Corrective Action Plans

The Alamo Colleges District Student Financial Aid Office has collaborated with Internal Audit to put into place controls that ensure Alamo Colleges District Board policies are followed and that all Financial Aid staff are trained on the execution of those policies. Additional control reporting has been established to monitor compliance. The Board Policy F.2.4 has also been revised to clarify those expectations. Implementation Date: June 2024 Responsible Persons: Dr. Harold Whitis, District Director of Student Financial Aid

To ensure compliance with the provisions of the Gramm-Leach-Bliley Act (GLBA), specifically the requirement that the District’s written Enterprise Data Governance Standard (EDGS) includes a description of the use of a data inventory that includes how the institution is identifying and managing data, personnel, devices, systems and facilities, management has revised the EDGS to specify that a data inventory for each functional system domain shall take place annually under the direction of the Data Owners and the procedures performed and results shall be adequately documented. Implementation Date: August 2024 Responsible Persons: Phong Banh, District Director of Information Technology Services Patrick Vrba, Controller

Internal Control over Compliance (Repeat Finding 2022-001, 2021-003, 2020-001, 2019-002, 2018-003, 2017-002, 2015-002, 2014-008) Name of contact person responsible for corrective action plan: Rhett R. Vertrees, Assistant Chief Financial Officer 2601 Enterprise Road, Reno NV 89512-1666 Phone: (775)784-3409, Fax: (775)784-1127 Email: rvertrees@nshe.nevada.edu Responses UNR agrees with the findings • Detailed corrective action taken, including what will be done to avoid the identified issues in the future, and when these measures will be in place; The technical staff can only have the PeopleSoft Administrator (PSA) role in either development or production, but not both. There is an approval process in place to ensure that access is removed from either development or production when a PSA needs to be moved across to the other environment. This process became effective March 1, 2023. There is a quarterly security review of the PeopleSoft Administrator role in PeopleSoft. The first quarterly review was performed in FY16 Q1 and has been performed each quarter since. The reviews are documented and approved. There is a quarterly security review of the PeopleSoft Administrator activities in PeopleSoft. The first quarterly review was performed in FY22 Q4 and has been performed each quarter since. The reviews are documented and approved. There is a quarterly security review of the PeopleSoft Oracle database and user access. The first quarterly review was performed in FY20 Q2 and has been performed each quarter since. The reviews are documented and approved. • How compliance and performance will be measured and documented for future audit, management and performance review. Compliance and performance can be measured by the documented quarterly reviews. • Who will be responsible and may be held accountable in the future if repeat or similar observations are noted. The PeopleSoft Manager will be responsible for ensuring the corrective actions plans are implemented and followed. The Vice President of Information Technology will be accountable for the department’s compliance. UNLV agrees with the finding. • Detailed corrective action taken, including what will be done to avoid the identified issues in the future, and when these measures will be in place; UNLV understands the importance of adequate segregation of duties within the PeopleSoft environments and applications. The PeopleSoft Administrator (PSA) position that is the subject of the finding is responsible for the installation, configuration, upgrades, and troubleshooting of all the application environments. The PeopleSoft Administrators are not programmers/developers, and their access to the production environments is periodically required to perform the needed activities required to provide timely support of the application within the scope of their job duties. UNLV has implemented the following controls to mitigate the risks associated with the elevated access required for the administrators to perform their required support activities. 1. UNLV has removed all persistent assignment of the PeopleSoft Administrator role from all PSAs in all environments. 