrective Action We will deposit the shortfall of $868 into the reserve for replacement account, as soon as possible. We will also deposit the shortfall for 2019, 2020, and 2021 once funds become available. We will follow our process to deposit and reconcile the reserve for replacement account on a monthly basis. Anticipated Completion Date June 30, 2023
View Audit 19875 Questioned Costs: $1
Finding 23948 (2022-001)
Material Weakness 2022
Metro Towers, Inc. St. James Place
MO
HUD Housing Programs Special Tests & Provisions Procurement, Suspension & Debarment
CORRECTIVE ACTION PLAN FOR THE YEAR ENDED DECEMBER 31, 2022 Title 2, U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), Subpart F, Section 511 ? Audit Findings Follow-up requires the auditee t...
CORRECTIVE ACTION PLAN FOR THE YEAR ENDED DECEMBER 31, 2022 Title 2, U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), Subpart F, Section 511 ? Audit Findings Follow-up requires the auditee to prepare a corrective action plan to address each audit finding included in the current year auditor?s reports. The Corrective Action Plan for Current Year Findings present our corrective action plan for the Financial Statement and/or Federal Award Findings described in the accompanying Schedule of Findings and Questioned Costs for the period ended December 31, 2022. Finding 2022-001 Responsible Party Name: Fred Gibbs Position: President ? Management Agent Telephone Number: 913-709-1811 Federal Agency U.S. Department of Housing and Urban Development Federal Program Mortgage Insurance for Purchase or Refinancing of Existing Multifamily Rental Housing (Section 207/223(F)) Compliance Requirements N ? Special Tests and Provisions Finding Type Financial Statement and Federal Awards Auditee?s Comment on Finding We agree with the auditor?s finding. Corrective Action We will follow our policies and procedures to ensure that our accounting records are kept accurate and complete, and a responsible official will review and sign off on the monthly financial statements. Anticipated Completion Date June 30, 2023
View Audit 19875
Finding 23925 (2022-024)
Significant Deficiency 2022
City of Baltimore, Maryland
MD
Questioned Costs Subrecipient Monitoring Allowable Costs / Cost Principles § 200.303 § 200.309
Finding 2022-024 U.S. Department of Health and Human Services AL No. 93.977 Totally Sexually Transmitted Diseases (STD) Prevention and Control Grants Significant Deficiency in Compliance and Internal Control over Period of Performance Repeat Finding: No Auditee?s Corrective Action Plan: B...
Finding 2022-024 U.S. Department of Health and Human Services AL No. 93.977 Totally Sexually Transmitted Diseases (STD) Prevention and Control Grants Significant Deficiency in Compliance and Internal Control over Period of Performance Repeat Finding: No Auditee?s Corrective Action Plan: BCHD will implement controls to allow only costs within the period of performance to be charged to the correct grant period within the general ledger. BCHD will ensure that if there are any exceptions that allow for costs to be charged outside the period of performance, the proper supporting documents will be kept. Baltimore City's new financial system, Workday, allows for all supporting documentation to be kept electronically in one system. Policies and procedures for internal controls will be updated to incorporate processes in Workday and the accounting staff will be trained appropriately. Contact Person: Chief Financial Officer ? Unyime Ekpa Completion Date: December 2023
View Audit 23759 Questioned Costs: $1
City of Baltimore, Maryland
MD
Reporting Subrecipient Monitoring Matching / Level of Effort / Earmarking § 200.303 § 200.414 § 200.502 § 200.508 § 200.510
Finding 2022-006 Programs: All Material Weakness over Schedule of Expenditures of Federal Awards (SEFA) Reporting Repeat Finding: Yes Auditee?s Corrective Action Plan: The City has purchased Workday, an Enterprise Resource Planning (ERP) system, and implemented the software with the assistanc...
