FAC Explorer

Corrective Action Plans

Browse how organizations respond to audit findings

Total CAPs
51,702
In database
Filtered Results
10,975
Matching current filters
Showing Page
66 of 439
25 per page

Filters

Clear
Active filters: Subrecipient Monitoring
Finding 567757 (2024-012)
Material Weakness 2024
State of Michigan
MI
Questioned Costs Eligibility Subrecipient Monitoring § 200.516
Finding 2024-012 Medicaid Cluster, ALN 93.775, 93.777, and 93.778 and Children’s Health Insurance Program, ALN 93.767 - Beneficiary Eligibility Management Views MDHHS agrees with the identified exceptions for parts a. and c. of the finding. However, MDHHS disagrees that 3 Medicaid cases and 20 Chil...
Finding 2024-012 Medicaid Cluster, ALN 93.775, 93.777, and 93.778 and Children’s Health Insurance Program, ALN 93.767 - Beneficiary Eligibility Management Views MDHHS agrees with the identified exceptions for parts a. and c. of the finding. However, MDHHS disagrees that 3 Medicaid cases and 20 Children’s Health Insurance Program (CHIP) cases with MAGI determinations cited in part b. did not have case file documentation supporting the beneficiary eligibility determination. The Centers for Medicare and Medicaid Services (CMS) has determined that a reasonable compatibility indicator can be used for CMS audit purposes to determine if the attested income information was electronically verified for MAGI cases and MDHHS disagrees that documentation was not maintained to support the eligibility determination. The SOM MiIntegrate system communicates with various State and federal electronic trusted data sources and sends the information from these sources, along with the beneficiaries’ attested income, to the SOM MAGI Rules Engine where the MAGI eligibility determination is made. As part of the MAGI eligibility determination, a reasonable compatibility test is completed to determine if beneficiary/applicant attested income is within a specified percentage of the electronic trusted data sources or if the attested and verified income are below the threshold for the applicable program. The results of the MAGI eligibility determination are sent back to MiIntegrate using an Account Transfer (AT) packet that contains the results. MiIntegrate then communicates the results to the SOM MAGI Viewer and Bridges using an AT packet and Bridges stores the AT packet number only that can be used to view the details of the AT packet within the SOM MAGI Viewer. The version of the AT packet within the MAGI Viewer also contains a reasonable compatibility indicator that documents the outcome of the reasonable compatibility test and supports the SOM MAGI Rules Engine eligibility decision. MDHHS stores the AT packet information, including facts essential to the eligibility determination, within MiIntegrate and the MAGI Viewer instead of Bridges to help protect and secure the federal income tax data and unemployment data used for the determination. The AT packet for each individual determination can be retrieved from the MAGI Viewer using the AT packet number stored in each beneficiary’s case file within Bridges. MDHHS is not aware of any federal regulations that preclude MDHHS from storing this information in a separate system to help secure the data and restrict access as required by federal and state law. Planned Corrective Action To address the exceptions identified that are not related to MAGI-based income verification results, MDHHS has developed mandatory training protocols for eligibility workers and expects to have the first Medicaid audit focused mandatory training implemented by July 2025. MDHHS will continue to determine where additional training or enhancements to training are needed to ensure eligibility is accurately determined and documentation is properly maintained within the electronic case file. MDHHS disagrees it did not maintain case file documentation that supports the beneficiary eligibility determination for MAGI cases and does not intend to take further action. Anticipated Completion Date MDHHS will implement the first Medicaid audit focused training by July 2025. Responsible Individual(s) Logan Dreasky, MDHHS Mariah Schaefer, MDHHS
View Audit 360209 Questioned Costs: $1
Finding 567756 (2024-011)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring Reporting
Finding 2024-011 MDHHS - FFATA Reporting Management Views MDHHS agrees with the finding. Planned Corrective Action The MDHHS Bureau of Grants and Purchasing followed up with the subrecipients regarding unique entity identifier (UEI) account issues in the System for Award Management (SAM) and once ...