2. The PeopleSoft Administrator role is temporarily assigned only when elevated actions are required. All assignments are of a limited duration and include a justification detailing the need and actions to be performed. All assignments trigger the follow actions: a. An immediate notification to the Director of Business Continuity & Resiliency and the Interim Senior Associate Vice Provost for Digital Strategy and Transformation. b. Removal is automatic but can be initiated by PSA if work is completed sooner than expected. c. All details around the assignment are captured in a tracking table. d. A review of all assignments and activities is performed monthly. 3. UNLV will continue to review access, activities, and assigned privileges monthly for the PeopleSoft Administrators. 4. UNLV will continue researching and implementing other control methods that may strengthen the segregation of duties or the monitoring capabilities that are available. • How compliance and performance will be measured and documented for future audit, management and performance review. The PeopleSoft Administrator role is no longer persistently assigned to the PSA position. It is only assigned upon request with the knowledge and approval of approving authorities. UNLV performs monthly reviews of the access and activities to determine if the PeopleSoft Administrators' activities align with the necessary support. Additionally, UNLV will continue to research other control methods that will address the segregation of duties while providing appropriate service and support. • Who will be responsible and may be held accountable in the future if repeat or similar observations are noted. The Director of Business Continuity & Resiliency will be responsible for performing the activity reviews and access needs of the PeopleSoft Administrators. The Director will complete the reviews and is also accountable if repeat or similar observations are noted. The Chief Information Security Officer will verify that reviews are conducted on a monthly basis per audit practices. SCS agrees with the findings • Detailed corrective action taken, including what will be done to avoid the identified issues in the future, and when these measures will be in place; In addition to the compensating controls (a) to (d), that have been operating since prior to FY23 the segregation of PeopleSoft Administrators (PSA) is enforced through a “locked account” process. Only two employees have PSA access in both the Production and Development environment. Each employee can only have access to the Production or Development environment at any one time, i.e., the PSA account in the other environment remains locked. A JIRA ticket must be opened for an account to be unlocked. The request is approved by management and the account is unlocked by a member of the IT Security Team. The controls listed below should also mitigate the segregation of duties risk and support a review of “user activities” in the absence of an appropriate user activities audit log function. (a) STAT for PeopleSoft – Code control and internal modification tracking provides visibility over PSA activities that are processed via this tool. These object changes are reviewed and approved by the Director of Information and Application Services. (b) JIRA ‐ Change control management and project tracking software. Change requests and projects related to the PeopleSoft shared instance are tracked and approved. This would include user access modifications and system updates for example. (c) Security e‐mail alerts – The SCS security team are alerted via automated e‐mails when key events are triggered. For example, an elevated role is assigned to a user. (d) User Access Reviews – On an annual basis an independent user access review is performed incorporating SCS/SA privileged users and all shared instance security coordinators. • How compliance and performance will be measured and documented for future audit, management and performance review. The PeopleSoft Administrators will have persistent unlocked access to either the Production or Development environments only. Their corresponding account in the other environment will remain locked. In the event that access is needed to the locked environment, a ticket will be created requesting access which will document the rationale and approvals. In addition, PSA activities are monitored via the change control process through STAT for PeopleSoft. Object changes within the Production environment for example, are approved along with the associated workflows. • Who will be responsible and may be held accountable in the future if repeat or similar observations are noted. The SCS Director of Information and Application Services, and SCS Security Group are responsible for locking/unlocking PSA accounts. The SCS Security Group monitor PeopleSoft e-mail alerts. The IT Audit Manager is performing annual SCS/SA privileged user access reviews.