Finding 2022-006 Programs: All Material Weakness over Schedule of Expenditures of Federal Awards (SEFA) Reporting Repeat Finding: Yes Auditee?s Corrective Action Plan: The City has purchased Workday, an Enterprise Resource Planning (ERP) system, and implemented the software with the assistance of Accenture consultants. Although Workday is ?live? as of August 2022, the City is currently working to refine the software and fully utilize functionality. The Workday grants modules requires the grant funding source be defined prior to grant approval and fields are available for the AL titles and numbers and sub-recipients? information. The implementation of the Workday grants modules centralizes much of the grant management function by requiring the agencies to upload the grant documents into Workday. The City has: ? Held weekly meetings for two years with agency grant representatives to design and configure the Workday grant module. ? Uploaded the grant award, sponsor information and grant budget data into a Workday. ? Implemented a ?new grant? request which uses a Workday business process. ? In the process of reviewing and correcting recoverable costs per grant award so it is properly reported. Contact Person: Michael Moiseyev, Chief Financial Officer, Baltimore City. Completion Date: June 2024
View Audit 23759
Finding 23871 (2022-004)
Significant Deficiency 2022
Northwest Oregon Housing Authority
OR
HUD Housing Programs Subrecipient Monitoring Significant Deficiency
2021-004 Housing Voucher Cluster ? Assistance Listing No. 14.871 Recommendation: The Authority should review their HQS inspection policies to ensure that all repairs are made timely and if not, that the necessary actions are taken by the Authority. Explanation of disagreement with audit finding: The...
2021-004 Housing Voucher Cluster ? Assistance Listing No. 14.871 Recommendation: The Authority should review their HQS inspection policies to ensure that all repairs are made timely and if not, that the necessary actions are taken by the Authority. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: NOHA has reviewed its updated HQS policies, including its HQS enforcement policies. NOHA continues to refine software functionality and reporting to monitor HQS repair due dates, and to take action when necessary. Name(s) of the contact person(s) responsible for corrective action: Sandra Soucie, HCV Manager, HCVManager@nwoha.org Planned completion date for corrective action plan: 3/31/2023
View Audit 19862
Finding 23860 (2022-023)
Significant Deficiency 2022
City of Baltimore, Maryland
MD
Reporting Subrecipient Monitoring Period of Performance § 200.302 § 200.303
Finding 2022-023 U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Significant Deficiency in Compliance and Internal Control Over Reporting Repeat Finding: No Auditee?s Corrective Action Plan: BCHD will implement controls to maint...
Finding 2022-023 U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Significant Deficiency in Compliance and Internal Control Over Reporting Repeat Finding: No Auditee?s Corrective Action Plan: BCHD will implement controls to maintain compliance with reporting requirements. BCHD will continue to work with the Department of Finance to ensure parameters for generating reports are the same and there is an agreed upon reconciliation when the parameters for reporting are not the same. Policies and procedures will be updated to ensure what is reported on 440 Reports are reconciled to general ledger details in addition to ensuring all submitted reports have proper approvals documented. Accounting staff will be trained appropriately. Contact Person: Chief Financial Officer ? Unyime Ekpa Completion Date: December 2023
View Audit 23759
Finding 23859 (2022-022)
Material Weakness 2022
City of Baltimore, Maryland
MD
Questioned Costs Reporting Subrecipient Monitoring § 200.303 § 200.309
Finding 2022-022 U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness over Period of Performance Repeat Finding: Yes Auditee?s Corrective Action Plan: BCHD will implement controls to allow only costs within the peri...
Finding 2022-022 U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness over Period of Performance Repeat Finding: Yes Auditee?s Corrective Action Plan: BCHD will implement controls to allow only costs within the period of performance to be charged to a grant. BCHD will ensure that if there are any exceptions that allow for costs to be charged outside the period of performance, the proper supporting documents will be kept. Baltimore City's new financial system, Workday, allows for all supporting documentation to be kept electronically in one system. Policies and procedures for internal controls will be updated to incorporate processes in Workday and the accounting staff will be trained appropriately. Contact Person: Chief Financial Officer ? Unyime Ekpa Completion Date: December 2023
View Audit 23759 Questioned Costs: $1
Finding 23858 (2022-021)
Material Weakness 2022
City of Baltimore, Maryland
MD
Cash Management Subrecipient Monitoring § 200.303 § 200.305
Finding 2022-021 U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness over Cash Management Repeat Finding: Yes Auditee?s Corrective Action Plan: The process for requesting drawdowns begins with the fiscal team manag...