Finding 2024-011 MDHHS - FFATA Reporting Management Views MDHHS agrees with the finding. Planned Corrective Action The MDHHS Bureau of Grants and Purchasing followed up with the subrecipients regarding unique entity identifier (UEI) account issues in the System for Award Management (SAM) and once the issues were resolved, the subaward information was submitted. The MDHHS Federal Reporting Section will continue to help ensure the accuracy of the department’s Grants Received Report that is used by the MDHHS Bureau of Grants and Purchasing to report information in SAM. All data elements required to comply with federal funding requirements, such as the Federal Funding Accountability and Transparency Act (FFATA), have been added to the Grants Received Report. The MDHHS Federal Reporting Section will work with the MDHHS Bureau of Grants and Purchasing to develop a more comprehensive process to identify missing data that has not yet been communicated from the federal awarding agency, program area, or others. In the event data elements are missing from the report, the MDHHS Federal Reporting Section will follow up with the awarding agency, program area, or others to update the missing data elements within 30 days of receipt of the award. The MDHHS Bureau of Budget will confirm that a Program Period Code is included on the request form provided by the program office prior to the entry of grant agreements in the Electronic Grants Administration and Management System (EGrAMS). When reviewing grant agreements in EGrAMS, the MDHHS Bureau of Budget will confirm that pertinent coding elements are included prior to approval. In addition, the MDHHS Bureau of Budget will identify EGrAMS agreements with accounting templates that are not initially coded to federal funding, but contain a program code or task code that subsequently splits costs to a federal funding code, and work with the MDHHS Bureau of Grants and Purchasing to help ensure these agreements are included in the query used to obtain data for FFATA reporting. Anticipated Completion Date September 30, 2025 Responsible Individual(s) Jeanette Hensler, MDHHS Rebecca Jones, MDHHS Erik Eklund, MDHHS
View Audit 360209
Finding 567727 (2024-036)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring
Finding 2024-036 CCDF Cluster, ALN 93.575 and 93.596 - Subaward Information Management Views MiLEAP agrees with the finding. Planned Corrective Action MiLEAP is finalizing grant procedures for reviewing award documents, which will include utilizing a new grant template to help ensure all requireme...
Finding 2024-036 CCDF Cluster, ALN 93.575 and 93.596 - Subaward Information Management Views MiLEAP agrees with the finding. Planned Corrective Action MiLEAP is finalizing grant procedures for reviewing award documents, which will include utilizing a new grant template to help ensure all requirements are included on each award. Anticipated Completion Date July 1, 2025 Responsible Individual(s) Lisa Brewer-Walraven, MiLEAP Brandon Colby, MiLEAP
View Audit 360209
Finding 567726 (2024-035)
Material Weakness 2024
State of Michigan
MI
Subrecipient Monitoring Material Weakness Reporting
Finding 2024-035 CCDF Cluster, ALN 93.575 and 93.596 - FFATA Reporting Management Views MiLEAP and MDE agree with the finding. Planned Corrective Action MiLEAP will implement a process to ensure it submits subaward information as required by FFATA and federal guidance. Anticipated Completion Da...
Finding 2024-035 CCDF Cluster, ALN 93.575 and 93.596 - FFATA Reporting Management Views MiLEAP and MDE agree with the finding. Planned Corrective Action MiLEAP will implement a process to ensure it submits subaward information as required by FFATA and federal guidance. Anticipated Completion Date September 2025 Responsible Individual(s) Lora MacKay, MiLEAP
View Audit 360209
Finding 567716 (2024-031)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring § 200.332
Finding 2024-031 Twenty-First Century Community Learning Centers, ALN 84.287 - Program Fiscal Reviews Management Views The Michigan Department of Lifelong Education, Advancement, and Potential (MiLEAP) agrees with the finding. Planned Corrective Action In January 2025, MiLEAP assigned an auditor t...
Finding 2024-031 Twenty-First Century Community Learning Centers, ALN 84.287 - Program Fiscal Reviews Management Views The Michigan Department of Lifelong Education, Advancement, and Potential (MiLEAP) agrees with the finding. Planned Corrective Action In January 2025, MiLEAP assigned an auditor to conduct fiscal reviews to monitor activities of subrecipients of the Twenty-First Century Community Learning Centers program. Anticipated Completion Date Completed Responsible Individual(s) Lora MacKay, MiLEAP
View Audit 360209
Finding 567706 (2024-030)
Significant Deficiency 2024
State of Michigan
MI
Internal Control / Segregation of Duties Subrecipient Monitoring Reporting § 200.302
Finding 2024-030 Rehabilitation Services Vocational Rehabilitation Grants to States, ALN 84.126 - Accuracy of Financial Reports Management Views LEO agrees with the finding. Planned Corrective Action The LEO Finance Division will implement the following: 1. Improvements to documented procedures f...
Finding 2024-030 Rehabilitation Services Vocational Rehabilitation Grants to States, ALN 84.126 - Accuracy of Financial Reports Management Views LEO agrees with the finding. Planned Corrective Action The LEO Finance Division will implement the following: 1. Improvements to documented procedures for the Vocational Rehabilitation Financial Report (RSA-17) preparation to ensure consistency and accuracy of financial report submissions. 2. Specific RSA-17 training for applicable staff and management in order to enhance knowledge of reporting requirements. 3. An additional layer of management review on RSA-17 financial reports prior to submission. Anticipated Completion Date September 30, 2025 Responsible Individual(s) Heidi Parker, LEO Chris Johnson, LEO
View Audit 360209
Finding 567704 (2024-029)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring § 200.332
Finding 2024-029 Adult Education - Basic Grants to States, ALN 84.002 - During-the-Award Monitoring and Subaward Information Management Views LEO agrees with the finding. Planned Corrective Action For part a., the Adult Education - Basic Grants to States program (Adult Education) Workforce Innovat...