Tapestry will review the policies and procedures with staff and make necessary updates. The updated Purchasing & Procurement policy will outline a specific role in the Finance department that will champion CFR rules and ensure all vendors’ contracts are tracked, managed, and comply with suspended and debarment rules. This data will be stored on our SharePoint drive for reference and will be reviewed periodically. The anticipated completion date to correct the Finding 2023-005 is August 15th, 2024.

Education Stabilization Fund – Assistance Listing No. 84.425 Recommendation: CLA recommends the School ensures it documents the underlying support for how allowable payroll expenditures were charged to the program along with approval of that determination. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action planned in response to finding: The School will ensure as they allocate wages to federal programs going forward they will specifically identify the underlying disbursements and document their approval of that allocation. Name of the contact person responsible for corrective action: Abdi Shekh Planned completion date for corrective action plan: June 30, 2024.

INVOICES: A copy of all invoices will be kept in the cafeteria. An employee of the District will review the invoices for allowable costs

The HEERF reports are being updated, approved and uploaded to our website.

Views of Responsible Officials: Finance management recognizes the importance of regular account analysis and account reconciliations. In view of the finance department’s staffing constraints, some account reconciliations were performed less frequently. As staffing issues (e.g., learning curve of new hire and return of staff from extended leave) are addressed, the finance team now performs regular account reconciliations as part of the month-end financial reporting close. Specific accounts are flagged for monthly reconciliations, i.e. bank and investment accounts, intercompany accounts, prepaids, advances, receivables and payables. Other accounts with only periodic activity, will be reconciled on a quarterly, mid-year, or yearly basis, as determined.

Finding Number: 2023-001 Condition: Two reimbursement requests submitted during 2023 did not have documentation available to indicate that the reimbursement request was reviewed by a supervisor for accuracy before submission. Planned Corrective Action: Staff turnover in early 2023 resulted in a temporary lapse of documentation proving that the internal control process was followed. The Society follows its internal review process and is maintaining documentation that appropriate approvals are in place. Contact person responsible for corrective action: Dharshni Sabapathy, Senior Director of Accounting Anticipated Completion Date: April 25, 2024

MVCHS acknowledges the need to implement procedures to verify the suspension and debarment status of contractors prior to using federal funds. The Finance Department will develop a process to check for suspension and debarment prior to issuing a purchase order. This process will be completed by May 6, 2024. Carla Melendez, Chief Financial Officer will be responsible for developing and implementing this process.

Department of Transportation Airport Improvement Program, CFDA #20.106 AIP3-46-0050-60, AIP3-46-0050-62 Finding Summary: The SF-425 annual report dated September 30, 2023, for award AIP3-46-0050-54 underreported the federal share of expenditures by $80,133, while the FAA Form 5100-127 annual report dated December 31, 2022, for all awards underreported the externally restricted assets by $397,646 Responsible Individuals: Dan Letellier, Executive Director Corrective Action Plan: Management will ensure correct support documentation is provided to 3rd party account for correct submission of FAA Forms 5100-127. Director will also verify that annual report form SF-425 reconciles to underlying supporting records. Anticipated Completion Date: Ongoing

2023-002 Significant Deficiency in Internal Control over Compliance, Other Matters Recommendation: We recommend the County establish internal control procedures to ensure that all amounts charged to grant programs for employee payroll costs be reconciled to the specific employee payroll records and that supporting documentation be maintained throughout the grant award period and beyond. Views of responsible officials: Management concurs with the finding. There were minimal variances in the number of employees tested and the County believes the wage report discrepancies are isolated due to the complexity of the EMS salary structure. The County claimed $26,038,852 of the $37,618,256 total eligible expenses available. Action planned/taken in response to finding: Effective fiscal year 2024, Management will implement the following corrective action: The County will create a process to ensure the payroll wage reports generated by Human Resources agrees to support documentation. Name of the contact person responsible for corrective action plan: Pete Winton Planned completion date for corrective action plan: The above action plan will be implemented in fiscal year 2024.

Action taken in response to finding: will include Institutional Research compiling the data and then sending to Financial Aid/Admissions for review of the enrollment files. The Financial Aid/Admissions department will test a sample of the student enrollment data that it is correct. The Department will maintain evidence of the review and confirm back to Institutional Research the review has been completed. Institutional Research can then submit the enrollment files to the National Student Clearinghouse.

Action taken in response to finding: The College started to immediately document the SAM check on every purchase requisition, check request, travel request and new vendor entry with IRS Form W-9. The College is also collecting the certification from vendors as part of the bid process. The College has also updated the process document for these actions.