Finding 2022-021 U.S. Department of Health and Human Services AL No. 93.940 HIV Prevention Activities Health Department Based Material Weakness over Cash Management Repeat Finding: Yes Auditee?s Corrective Action Plan: The process for requesting drawdowns begins with the fiscal team managing the grant. A member of BCHD's fiscal team enters the drawdown request into the Federal Payment Management System (PMX). Baltimore City's treasury department is notified. After BCHD's fiscal team enters the request into PMX, there is no control over the timing of when the funds are received and when the funds are posted to the GL, as this is the responsibility of the City's Treasury department. BCHD will continue to work with the Department of Finance to ensure parameters for generating reports are the same and there is an agreed upon reconciliation when the parameters for reporting are not the same. Contact Person: Chief Financial Officer ? Unyime Ekpa Completion Date: December 2023
View Audit 23759
Finding 23842 (2022-020)
Material Weakness 2022
City of Baltimore, Maryland
MD
Cash Management Subrecipient Monitoring § 200.303 § 200.305
Finding 2022-020 U.S. Department of Health and Human Services AL No. 93.914 HIV Prevention Activities Health Department Based Material Weakness over Cash Management Repeat Finding: Yes Auditee?s Corrective Action Plan: The process for requesting drawdowns begins with the fiscal team managing...
Finding 2022-020 U.S. Department of Health and Human Services AL No. 93.914 HIV Prevention Activities Health Department Based Material Weakness over Cash Management Repeat Finding: Yes Auditee?s Corrective Action Plan: The process for requesting drawdowns begins with the fiscal team managing the grant. A member of BCHD's fiscal team enters the drawdown request into the Federal Payment Management System (PMX). Baltimore City's treasury department is notified. After BCHD's fiscal team enters the request into PMX, there is no control over the timing of when the funds are received and when the funds are posted to the GL, as this is the responsibility of the City's Treasury department. BCHD will continue to work with the Department of Finance to ensure parameters for generating reports are the same and there is an agreed upon reconciliation when the parameters for reporting are not the same. Contact Person: Chief Financial Officer ? Unyime Ekpa Completion Date: December 2023
View Audit 23759
Finding 23789 (2022-010)
Material Weakness 2022
City of Baltimore, Maryland
MD
Subrecipient Monitoring § 200.303 § 200.330
Finding 2022-010 U.S. Department of Housing and Urban Development (HUD) AL No. 14.241 Housing Opportunities for Persons with AIDS Material Weakness over Subrecipient Monitoring Repeat Finding: Yes Auditee?s Corrective Action Plan: MOHS follows a recordkeeping process for its inspections. Ins...
Finding 2022-010 U.S. Department of Housing and Urban Development (HUD) AL No. 14.241 Housing Opportunities for Persons with AIDS Material Weakness over Subrecipient Monitoring Repeat Finding: Yes Auditee?s Corrective Action Plan: MOHS follows a recordkeeping process for its inspections. Inspection checklists are maintained in the participant records by calendar year. In some cases, the inspection may fall outside of when the participants annual recertification is due. During reviews, MOHS management will ensure that the staff are clear about providing inspection checklist for both years identified in the review period and not just the inspection for the annual recertification year. Additionally, during the period of review, the Inspections team experienced challenges with connecting into the City?s VPN system. Due to the connectivity issues, MOHS was not able to perform its inspections as required. MOHS has started the process to correct the connectivity issues. MOHS will be upgrading its? housing database to the web-based version. The new version will not require VPN access through Baltimore City?s network. The inspections team will be able to connect to the housing database via the web. MOHS anticipates the new database upgrade to be in place by Summer 2023. Contact Person: Compliance Supervisor ? Donata Patrick Completion Date: July 2023
View Audit 23759
Finding 23788 (2022-011)
Significant Deficiency 2022
City of Baltimore, Maryland
MD
Subrecipient Monitoring Cash Management HUD Housing Programs § 200.303
Finding 2022-011 US Department of Housing and Urban Development AL No. 14.241 Housing Opportunities for Persons with AIDS Significant Deficiency over Special Tests - Housing Quality Standards- Housing Opportunities for Persons with AIDS Repeat Finding: No Auditee?s Corrective Action Plan: MOH...