Finding 2024-029 Adult Education - Basic Grants to States, ALN 84.002 - During-the-Award Monitoring and Subaward Information Management Views LEO agrees with the finding. Planned Corrective Action For part a., the Adult Education - Basic Grants to States program (Adult Education) Workforce Innovation and Opportunity Act Regional Coordinators and Financial Specialist are currently finishing the review of the final narrative reports and final expenditure reports for each of the 92 subrecipients. These reviews will be completed by June 30, 2025. Other Adult Education staff will be cross trained to assist in the review process in case there are competing priorities in the future. For part b., once it was determined that the FAIN was incorrect on the Grant Award Notification (GAN), staff corrected the FAIN in NexSys and worked with the NexSys programmers to have the GANs reissued on April 8, 2025. A communication to alert subrecipients of the update was sent on June 6, 2025. LEO also updated procedures to include multiple staff reviews of the GAN information to ensure accuracy before the GANs are released in NexSys. Anticipated Completion Date a. June 30, 2025 b. Completed Responsible Individual(s) Erica Luce, LEO Patty Higgins, LEO Brian Frazier, LEO Kari Hiner, LEO Sue Muzillo, LEO
View Audit 360209
Finding 567699 (2024-028)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring § 200.332 § 200.501 § 200.521
Finding 2024-028 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Subrecipient Audits Management Views For part a., LEO agrees with the finding. All three of MSF’s subrecipient awards for the fiscal year were sampled totaling approximately $274,000 (0.3 percent of the total award). ...
Finding 2024-028 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Subrecipient Audits Management Views For part a., LEO agrees with the finding. All three of MSF’s subrecipient awards for the fiscal year were sampled totaling approximately $274,000 (0.3 percent of the total award). While MSF agrees with the finding that it did not have a written process to verify single audit compliance, management believes that MSF’s risk assessment of subrecipients adequately determined that single audit verification was not required for two of its subrecipients since, based on all anticipated federal awards for the subrecipient, it was not expected that they would reach the expenditure threshold (2 CFR 200.332(f)). The third annually files a single audit, was expected to file a single audit, and did file a single audit. For part b., EGLE agrees with the finding. Planned Corrective Action For part a., the LEO Internal Controls Unit (LEO-IC) will expand LEO’s subrecipient monitoring function for the Coronavirus State and Local Fiscal Recovery Funds and update procedures to include sending an inquiry to subrecipients to determine whether they meet the requirements for a single audit, ensuring that audits are received and reviewed, and issuing management decision letters (when applicable). LEO-IC will train staff on the new procedures and is in the process of hiring another individual to assist with subrecipient monitoring. MSF completed its risk assessment in November 2024 and determined it necessary to update the existing process. On March 4, 2025, MSF implemented an updated process to notify subrecipients of single audit requirements and require feedback on the status of the funding. A Single Audit Certification letter is sent to all subrecipients via email and requires a response to whether a single audit would be required for the fiscal year. The response is then documented and MSF will review the single audits for all subrecipients for which an audit is required to be completed. For part b., the EGLE Budget unit within the Finance Division has assigned responsible staff and began reviewing single audits of applicable subrecipients for fiscal year 2024 activity and will be fully compliant for this subrecipient monitoring cycle and moving forward. Anticipated Completion Date a. LEO: August 31, 2025 MSF: Completed b. EGLE: Completed Responsible Individual(s) a. Christopher Blondell, LEO Allen Williams, LEO Gregory West, MSF Christine Whitz, MSF Lori Mullins, MSF David Meninga, MSF b. Jon Doyle, EGLE Daniel Lance, EGLE
View Audit 360209
Finding 567698 (2024-027)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring Internal Control / Segregation of Duties § 200.332
Finding 2024-027 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Subaward Information Management Views MDOT and LEO agree with parts a. and b. of the finding, respectively. For part c., the Michigan Strategic Fund (MSF) agrees that the subaward agreements did not specify whether th...