Action taken in response to finding: Adjustments have been made to reflect the full spring break period in our return of funds process. The number of days campus is considered to be closed for spring break has been updated to nine days for Spring 2024. Spring terms in the future will be set up in Colleague with the day following the last day of classes prior to spring break as the first day of spring break and the day prior to the first day of classes after spring break as the last day of spring break. For 2023-2024 and 2024-2025, this equates to a nine-day spring break. All R2T4 calculations for Spring 2024 have been reviewed and recalculated using a nine-day spring break rather than a seven-day spring break. In communicating with Ellucian regarding the processing of R2T4, we discovered a report that we can run in Colleague to identify students that have withdrawn from all courses and will not complete any courses for the semester. This will be used instead of the report made in house, previously utilized for this process. A financial aid staff member will run the report and perform the R2T4 calculations in Colleague. Then the staff member that performed the calculations will run the Return of Funds Detail Report in Colleague, indicate on that report that they performed the calculations, and send the report to the Director of Financial Aid. The Director will review the Return of Funds Detail Report and the calculations. The Director will sign off on the Return of Funds Detail Report approving the calculations. The report will then be saved in the Return of Funds folder in the Financial Aid Files. All Financial Aid staff members will be trained and have the ability to perform R2T4 calculations to ensure that the calculations can be performed regularly prior to each student refund date during the term. All R2T4 calculations for the 2023-2024 school year have been reviewed for accuracy. Calculations performed for the fall 2023 semester have been reviewed by the Director of Financial Aid for accuracy. Due to short staffing in the Financial Aid Office in the spring semester, and remaining staff not being trained on the R2T4 process, calculations for the Spring 2024 semester were performed by the Director of Financial Aid. To ensure the accuracy of the calculations, the calculations were checked using the R2T4 calculation tool in COD (Common Origination Disbursement).

Recommendation: Additional procedures should be designed, implemented, and documented for allowable costs to ensure documentation of review and approval of allowable costs to be charged to the federal award. The accounting system configurations should be modified to require segregation of duties for all transactions. For journal entries, a documented review and approval should be performed by a finance committee member on a monthly basis. Ac􀆟on Taken: BGCDC has received instructions on how to configure the Accounts Payable module to incorporate the proper approval process. We are in the process of making that update. In addition, for any journal entries made the by CFO, a monthly list will go to the Finance Committee for review. The CFO tries to not make journal entries, but with limited Finance staff and a large workload, this is often inevitable. The logical approvals would come from Finance Committee. The contact person responsible for corrective action is Wendi Speed, CFO. The anticipated completion date is June 30, 2025.

Timely Performance Reporting for Pacific Fisheries Data Program, 11.437; and Bipartisan Budget Act of 2018 (Disaster Relief Program), 11.022 Recommendation: CLA recommends for the Commission to implement stronger internal monitoring to ensure reports are completed by program managers and submitted to the Grants Manager timely to ensure ample time for internal review and upload to the Federal Agency. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The Commission will set an internal deadline at least one week prior to the external report due date. The Grant & Contract Specialist will coordinate with the Finance Officer to submit report timely in the event the Grant & Contract Specialist is absent. Name(s) of the contact person(s) responsible for corrective action: Michael Arredondo and Ngu Castro. Planned completion date for corrective action plan: October 15, 2023

Sufficient Documentation for Noncompetitive Proposals for Pacific Fisheries Data Program, 11.437 Recommendation: CLA recommends increased internal monitoring to ensure that noncompetitive procurements are sufficiently justified and that internal Sole Source Justification Forms are completed correctly and retained for all vendors procured under noncompetitive methods. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The Commission will modify its subcontractor request form and PO form to require competitive supporting documents or non-competitive justification documents to be attached with the subcontractor request or PO form. Contract Specialist and Purchasing Specialist will review request package to ensure all required paperwork completed properly before moving forward with the process. In the pipe line, Requisition Module in Navision Software will be designed to put a hard stop if a purchase order of $10,000 or greater is missing supporting document for competitive/non-competitive procurements. Name(s) of the contact person(s) responsible for corrective action: Kathy Ameral and Michael Arredondo. Planned completion date for corrective action plan: October 15, 2023

Compliance and Controls over Compliance – Eligibility Home Investment Partnership Program, AL# 14.239 Material Weakness Accord did not have controls in place to ensure that eligibility criteria and rent calculations were being reviewed and/or approved by someone other than the individual performing the initial determination or annual reexamination. Actions Taken or Planned: Management agrees with this finding. As of December 31, 2023, the Organization has sold all properties financed by HOME funds. Contact Persons: Robert Pickering, Chief Financial Officer

Significant Difficiencies, 2023-002 Allowable Costs ond Activities: There is an audit recommendation that the District implement internal control processes and procedures to ensure that each purchase has a purchase order and an approved invoice at the time of payment, clearly indicating pre-approval for the purchase and coding to ensure it is charged to the correct accounts. Corrective Action: The District already has a requisition/purchase order system in place and will expand it to ensure purchases are pre-approved and that invoices are approved and that the purchase is coded to the appropriate fund. Anticipated Completion Date: This con-ective action has already been implemented during the 2023-2024 fiscal year, once identified by our auditors while they were performing our 2022-2023 audit.