Finding 2022-011 US Department of Housing and Urban Development AL No. 14.241 Housing Opportunities for Persons with AIDS Significant Deficiency over Special Tests - Housing Quality Standards- Housing Opportunities for Persons with AIDS Repeat Finding: No Auditee?s Corrective Action Plan: MOHS follows a recordkeeping process for its inspections. Inspection checklists are maintained in the participant records by calendar year. In some cases, the inspection may fall outside of when the participants annual recertification is due. During reviews, MOHS management will ensure that the staff are clear about providing inspection checklist for both years identified in the review period and not just the inspection for the annual recertification year. Additionally, during the period of review, the Inspections team experienced challenges with connecting into the City?s VPN system. Due to the connectivity issues, MOHS was not able to perform its inspections as required. MOHS has started the process to correct the connectivity issues. MOHS will be upgrading its? housing database to the web-based version. The new version will not require VPN access through Baltimore City?s network. The inspections team will be able to connect to the housing database via the web. MOHS anticipates the new database upgrade to be in place by Summer 2023. Contact Person: Compliance Supervisor ? Donata Patrick Completion Date: July 2023
View Audit 23759
Finding 23723 (2022-002)
Material Weakness 2022
Snoqualmie Pass Utility District
WA
Procurement, Suspension & Debarment Subrecipient Monitoring
The District is now aware that the District is required to run a debarment check on a vendor and can not rely on the fact that a vendor being listed on the WA DES is eligible to receive federal dollars.
The District is now aware that the District is required to run a debarment check on a vendor and can not rely on the fact that a vendor being listed on the WA DES is eligible to receive federal dollars.
View Audit 18237
Finding 23714 (2022-038)
Significant Deficiency 2022
State of Michigan
MI
Reporting Subrecipient Monitoring
Finding 2022-038 WIOA Cluster, ALN 17.258, 17.259, and 17.278 - FFATA Reporting Management Views LEO agrees with the finding. Planned Corrective Action LEO Finance will implement a tracking log to record FFATA reporting deadlines and will send reminders to staff on upcoming deadlines. In addition,...
Finding 2022-038 WIOA Cluster, ALN 17.258, 17.259, and 17.278 - FFATA Reporting Management Views LEO agrees with the finding. Planned Corrective Action LEO Finance will implement a tracking log to record FFATA reporting deadlines and will send reminders to staff on upcoming deadlines. In addition, LEO Finance will establish a timeline with staff responsible for FFATA reporting that allows ample time for supervisory review and approval prior to submission. Anticipated Completion Date September 30, 2023 Responsible Individual(s) Lora MacKay, LEO
View Audit 20093
Finding 23713 (2022-010)
Significant Deficiency 2022
State of Michigan
MI
Subrecipient Monitoring Cash Management Internal Control / Segregation of Duties § 200.303
Finding 2022-010 MARS User Access Management Views The Department of Labor and Economic Opportunity (LEO) agrees with the finding. LEO Administrative Services continues to experience challenges related to staffing shortages and competing priorities but recognizes the importance of maintaining sound...
Finding 2022-010 MARS User Access Management Views The Department of Labor and Economic Opportunity (LEO) agrees with the finding. LEO Administrative Services continues to experience challenges related to staffing shortages and competing priorities but recognizes the importance of maintaining sound access controls over the Michigan Administrative Review System (MARS). Accordingly, within LEO Administrative Services, the LEO Internal Controls Unit will assist the LEO Finance Unit in the interim with implementing corrective action until a permanent assignment is made. Planned Corrective Action LEO Administrative Services will continue to work with LEO Workforce Development to correct these exceptions. LEO will establish and fully implement a policy, procedure, and routine that addresses the following: a. Ensuring that LEO reviews MARS user access semiannually for privileged accounts or annually for all other accounts. b. Ensuring timely disabling of inactive user accounts (those not accessed in over 60 days). Anticipated Completion Date September 30, 2023 Responsible Individual(s) Lora MacKay, LEO Allen Williams, LEO
View Audit 20093
Finding 23712 (2022-037)
Significant Deficiency 2022
State of Michigan
MI
Subrecipient Monitoring § 200.332
Finding 2022-037 Crime Victim Assistance, ALN 16.575 - Risk Assessment and During-the-Award Monitoring Management Views MDHHS agrees with the finding. Planned Corrective Action For part a., MDHHS included the grant agreement identified in the fiscal year 2023 monitoring plan. MDHHS will evaluate ...