Finding 2024-027 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Subaward Information Management Views MDOT and LEO agree with parts a. and b. of the finding, respectively. For part c., the Michigan Strategic Fund (MSF) agrees that the subaward agreements did not specify whether the award was for research and development (R&D) purposes. The omission occurred because MSF does not administer awards intended to support R&D activities under this program; accordingly, this designation was not included in the grant agreement. MSF also agrees that the subaward agreements did not include an indirect cost rate. MSF did not fund indirect costs as part of this program; therefore, an indirect cost rate was not included in the grant agreement. Planned Corrective Action For part a., MDOT will incorporate into its current process all required subaward information to ensure it is reported to subrecipients, which will include, but not be limited to, UEI, Federal Award Identification Number (FAIN), federal award date, subaward period of performance start and end date, subaward budget period start and end date, federal awarding agency name, assistance listing number (ALN) title, identification of whether the award is for R&D, indirect cost rate for the federal award, an approved federally recognized indirect cost rate for the subrecipient, and the closeout terms and conditions. MDOT will also provide current subrecipients with the missing required subaward information. For part b., the LEO Prosperity Division will review records to identify all subrecipients that were previously provided with incorrect FAINs and will provide them with correct information. In addition, the LEO Prosperity Division will implement a procedural change to have a reviewer check to ensure that award information is accurately stated before grant issuance. For part c., to align with Uniform Guidance requirements (2 CFR 200.332(a)) all future agreements under the program will explicitly state that: 1) funding is not intended to support R&D activities; and 2) indirect costs are not eligible costs. All applicable current subrecipients will be notified of the same. Anticipated Completion Date a. September 30, 2025 b. July 31, 2025 c. July 31, 2025 Responsible Individual(s) a. Gina Huhn, MDOT Jean Ruestman, MDOT b. Denise Flannery, LEO c. Jay Williams, MSF Amy Rencher, MSF Gregory West, MSF Christine Whitz, MSF Christina Degrow, MSF
View Audit 360209
Finding 567697 (2024-026)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring Reporting Internal Control / Segregation of Duties § 200.303
Finding 2024-026 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Workfront Security Management and Access Controls Management Views DTMB agrees with the finding. Planned Corrective Action DTMB implemented process improvements in May 2024 related to the tracking and documentation of...
Finding 2024-026 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Workfront Security Management and Access Controls Management Views DTMB agrees with the finding. Planned Corrective Action DTMB implemented process improvements in May 2024 related to the tracking and documentation of user access requests to support approval of user access and system roles. The exceptions cited are related to users whose access was granted prior to the improved documentation being implemented. Anticipated Completion Date Completed Responsible Individual(s) Jennifer Edmonds, DTMB
View Audit 360209
Finding 567696 (2024-025)
Significant Deficiency 2024
State of Michigan
MI
Allowable Costs / Cost Principles Subrecipient Monitoring Period of Performance § 200.303
Finding 2024-025 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Insufficient Respite Payment Controls Management Views MDHHS agrees with the finding. Planned Corrective Action During fiscal year 2024, MDHHS improved the payment review process prior to manual input into the Medic...
Finding 2024-025 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Insufficient Respite Payment Controls Management Views MDHHS agrees with the finding. Planned Corrective Action During fiscal year 2024, MDHHS improved the payment review process prior to manual input into the Medical Services Administration Manual Payment System (MSAPay) to help ensure there are no improper payments, as demonstrated by no improper payments identified for fiscal year 2024. MDHHS will develop and implement a post payment review process for the final respite payments that were entered into MSAPay during December 2024 and anticipates completion by September 30, 2025. Anticipated Completion Date September 30, 2025 Responsible Individual(s) Crystal Kline, MDHHS Jessica Bowen, MDHHS Elaina Brown, MDHHS
View Audit 360209
Finding 567694 (2024-023)
Significant Deficiency 2024
State of Michigan
MI
Allowable Costs / Cost Principles Internal Control / Segregation of Duties Subrecipient Monitoring § 200.303
Finding 2024-023 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - PTMS Security Management and Access Controls Management Views MDOT agrees with the finding. Planned Corrective Action MDOT EIM and Office of Passenger Transportation will collaborate and provide oversight to ensure ...
Finding 2024-023 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - PTMS Security Management and Access Controls Management Views MDOT agrees with the finding. Planned Corrective Action MDOT EIM and Office of Passenger Transportation will collaborate and provide oversight to ensure that Public Transportation Management System (PTMS) user access is reviewed semiannually for privileged accounts and annually for all other accounts. MDOT will implement an improved process which will include obtaining, verifying, and documenting the written approval for all identified users by the designated System Security Administrators. Access will be modified/removed, as appropriate, based on responses or removed for non-responders prior to the end of each six-month period for privileged users and each fiscal year for all other users. Anticipated Completion Date September 30, 2025 Responsible Individual(s) Sandy Lovell, MDOT Gina Huhn, MDOT Jean Ruestman, MDOT Kyle Nelson, MDOT Andy Esch, MDOT
View Audit 360209
Finding 567691 (2024-001)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring Internal Control / Segregation of Duties
Finding 2024-001 SIGMA High-Risk Activity Monitoring Management Views LEO agrees with the finding. Planned Corrective Action The LEO Finance Division will implement the following: 1. Updated procedures that ensure completeness of high-risk activity reports by adjusting date parameters of weekly ...