Finding: The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with financial reporting requirements for the Child Care and Development Fund Cluster. Questioned Costs: Assistance Listing # 93.575 93.575 COVID-19 93.596 Status: Corrective action in progress Corrective Action: The Child Care and Development Fund (CCDF) program was previously managed by the Department of Social and Health Services and the Department of Early Learning. Since the program transitioned in 2019, the Department has been making efforts to strengthen internal controls over payments to child care providers and other CCDF grant requirements. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grant to eligible clients and allowable activities in compliance with 45 CFR 98.67. As part of the audit resolution process, the Department of Health and Human Services (HHS), Administration for Children & Families (ACF), which oversees the CCDF program at the federal level, reviews all State Auditor’s Office (SAO) findings and issues management decision letters. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “The ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended: “…that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the activities allowed finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance recommended by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided to develop and maintain the business process that would allow adjustments to include child-level data beginning July 2024. The conditions noted in this finding were previously reported in findings 2022-044 and 2021-038. Completion Date: Estimated December 2025 Agency Contact: Stefanie Niemela Audit Liaison PO Box 40970 Olympia, WA 98504-0970 (360) 725-4402 stefanie.niemela@dcyf.wa.gov

Finding: The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with period of performance requirements for the Child Care and Development Fund Cluster. Questioned Costs: Assistance Listing # 93.575 93.575 COVID-19 93.596 Status: Corrective action in progress Corrective Action: The Child Care and Development Fund (CCDF) program was previously managed by the Department of Social and Health Services and the Department of Early Learning. Since the program transitioned in 2019, the Department has been making efforts to strengthen internal controls over payments to child care providers and other CCDF grant requirements. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grant to eligible clients and allowable activities in compliance with 45 CFR 98.67. As part of the audit resolution process, the Department of Health and Human Services (HHS), Administration for Children & Families (ACF), which oversees the CCDF program at the federal level, reviews all State Auditor’s Office (SAO) findings and issues management decision letters. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “The ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended: “…that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the activities allowed finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance recommended by SAO. In response to the auditor’s recommendations, the Department: • Implemented written procedures for period of performance requirements effective December 6, 2023. • Submitted a budget request for the 2024 supplemental budget. Funding was provided to develop and maintain the business process that would allow adjustments to include child-level data beginning July 2024. The conditions noted in this finding were previously reported in findings 2022-043, 2021-037 and 2020-041. Completion Date: Estimated December 2025 Agency Contact: Stefanie Niemela Audit Liaison PO Box 40970 Olympia, WA 98504-0970 (360) 725-4402 stefanie.niemela@dcyf.wa.gov

Finding: The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with matching, level of effort, and earmarking requirements for the Child Care and Development Fund Cluster. Questioned Costs: Assistance Listing # 93.575 93.575 COVID-19 93.596 Amount $0 Status: Corrective action in progress Corrective Action: The Child Care and Development Fund (CCDF) program was previously managed by the Department of Social and Health Services and the Department of Early Learning. Since the program transitioned in 2019, the Department has been making efforts to strengthen internal controls over payments to child care providers and other CCDF grant requirements. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grant to eligible clients and allowable activities in compliance with 45 CFR 98.67. As part of the audit resolution process, the Department of Health and Human Services (HHS), Administration for Children & Families (ACF), which oversees the CCDF program at the federal level, reviews all State Auditor’s Office (SAO) findings and issues management decision letters. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “The ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended: “…that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the activities allowed finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance recommended by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided to develop and maintain the business process that would allow adjustments to include child-level data beginning July 2024. The conditions noted in this finding were previously reported in findings 2022-042, 2021-036 and 2020-040. Completion Date: Estimated December 2025 Agency Contact: Stefanie Niemela Audit Liaison PO Box 40970 Olympia, WA 98504-0970 (360) 725-4402 stefanie.niemela@dcyf.wa.gov