Finding 2022-037 Crime Victim Assistance, ALN 16.575 - Risk Assessment and During-the-Award Monitoring Management Views MDHHS agrees with the finding. Planned Corrective Action For part a., MDHHS included the grant agreement identified in the fiscal year 2023 monitoring plan. MDHHS will evaluate current monitoring procedures and make updates, if necessary, to improve documentation of monitoring activity. For the grantees identified that only receive an administrative portion of VOCA funds, MDHHS has initiated the process to provide the grantees with access to the U.S. Department of Justice (DOJ) Office for Victims of Crime (OVC) reporting website. MDHHS is working with DOJ OVC to determine reporting elements for the administrative awards and will work with grantees to implement the required reporting elements. For part b., MDHHS will revise risk assessment and monitoring plan procedures to include all awards issued during the fiscal year. Anticipated Completion Date a. December 30, 2023 b. October 1, 2023 Responsible Individual(s) a. Twanisha Glass and Patsy Baker, MDHHS b. Tonya Avery, MDHHS
View Audit 20093
Finding 23711 (2022-036)
Significant Deficiency 2022
State of Michigan
MI
Eligibility Subrecipient Monitoring § 200.303
Finding 2022-036 Crime Victim Assistance, ALN 16.575 - Subrecipient Eligibility Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS Division of Victim Services (DVS) has distributed a comprehensive checklist to all Victims of Crime Act (VOCA) grant applicants that will...
Finding 2022-036 Crime Victim Assistance, ALN 16.575 - Subrecipient Eligibility Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS Division of Victim Services (DVS) has distributed a comprehensive checklist to all Victims of Crime Act (VOCA) grant applicants that will require certification of eligibility for funding by the applicant and DVS prior to awarding funds. This checklist has been incorporated into the rollover application for fiscal year 2024. Anticipated Completion Date The checklist will be certified by all grant applicants and DVS by October 1, 2023, for the fiscal year 2024 award period. Responsible Individual(s) Twanisha Glass, MDHHS Patsy Baker, MDHHS
View Audit 20093
Finding 23706 (2022-035)
Significant Deficiency 2022
State of Michigan
MI
Subrecipient Monitoring Reporting
Finding 2022-035 Community Development Block Grants/State?s Program, ALN 14.228 - FFATA Reporting Management Views MSF agrees with the finding. Planned Corrective Action MSF subsequently reported the two Community Development Block Grant subawards noted in the finding, and potential grantees are n...
Finding 2022-035 Community Development Block Grants/State?s Program, ALN 14.228 - FFATA Reporting Management Views MSF agrees with the finding. Planned Corrective Action MSF subsequently reported the two Community Development Block Grant subawards noted in the finding, and potential grantees are now required to have a Unique Entity Identifier as part of the grant application process. MSF also routinely reconciles the data that is reported in the Federal Subaward Reporting System to its financial and program reporting systems to ensure accuracy. MSF Financial Services will update existing procedures to ensure ongoing compliance with FFATA reporting requirements. In addition, MSF Financial Services will conduct supervisory oversight of the process, including a monthly comparison to the information reported on USASpending.gov to the monthly data upload file obtained from the MSF program reporting system to ensure accuracy, completeness, and timely submission. Anticipated Completion Date September 30, 2023 Responsible Individual(s) Alex Fox, MSF Paul Onan, MSF
View Audit 20093
Finding 23705 (2022-034)
Significant Deficiency 2022
State of Michigan
MI
Reporting Subrecipient Monitoring HUD Housing Programs
Finding 2022-034 Community Development Block Grants/State?s Program, ALN 14.228 - Timeliness of Performance Reporting Management Views MSHDA agrees with the finding. Planned Corrective Action To ensure timely submission of the Consolidated Annual Performance and Evaluation Report (CAPER), MSHDA w...