Finding 2024-001 SIGMA High-Risk Activity Monitoring Management Views LEO agrees with the finding. Planned Corrective Action The LEO Finance Division will implement the following: 1. Updated procedures that ensure completeness of high-risk activity reports by adjusting date parameters of weekly reports. 2. A layer of review by management that oversees SIGMA override processes and transactions to ensure appropriateness. 3. A procedure to ensure the adequate retention of management review documents. Anticipated Completion Date August 31, 2025 Responsible Individual(s) Robert Mason, LEO Mary McGrath, LEO
View Audit 360209
Finding 567678 (2024-021)
Significant Deficiency 2024
State of Michigan
MI
Internal Control / Segregation of Duties Subrecipient Monitoring Period of Performance § 200.303 § 200.308
Finding 2024-021 National Guard Military Operations and Maintenance (O&M) Projects, ALN 12.401 - Extension Procedures Management Views DMVA agrees with the finding. Planned Corrective Action DMVA will set annual recurring calendar appointments to review program activities with the program managers...
Finding 2024-021 National Guard Military Operations and Maintenance (O&M) Projects, ALN 12.401 - Extension Procedures Management Views DMVA agrees with the finding. Planned Corrective Action DMVA will set annual recurring calendar appointments to review program activities with the program managers one month before the end of the period of performance to ensure a joint understanding of extension requirements, allowing sufficient time to prepare and submit period of performance extension requests timely, if needed. Anticipated Completion Date September 1, 2025 Responsible Individual(s) Rachelle Breeden, DMVA
View Audit 360209
Finding 567675 (2024-009)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring § 200.303
Finding 2024-009 MDE, Security Management and Access Controls Management Views The Michigan Department of Education (MDE) agrees with the finding. Planned Corrective Action For part a., with the release of Michigan Nutrition Data (MiND) 2.0 in November 2024, the system now has the added documentat...
Finding 2024-009 MDE, Security Management and Access Controls Management Views The Michigan Department of Education (MDE) agrees with the finding. Planned Corrective Action For part a., with the release of Michigan Nutrition Data (MiND) 2.0 in November 2024, the system now has the added documentation supporting the individual approved system roles required for this security control. For part b.1., MDE will start reviewing non-privileged internal Grant Electronic Monitoring System/Michigan Administrative Review System accounts on an annual basis and will store documentation of the review. MDE has started writing the policy adjustment for this change. To validate their continued need, MDE will annually review all MiND accounts for appropriate access that have access to SOM proprietary information. For part b.2., MDE has provided input to DTMB on this technical control, and MDE intends to comply with the revised SOM Technical Standard 1340.00.020.01 (Access Control Standard). MDE plans to complete both the policy adjustment and the annual review for 2025 by December 31, 2025. For part c., MDE implemented the process for deactivating users to meet this security requirement in November 2024 when MiND 2.0 was released. The process for deactivating users to meet this security requirement for the Next Generation Grant, Application and Cash Management System (NexSys) was implemented in May 2025. Anticipated Completion Date a. Completed b.1. September 30, 2025 b.2. December 31, 2025 c. Completed Responsible Individual(s) Monica Butler, MDE Joshua Long, MDE Peter Jones, MDE David Judd, MDE
View Audit 360209
Finding 567674 (2024-008)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring Cash Management Eligibility § 200.303
Finding 2024-008 MDE, IT General Controls Management Views DTMB agrees it did not fully implement its user access removal and recertification processes when transitioning responsibilities between employees. Planned Corrective Action DTMB corrected the issues noted and the reassigned employee res...
Finding 2024-008 MDE, IT General Controls Management Views DTMB agrees it did not fully implement its user access removal and recertification processes when transitioning responsibilities between employees. Planned Corrective Action DTMB corrected the issues noted and the reassigned employee resumed DTMB’s existing user access removal and recertification processes in November 2024. Anticipated Completion Date Completed Responsible Individual(s) Rex Menold, DTMB Aaron Dupre, DTMB
View Audit 360209
Finding 567665 (2024-018)
Significant Deficiency 2024
State of Michigan
MI
Allowable Costs / Cost Principles Subrecipient Monitoring § 200.303
Finding 2024-018 WIC Special Supplemental Nutrition Program for Women, Infants, and Children, ALN 10.557 - MI-WIC Access Controls Management Views MDHHS and DTMB agree with the finding. Planned Corrective Action DTMB implemented a process in November 2024 to review privileged accounts with direct ...
Finding 2024-018 WIC Special Supplemental Nutrition Program for Women, Infants, and Children, ALN 10.557 - MI-WIC Access Controls Management Views MDHHS and DTMB agree with the finding. Planned Corrective Action DTMB implemented a process in November 2024 to review privileged accounts with direct database access semiannually. Anticipated Completion Date Completed Responsible Individual(s) Nathan Buckwalter, DTMB
View Audit 360209
Finding 567659 (2024-006)
Significant Deficiency 2024
State of Michigan
MI
Special Tests & Provisions Subrecipient Monitoring Internal Control / Segregation of Duties § 200.303
Finding 2024-006 ADP Security Program Management Views Although MDHHS and DTMB agree annual testing was not conducted for one system and not all necessary updates to the system security plan were completed during the audit period for four systems, MDHHS and DTMB disagree that effective controls wer...