Finding: The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers for the Child Care and Development Fund Cluster programs were allowable and properly supported. Questioned Costs: Assistance Listing # 93.575 93.575 COVID-19 93.596 Amount 356,042,172 Status: Corrective action in progress Corrective Action: The Child Care and Development Fund (CCDF) program was previously managed by the Department of Social and Health Services and the Department of Early Learning. Since the program transitioned in 2019, the Department has been making efforts to strengthen internal controls over payments to child care providers and other CCDF grant requirements. The Department implemented grant-level management of all federal funds, including the CCDF grant. The Department allocated the CCDF grant to eligible clients and allowable activities in compliance with 45 CFR 98.67. As part of the audit resolution process, the Department of Health and Human Services (HHS), Administration for Children & Families (ACF), which oversees the CCDF program at the federal level, reviews all State Auditor’s Office (SAO) findings and issues management decision letters. The Department received a management decision letter dated October 3, 2023, from HHS for finding 2021-033 (2020-038) which states: “The ACF noted that the auditor raised concern about the Department’s accounting procedures and efforts made to trace expenditures at the transaction-level. As the basis for the finding, the auditor used CFRs (200.53, 200.303, 200.403, 200.410) that do not apply to CCDF. Federal regulations allow Lead Agencies to expend and account for CCDF funds in accordance with their own procedures.” In addition, ACF did not sustain the disallowance of questioned costs and stated: “Although the Department’s internal controls were lacking, the ACF has not identified any funds that were expended on ineligible activities.” The ACF recommended: “…that the Department work with the auditors to determine an appropriate methodology that can be tested to ensure child care payments comply with Federal regulations.” The Department met with ACF and SAO on November 8, 2023, to discuss the ACF decision at which time ACF upheld the above statements that the activities allowed finding was not substantiated. The Department is committed to collaborating with SAO to determine an appropriate methodology that identifies a sampling unit that can be used to accurately test compliance. The SAO maintained that the program is not auditable without child-level data. The Department does not currently have the staff and resources to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance recommended by SAO. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided to develop and maintain the business process that would allow adjustments to include child-level data beginning July 2024. The conditions noted in this finding were previously reported in findings 2022-041, 2021-033, 2020-038, 2019-035, 2018-034, 2017-024, 2016-021, 2015-023, 2014-023, 2013-016, 12-28, 11-23, 10-31, 9-12 and 8-13. Completion Date: Estimated December 2025 Agency Contact: Stefanie Niemela Audit Liaison PO Box 40970 Olympia, WA 98504-0970 (360) 725-4402 stefanie.niemela@dcyf.wa.gov

Finding: The Department of Children, Youth, and Families did not have adequate internal controls over and did not comply with requirements to ensure payments to child care providers paid with Temporary Assistance for Needy Families funds were allowable and property supported. Questioned Costs: Assistance Listing # 93.558 Amount $107,338,725 Status: Corrective action in progress Corrective Action: The Working Connections Child Care (WCCC) program was previously managed by the Department of Social and Health Services (DSHS) and the Department of Early Learning. Since the program transitioned in 2019, the Department has been making efforts to strengthen internal controls over payments to child care providers and other grant requirements. The Department implemented grant-level management of all federal funds, including the Temporary Assistance for Needy Families grant. This consisted of making significant grant level adjustments between allowable grant sources to properly spend grant dollars within the allowable period of performance and ensure level of effort and matching requirements were met. The Department’s grant adjustments were processed based on eligible clients and allowable activities. The Department does not currently have the staff to develop and maintain the business process redesign, as well as the information technology initiatives necessary to meet the level of assurance recommended by the State Auditor’s Office. In response to the auditor’s recommendations, the Department submitted a budget request for the 2024 supplemental budget. Funding was provided to develop and maintain the business process that would allow adjustments to include child-level data beginning July 2024. The conditions noted in this finding were previously reported in findings 2022-035 and 2021-028. Completion Date: Estimated December 2025 Agency Contact: Stefanie Niemela Audit Liaison PO Box 40970 Olympia, WA 98504-0970 (360) 725-4402 stefanie.niemela@dcyf.wa.gov