Finding 2022-034 Community Development Block Grants/State?s Program, ALN 14.228 - Timeliness of Performance Reporting Management Views MSHDA agrees with the finding. Planned Corrective Action To ensure timely submission of the Consolidated Annual Performance and Evaluation Report (CAPER), MSHDA will develop a multi-agency (MSHDA, MSF, MEDC, and MDHHS) Microsoft Teams schedule of action steps to ensure that the reporting deadline is met. This action step calendar will be created in a Microsoft Teams shared workspace. Each agency will be assigned tasks to complete in advance of the deadline, to ensure that the submission deadline is met. The action step schedule will include all items necessary to meet the reporting timeline of September 30 of each year. Action steps will begin the first week of July, with a draft CAPER due for public comment period in mid-August, and the public comment period occurring thereafter. Per the U.S. Department of Housing and Urban Development regulations, and MSHDA?s citizen participation plan, the public comment period is required for at least 15 days before the final CAPER is submitted. A final copy of the CAPER will be submitted within the Integrated Disbursement and Information System one week prior to the due date to ensure no delays occur. Anticipated Completion Date The Microsoft Teams action step calendar will be implemented by July 7, 2023. Responsible Individual(s) Tonya Joy, MSHDA
View Audit 20093
Finding 23703 (2022-002)
Significant Deficiency 2022
State of Michigan
MI
Internal Control / Segregation of Duties Subrecipient Monitoring Reporting § 200.303
Finding 2022-002 SIGMA High-Risk Activity Monitoring Management Views DTMB agrees with the finding. Planned Corrective Action DTMB immediately, after the issue was identified in August 2022, reinstated processes to review transactions that have been bypassed and overridden in SIGMA and perform tas...
Finding 2022-002 SIGMA High-Risk Activity Monitoring Management Views DTMB agrees with the finding. Planned Corrective Action DTMB immediately, after the issue was identified in August 2022, reinstated processes to review transactions that have been bypassed and overridden in SIGMA and perform tasks according to the requirements. Furthermore, DTMB will continue to review their self-imposed limit for the number of users that have access to perform authorized bypass and override actions in SIGMA for DMVA and MSP. Anticipated Completion Date Completed Responsible Individual(s) Brenda Sprunger, DTMB
View Audit 20093
Finding 23702 (2022-001)
Significant Deficiency 2022
State of Michigan
MI
Subrecipient Monitoring Significant Deficiency
Finding 2022-001 Confidential Information in SIGMA Management Views The Department of Military and Veterans Affairs (DMVA) and MSP disagree that confidential information was included in SIGMA. Follow-up with DTMB confirmed that user ID is not considered confidential data at the DTMB enterprise lev...
Finding 2022-001 Confidential Information in SIGMA Management Views The Department of Military and Veterans Affairs (DMVA) and MSP disagree that confidential information was included in SIGMA. Follow-up with DTMB confirmed that user ID is not considered confidential data at the DTMB enterprise level. Planned Corrective Action DTMB revised DTMB Administrative Policy 900.01 effective June 16, 2023. Anticipated Completion Date Completed Responsible Individual(s) Christine Apostol, DMVA Amanda Baker, MSP
View Audit 20093
Finding 23677 (2022-030)
Material Weakness 2022
State of Michigan
MI
Special Tests & Provisions Subrecipient Monitoring Material Weakness
Finding 2022-030 Food Distribution Cluster, ALN 10.565, 10.568, and 10.569 - Accountability for USDA Foods Management Views MDE agrees with the finding. During fiscal year 2022, MDE determined that The Emergency Food Assistance Program (TEFAP) State Plan was inefficient and discontinued reviewing e...
Finding 2022-030 Food Distribution Cluster, ALN 10.565, 10.568, and 10.569 - Accountability for USDA Foods Management Views MDE agrees with the finding. During fiscal year 2022, MDE determined that The Emergency Food Assistance Program (TEFAP) State Plan was inefficient and discontinued reviewing eligible recipient agencies (ERA) as outlined in the plan. MDE modified its TEFAP State Plan for fiscal year 2023 to be more reflective of TEFAP inventory movement and still meet the requirements of federal regulation 7 CFR 251.10(e). Planned Corrective Action MDE revised the fiscal year 2023 Michigan TEFAP State Plan, effective October 2022, to require MDE to review ERAs that are considered ?subdistributing agencies? onsite annually and all TEFAP ERAs to submit inventory records and TEFAP foods documentation to MDE as requested twice a year. The change was announced to TEFAP ERAs during the annual All Agency Meetings at the end of August 2022 and through follow up emails and communications. Anticipated Completion Date MDE has already completed the majority of fiscal year 2023 desk and on-site reviews under the revised process and will have completed all of the required fiscal year 2023 inventory reviews by July 31, 2023. Responsible Individual(s) Aimee Alaniz, MDE
View Audit 20093
Finding 23675 (2022-013)
Significant Deficiency 2022
State of Michigan
MI
Internal Control / Segregation of Duties Subrecipient Monitoring Cash Management § 200.303
Finding 2022-013 MDE, Security Management and Access Controls Management Views MDE agrees with the finding. Planned Corrective Action For part a.1., MDE has reviewed the security authorization process for the Grant Electronic Monitoring System (GEMS)/MARS with staff who can approve and modify user...