Finding 2024-006 ADP Security Program Management Views Although MDHHS and DTMB agree annual testing was not conducted for one system and not all necessary updates to the system security plan were completed during the audit period for four systems, MDHHS and DTMB disagree that effective controls were not implemented to ensure confidentiality, integrity, and availability of its automated data processing (ADP) information systems. MDHHS and DTMB also disagree that the security of critical systems was at risk by failing to mitigate potential vulnerabilities as described in the effect statement of the finding. MDHHS and DTMB have compensating controls in place to ensure confidentiality, integrity, and availability of its ADP information systems in addition to mitigating potential vulnerabilities. MDHHS and DTMB monitor remediation of Plans of Actions and Milestones for all information systems even after expiration of the authority to operate (ATO). For one system cited, MDHHS is required to audit the system as part of the responsibilities related to the Affordable Care Act and the Medicaid Expansion marketplace. Those audits are conducted to show compliance with federal information security and privacy requirements related to data stored in those systems. The system required to be audited as part of the Affordable Care Act, along with two other systems cited, are reviewed biennially through the Internal Control Evaluation process where control evidence is updated to demonstrate the effectiveness of controls. Each system cited did not have any significant changes and implemented controls are still working as expected. Planned Corrective Action DTMB has hired additional resources to help ensure the timely completion of the required work below. For part a., MDHHS and DTMB will conduct testing of the disaster recovery plan (DRP) by September 30, 2025, and will follow SOM Technical Standards on DRP testing going forward. For part b., MDHHS and DTMB will complete the necessary updates to the system security plans, including updating the risk assessments, and anticipate completion for all cited systems by July 1, 2025. MDHHS and DTMB anticipate that ATO renewals will be attained for all cited systems by August 30, 2025. Anticipated Completion Date a. September 30, 2025 b. August 30, 2025 Responsible Individual(s) Laura Visser, MDHHS Nathan Buckwalter, DTMB Lyndia Deromedi, MDHHS Heather Frick, DTMB Kasi Hunzinger, MDHHS Veronica Maxson, MDHHS Karen Scott, MDHHS Michelle Smith, MDHHS
View Audit 360209
Finding 567658 (2024-005)
Material Weakness 2024
State of Michigan
MI
Questioned Costs Eligibility Subrecipient Monitoring
Finding 2024-005 Income Eligibility and Verification System Management Views MDHHS agrees with parts a., b., d., f., and g. of the finding. MDHHS disagrees with parts c. and e. of the finding. For part c., MDHHS disagrees that a process is not fully established to monitor the electronic notificat...
Finding 2024-005 Income Eligibility and Verification System Management Views MDHHS agrees with parts a., b., d., f., and g. of the finding. MDHHS disagrees with parts c. and e. of the finding. For part c., MDHHS disagrees that a process is not fully established to monitor the electronic notifications provided to county/district office caseworkers to ensure they utilized the Income Eligibility and Verification System (IEVS) information to determine the recipients’ eligibility. MDHHS had policies and procedures in effect during fiscal year 2024 to help ensure monitoring of electronic notifications was taking place. Review of IEVS information is fully incorporated into the case read procedure governed by Bridges Administrative Manual 301 and detailed further in desk aids and reading guides. The MDHHS Economic Stability Administration (ESA) provides regular direction and reminders of case read requirements via ESA Memos. For part e., MDHHS disagrees that IEVS information is required to be requested and obtained for modified adjusted gross income (MAGI) based recipients since eligibility is verified upon determination through the MAGI eligibility determination process and then granted for a 12-month continuous eligibility period. Requesting and obtaining IEVS information throughout the eligibility period would be irrelevant since eligibility is continuous. Planned Corrective Action For parts a. and b., MDHHS ESA will continue to provide guidance and trainings to the local office specialists on utilizing the IEVS data timely and appropriately if the data is critical for current eligibility determinations. MDHHS ESA will also continue to review any technical automated solutions of the IEVS data to help ensure its proper utilization and timeliness. For parts c. and e., MDHHS disagrees with the finding and does not intend to take further action. For part d., MDHHS is collaborating with other work areas to identify potential solutions to establish and implement IEVS interfaces for adoption subsidies recipients funded by Temporary Assistance for Needy Families (TANF). For part f., MDHHS worked with the Social Security Administration (SSA) to resolve a discrepancy in how the file was reported to DTMB by SSA and processed the fiscal year 2024 file during February 2025. For part g., MDHHS worked with the National Technical Information Service (NTIS) to regain access to the data during February 2024 and resume receiving the data monthly. Once access was re-established, NTIS sent a complete base file containing the data for the three months identified and the file exceeded the normal processing limit. MDHHS will work with DTMB to identify potential solutions and will process the complete file base by September 30, 2025. Anticipated Completion Date a. and b. Ongoing c. Not applicable d. MDHHS has not yet determined an anticipated completion date because the date is dependent on the potential solutions identified. e. Not applicable f. Completed g. September 30, 2025 Responsible Individual(s) a., b., and c. Veronica Maxson, MDHHS d. Kathonya Rice, MDHHS e. Logan Dreasky, MDHHS f. Brant Cole, MDHHS g. Brant Cole, MDHHS Nathan Buckwalter, DTMB
View Audit 360209 Questioned Costs: $1
Finding 567656 (2024-003)
Material Weakness 2024
State of Michigan
MI
Internal Control / Segregation of Duties Subrecipient Monitoring Eligibility § 200.303
Finding 2024-003 Bridges Security Management and Access Controls Management Views MDHHS agrees with the finding. Planned Corrective Action For parts a., b., c., and d., MDHHS implemented the Database Security Application (DSA) on October 2, 2023, which includes documenting incompatible role except...