Finding 2022-013 MDE, Security Management and Access Controls Management Views MDE agrees with the finding. Planned Corrective Action For part a.1., MDE has reviewed the security authorization process for the Grant Electronic Monitoring System (GEMS)/MARS with staff who can approve and modify user accounts. MDE also provided the same staff with training in April 2023 to review the correct procedure to help ensure appropriate documentation is maintained. MDE no longer used the functionality to directly replace a user with another user at the beginning of fiscal year 2023 and the functionality was removed entirely in April of 2023. For part a.2., MDE has reviewed its established policies and procedures over the granting of access to the Next Generation Grant, Application and Cash Management System (NexSys) with staff and will continue to work to appropriately process forms according to policy guidelines and minimize human error. For part b., MDE will notify program office directors during the collection of the Semi-Annual Reviews of Privileged Users that failure to return the certification will result in deactivation of program office users. The next collection of the Semi-Annual Reviews of Privileged Users will be completed by June 30, 2023. For part c., as part of the Annual Certification of Non-Privileged users, MDE now requests all entities to review and update all active users in the Michigan Electronic Grants System Plus (MEGS+), NexSys, GEMS/MARS and Michigan Nutrition Data (MiND). Entities can then submit the certification indicating they have either reviewed their system users or that they do not have any users in the listed system. MDE implemented the first Annual Certification of Non-Privileged users on March 23, 2023 and the certification will be released again in late 2023. For part d., MDE received an exception from the DTMB Enterprise Technical Review Board for the control that would have required MDE to deactivate users after 60 days of inactivity. The exception was issued in November 2023 and now allows MDE to keep inactive users up to 18 months. Anticipated Completion Date a.1. Completed a.2. Ongoing b. June 30, 2023 c. Completed d. Completed Responsible Individual(s) Aimee Alaniz, MDE David Judd, MDE Spencer Simmons, MDE
View Audit 20093
Finding 23652 (2022-007)
Significant Deficiency 2022
State of Michigan
MI
Special Tests & Provisions Subrecipient Monitoring Matching / Level of Effort / Earmarking § 200.303
Finding 2022-007 ADP Security Program Management Views MDHHS agrees with part a. of the finding. MDHHS and DTMB disagree with parts b. and c. of the finding. For part b., for the first system identified, although DTMB did not proactively schedule an annual disaster recovery test, DTMB successfully...
Finding 2022-007 ADP Security Program Management Views MDHHS agrees with part a. of the finding. MDHHS and DTMB disagree with parts b. and c. of the finding. For part b., for the first system identified, although DTMB did not proactively schedule an annual disaster recovery test, DTMB successfully performed an actual failover and supporting documentation was provided to the auditors. The actual failover demonstrated that the disaster recovery plan (DRP) worked, was complete, and no delays were experienced in restoring the critical system, therefore DTMB did not perform additional testing activities and it was unnecessary to perform a separate review or update. For the second system identified, the DRP was tested in accordance with the SOM Standard and DTMB provided the auditors with supporting documentation that updates were made to the DRP within the SOM DRP repository. The State?s environment and data centers leverage an infrastructure that is comprised of fully redundant load balanced systems at alternate sites, data mirroring, and data replication to help ensure high availability. For part c, although MDHHS agrees that system security plans were not updated timely for the systems cited, MDHHS disagrees that effective controls were not implemented to ensure confidentiality, integrity, and availability of its automated data processing (ADP) information systems. MDHHS also disagrees that the security of critical systems was at risk by failing to mitigate potential vulnerabilities as described above. MDHHS has compensating controls in place to ensure confidentiality, integrity, and availability of its ADP information systems in addition to mitigating potential vulnerabilities. MDHHS monitors remediation of Plans of Actions and Milestones for all information systems even after expiration of the authority to operate. In addition, MDHHS is required to audit a portion of these systems (Community Health Automated Medicaid Processing System (CHAMPS), Bridges, Enterprise Common