Finding 2024-003 Bridges Security Management and Access Controls Management Views MDHHS agrees with the finding. Planned Corrective Action For parts a., b., c., and d., MDHHS implemented the Database Security Application (DSA) on October 2, 2023, which includes documenting incompatible role exception requests and user access request approvals, semi-annual review of privileged users, and annual review for all users. Security management and access control processes will continue to be a standing agenda item for ongoing quarterly training sessions with Local Office Security Coordinators (LOSCs). For parts a., c., and d., the Access Management Section began conducting quarterly reconciliations of DSA to the Bridges Integrated Automated Eligibility Determination System (Bridges) during the first quarter of fiscal year 2025. For part b., MDHHS is currently evaluating the feasibility of establishing a quarterly review process to help ensure documentation is maintained for a sample of LOSC monitoring reports. MDHHS anticipates completing the evaluation by September 30, 2025, and will determine an anticipated completion date for implementation, if necessary, at that time. For part e., MDHHS Local Office Directors, District Managers, or designees review a monthly sample of high-risk Bridges transactions to ensure documentation was properly maintained. Beginning September 2024, MDHHS Business Service Centers (BSC) implemented a monitoring process to ensure monthly reviews are completed by the local offices timely and that the documentation is properly maintained. Anticipated Completion Date a., c., d., and e. Completed b. September 30, 2025 Responsible Individual(s) a., b., c., and d. Jim Bowen, MDHHS e. Veronica Maxson, MDHHS
View Audit 360209
Finding 567639 (2024-001)
Material Weakness 2024
Scripps Health and Affiliates
CA
Questioned Costs Subrecipient Monitoring Allowable Costs / Cost Principles
Corrective Action Plan Corrective Action Plan – Uniform Guidance Audit Finding Organization: Scripps Health and Affiliates Federal Agency: U.S. Department of Homeland Security Pass-Through Agency: California Governor’s Office of Emergency Services UEI Number: JJRCL53EXL36 Audit Period: Year Ended S...
Corrective Action Plan Corrective Action Plan – Uniform Guidance Audit Finding Organization: Scripps Health and Affiliates Federal Agency: U.S. Department of Homeland Security Pass-Through Agency: California Governor’s Office of Emergency Services UEI Number: JJRCL53EXL36 Audit Period: Year Ended September 30, 2024 Finding Reference Number: 2024-001 Federal Program: COVID-19 – Disaster Grants – Public Assistance (Presidentially Declared Disasters) Assistance Listing Number: 97.036 Finding Summary: The organization did not employ an adequate internal control review of expenditures to support activities allowed or unallowed, allowable costs/cost principles, reporting and special tests and provisions related to amounts reimbursed for the project worksheet as it relates to the FEMA disposition requirements for COVID-19 related supplies. As a result, Management was reimbursed by FEMA for expenditures that were not in compliance with the FEMA disposition requirements which resulted in a questioned costs of $480,606. Corrective Action Plan: Management will develop and implement an additional layer of review in future FEMA project worksheet submissions to ensure expenditures reporting for reimbursement in the FEMA project worksheet comply with the FEMA disposition requirements. Management will work with FEMA to refund the questioned costs and discuss the extent of the additional courses of action. Management will ensure this is performed through the closeout process of the project worksheet with FEMA. Responsible Officials & Contact Person: Brett Tande, Executive Vice President & Chief Financial Officer Scripps Health and Affiliates Expected Completion Date: June 30, 2025
View Audit 360181 Questioned Costs: $1
Finding 567628 (2024-005)
Significant Deficiency 2024
Hias, Inc.
MD
Internal Control / Segregation of Duties Reporting Eligibility
Views of Responsible Officials: HIAS management accepts the recommendation and is implementing procedures to ensure that FFATA reports are submitted in a timely manner.
Views of Responsible Officials: HIAS management accepts the recommendation and is implementing procedures to ensure that FFATA reports are submitted in a timely manner.
View Audit 360178
Housing Authority of the City of Alexander City
AL
Questioned Costs HUD Housing Programs Subrecipient Monitoring
Corrective Action: The Authority submitted corrective actions to HUD dated March 24, 2025, which included implementing HUD’s recommended corrective actions. Responsible Party: Darold Sterling, Executive Director, (256)329-2201. Anticipated Completion Date: September 30, 2025.
Corrective Action: The Authority submitted corrective actions to HUD dated March 24, 2025, which included implementing HUD’s recommended corrective actions. Responsible Party: Darold Sterling, Executive Director, (256)329-2201. Anticipated Completion Date: September 30, 2025.
View Audit 360138 Questioned Costs: $1
Finding 567565 (2024-007)
Significant Deficiency 2024
City of New Haven
CT
Subrecipient Monitoring Internal Control / Segregation of Duties Reporting § 200.303
Finding 2024-007: Reporting – Significant Deficiency over Internal Control over Reporting Assistance Listing Program: Coronavirus State and Local Fiscal Recovery Fund Finding: Per 2 CFR 200.303, recipients are required to establish, document, and maintain effective internal controls that provide...
Finding 2024-007: Reporting – Significant Deficiency over Internal Control over Reporting Assistance Listing Program: Coronavirus State and Local Fiscal Recovery Fund Finding: Per 2 CFR 200.303, recipients are required to establish, document, and maintain effective internal controls that provide reasonable assurance of compliance with Federal statutes, regulations, and award terms. These controls should align with GAO's Standards for Internal Control in the Federal Government and COSO's Internal Control – Integrated Framework. Condition: The City did not maintain documentation supporting the internal control process over the submission of required quarterly reports during fiscal year 2024. Corrective Actions Taken: 1. Establishment of Formal Reporting Controls: The City has developed and implemented a standardized procedure for the preparation, review, and submission of all quarterly reports related to federal awards, including a designated checklist and approval workflow to ensure compliance with reporting deadlines and content accuracy. 2. Documentation and Retention Protocols: All steps in the reporting process are now formally documented, including preparer and reviewer signoffs. Supporting documentation is retained in a centralized location accessible to relevant staff and auditors for verification purposes. 3. Internal Review and Oversight: The Office of Management, Policy, and Grants has assigned responsibility to the Grant Management Team for conducting secondary reviews of quarterly report submissions. This includes validating that internal controls have been followed, and evidence of compliance is documented. 4. Staff Training: Staff involved in federal reporting have received training on the internal control requirements outlined in 2 CFR 200.303, COSO, and GAO Green Book standards to reinforce the importance of documentation and control procedures. 5. Monitoring and Compliance Checks: A quarterly compliance checklist and review process have been instituted to ensure ongoing adherence to federal internal control requirements. Noncompliance will be flagged and reviewed with senior leadership. Contact: Shannon McCue, Director of Management, Policy, and Grant Anticipated Completion Date: January 2026
View Audit 360119
Finding 567564 (2024-003)
Material Weakness 2024
City of New Haven
CT
Procurement, Suspension & Debarment Subrecipient Monitoring Matching / Level of Effort / Earmarking
Finding 2024-003: Material Weakness and Noncompliance Finding- Procurement and Suspension, and Debarment - Verification Against the System for Award Management (SAM) Program: Coronavirus State and Local Fiscal Recovery Funds Finding: 2 CFR Part 200 Uniform Administrative Requirements, Cost Principl...
Finding 2024-003: Material Weakness and Noncompliance Finding- Procurement and Suspension, and Debarment - Verification Against the System for Award Management (SAM) Program: Coronavirus State and Local Fiscal Recovery Funds Finding: 2 CFR Part 200 Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards, (Uniform Guidance) requires compliance with provisions of procurement, suspension, and debarment. While the City has a formal policy requiring the purchasing department to perform verification of suspension or debarment over vendors that the City makes contracts with federally funded projects, it does not maintain formal documentation that this procedure occurred. Corrective Actions Taken: 1. Develop Standard Documentation: Create a standardized verification form or checklist for suspension and debarment checks. Include fields for date, method of verification (e.g., SAM.gov search), name of reviewer, and signature. 2. Integrate into Procurement Workflow: Require completion and attachment of the verification form to all federally funded purchase orders and contracts before approval. Embed verification as a required step in MUNIS or other procurement software workflows, if possible. 3. Staff Training: Provide refresher training for purchasing and finance staff on federal compliance requirements, including suspension and debarment procedures. Emphasize the importance of documentation for audit and compliance purposes. Contact: Malinda Figueroa, Purchasing Director, Anticipated Completion Date: December 2025
View Audit 360119
« 1 64 65 67 68 439 »