Controls) as part of responsibilities related to the Affordable Care Act and the Medicaid Expansion marketplace. Those audits are conducted to show compliance with federal information security and privacy requirements related to the data stored in those systems. In addition, 2 of the 3 ADP systems cited for not having an updated risk assessment are reviewed biennially through the Internal Control Evaluation process where control evidence is updated to demonstrate effectiveness of controls. Planned Corrective Action For part a., MDHHS will add the missing elements identified to the business continuity plan (BCP) and perform annual reviewing and testing of the BCP. For parts b. and c., MDHHS and DTMB disagree with the finding and do not intend to take further action. Anticipated Completion Date a. December 31, 2023 b. and c. Not applicable Responsible Individual(s) Jim Bowen, MDHHS Nathan Buckwalter, DTMB Heather Frick, DTMB Alana Lowe, MDHHS Jennifer Tate, MDHHS
View Audit 20093
Finding 23649 (2022-004)
Material Weakness 2022
State of Michigan
MI
Internal Control / Segregation of Duties Eligibility Material Weakness § 200.303
Finding 2022-004 Bridges Security Management and Access Controls Management Views MDHHS agrees with parts a., b., and d. through g. of the finding. MDHHS and DTMB disagree with part c. of the finding. For part c., although MDHHS and DTMB had not fully documented all database specific configuratio...
Finding 2022-004 Bridges Security Management and Access Controls Management Views MDHHS agrees with parts a., b., and d. through g. of the finding. MDHHS and DTMB disagree with part c. of the finding. For part c., although MDHHS and DTMB had not fully documented all database specific configuration standards until after the audit period, DTMB disagrees that during the audit period the system contained potentially vulnerable database configurations and disagrees that DTMB cannot ensure the security of the data. DTMB has been and continues to implement the manufacturer?s recommendations regarding security configurations. In addition, the databases reside in restricted trusted internal security zones, protected by firewalls, which are specific to each application and database, in conjunction with intrusion protection, antivirus software, and SOM standard security safeguards. Planned Corrective Action For parts a., d., and e., MDHHS will implement the Database Security Application (DSA) Bridges form which establishes a method to document user access request approval electronically and includes a semi-annual review of privileged users and an annual review of all users that is required to prevent automatic removal of access. For part b., MDHHS will prioritize updates to Bridges that will require the local office security coordinator (LOSC) to document security monitoring reports within Bridges alerts and generate a reminder to the LOSC and their manager to reconcile the report. Before the alert can be closed, the LOSC will be required to enter comments for actions taken and approve the report. For part c., DTMB developed an organization-wide framework for database security configuration management. For part f., MDHHS?s Economic Stability Administration (ESA) issued a revised memo on October 3, 2022, to Business Service Centers (BSCs) and local offices to reiterate the need for reviewing, documenting, and completing the required high-risk transaction reports timely. For part g., during February 2022, MDHHS?s Bridges Resource Center (BRC) revised their reconciliation process of high-risk transactions to comply with the changed policy requirements and ensure separate reviews are performed for each type of high-risk transaction. MDHHS?s ESA issued a revised memo on July 11, 2022, to address changes made for non-BRC Central Office staff transactions to reiterate the need for reviewing, documenting, and completing the required high-risk transactions timely. Also, an email reminder is sent out two days prior to the high-risk transaction report due date to help ensure timeliness of the reviews. Anticipated Completion Date a, d., and e. MDHHS anticipates the first phase of the DSA Bridges form will be implemented by October 2023 as a pilot and then roll out statewide with full automation by September 2024. Semi-annual and annual reviews will begin 6 months and 12 months, respectively, from the time each DSA Bridges form is implemented for each respective user. b. August 2024 c. DTMB anticipates having compliance documentation by September 30, 2023. f. Completed with ongoing monitoring. g. Completed Responsible Individual(s) a., b., d., and e. Deon Nelson, MDHHS c. Nathan Buckwalter, DTMB f. MDHHS ESA and BSC Directors g. Todd Gore and Russell Gruber, MDHHS
View Audit 20093
« 1 466 467 469 470 501 »