Corrective Action Plans

Finding 2023-005 – Special Education Cluster - Procurement and Suspension and Debarment Contact Person Responsible for Corrective Action: Matthew Parkinson, CFO Contact Phone Number: 317-869-4364 Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: MSD Warren will seek competitive quotes for these services prior to the 24-25 school year. Anticipated Completion Date: 6/30/24

Finding 2023-003 – Child Nutrition Cluster – Procurement and Suspension and Debarment Contact Person Responsible for Corrective Action: Matthew Parkinson, CFO Contact Phone Number: 317-869-4364 Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: The CFO will send a memo to all administrators identifying quote and bid thresholds. The school district will obtain at least 3 quotes or use an alternative acceptable procurement method for large purchases. Anticipated Completion Date: 6/30/24

Finding 2023-002 – Child Nutrition Cluster – Activities Allowed or Unallowed, Allowable Costs/Cost Principles Contact Person Responsible for Corrective Action: Matthew Parkinson, CFO Contact Phone Number: 317-869-4364 Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: Business Office and Payroll staff will review a Labor Distribution Report to verify that the staff is only paying appropriate personnel from the Food Service Fund. Anticipated Completion Date: 6/30/24

Views of Responsible Officials and Planned Corrective Action: Due to the health concerns of the pandemic as well as unprecedented claims volume, claimants were not required to come into a local office for identity verification, the waiting week was waived for 2020, and the requirements for work search were adjusted in order to protect employees and claimants. Before the pandemic, all claimants were required to come to the local office to verify their identity. Removing these process controls resulted in several consequences as itemized below: • By waiving the waiting week, the claimant was able to receive payment the following week. For example, a fraudster could file a claim on Friday, then receive payment on Sunday, removing the typical week that an employer would respond to validate the separation from employment. • The information mailed to the employer and claimant were not received before payments were made due to the lack of waiting week. • Businesses were closed at that time and did not respond to the unemployment paperwork timely to report fraudulent claims. • Identity theft fraudsters often changed the address of the individuals for which they had filed claims in order to prevent the victims from being notified and reporting the fraud. In 2020, the work search requirement was reinstated. In 2021, all claimants had to verify their identity in-person at the local office before the claim was opened for a regular unemployment claim. The UIdentify program was utilized for identity verification for the PUA claims filed after January 1, 2021. The waiting week was reinstated in January 2021, which lengthened the time period for employers to respond before payment was issued. In addition, Internal Audit created the Fraud Investigation Unit and hired additional staff to focus on investigating the identity theft fraud claims. When the perpetrator is identified, a determination is issued and an overpayment is established in the perpetrator’s name/SSN for collection. The NASWA Integrity Data Hub (IDH) crossmatch was implemented in July 2020 as well in an effort to identify additional fraudulent claims for investigation. ADWS was the first UI program to implement 2 projects with the Department of Labor for identity verification. One is using Login.gov and the other involves the United States Postal Service where they verify the identity of claimants for using multifactor authentication and in person presentation of ID. The Login.gov pilot started in 2022 and the USPS pilot project started in 2023. 1. The Login.gov project uses the current system that Federal agencies use to verify identity and went into service in Arkansas as of March 2022. A link is given to the claimant, when they select verify ID through login.gov and go through the steps to verify their identity through the federal government system. If they are approved, we are sent an IA2 verification to the UI processing system to allow staff to match back to the claim to prove ID verification. 2. The United States Postal Service project, implements in Arkansas March 2023, offers the claimant the same link as Login.gov, but grants the additional option to verify their identity at any US Post Office in the country. A barcode is created and must be taken with a valid government-issued ID (they are given examples) along with proof of current address to the post office in person. If they are approved, we are sent an IA2 verification to the UI processing system to allow staff to match back to the claim to prove ID verification. Anticipated Completion Date: Corrective action was taken for the ALA staff recommendations. Contact Person: Name: Sheri Rooney Title: Program Administrator Agency: Division of Workforce Services Address: 2 Capitol Mall City, State, Zip: Little Rock, AR 72201 Phone Number: 501-682-3382 Email Address: Sheri.Rooney@arkansas.gov

Views of Responsible Officials and Planned Corrective Action: Arkansas Department of Education recognizes this finding. ADE Finance understands the importance of supporting documentation for non-LEAs and has implemented a plan for FY23 communications. Furthermore, ADE Finance conducted follow-up communication with the U.S. Department of Education (ED) on March 1, 2024. It was concluded that FTE position data for non-LEAs were optional for Years 1 and 2 Annual Performance Reports per the ESSER Form Review Webinar Guidance. ADE was further instructed to omit non-LEA information from the template should it be unreasonable to provide for the FY22 reporting year in question. ADE will ensure non-LEA entities provide the requested 5.a – Full-Time Equivalent (FTE) Compliance Supplement information for supporting documentation with FY23 and subsequent Reporting Periods. Anticipated Completion Date: May 2024. ADE Finance is coordinating communication with non-Local Educational Agencies (non-LEAs) in effort to revise the data for FY22, however will omit the related data per U.S. Department of Education (ED) guidance provided on March 1, 2024, should non-LEAs be unable to provide quality data. Contact Person: Name: Amy Thomas Title: Accounting Operations Manager Agency: Arkansas Department of Education Address: Four Capitol Mall, Room 204 City, State, Zip: Little Rock, AR, 72201 Phone Number: 501-682-3636 Email Address: Amy.Thomas@ade.arkansas.gov

Views of Responsible Officials and Planned Corrective Action: ASBO has made the registration at Sam.gov part of the application process that will be handled through the subgrant portal being developed with our new grants monitoring contractor. This will now be an electronic field that will be entered by the subgrantee. The 3rd party administrator will be responsible for verifying the subgrant applicant Sam.gov registration is valid and active. Anticipated Completion Date: System anticipated go live Date: April 26, 2024 Contact Person: Name: Glen Howie Title: Director Agency: Department of Commerce, Arkansas State Broadband Office Address: 1 Commerce Way, Suite 601 City, State, Zip: Little Rock, AR 72202 Phone Number: 501-682-1123 Email Address: Glen.howie@arkansasEDC.com

Views of Responsible Officials and Planned Corrective Action: ASBO has entered a contract with a new 3rd party administrator to provide oversight for all subgrant awardees. This contact is active now. We developed our contract to ensure improved monitoring for expenditures and verification of receipts. Also, we are in the process of developing a portal which will allow this contractor and ASBO to have full access to all documents from subgrantees. Our new vendor does have prior experience with subgrants management. In addition, ASBO commits internally to the following: • We will monitor all capital purchases when the invoices are received at our office. • We will pull a random sample of five invoices per month and conduct our own review of expenses. Views of Responsible Officials and Planned Corrective Action (Continued): Highlights for the Baker contract: ASBO’s broadband grant program management vendor-partner, Michael Baker International (MBI), is contracted for the following activities and deliverables: • Developing the workflow, process, and online forms that facilitate project monitoring and expense reimbursement. • Responsible for pursuing and documenting additional information required for project monitoring and reimbursement activities. These activities shall be completed within the framework of the Broadband Grants Project Monitoring and Reimbursement System (see below for details) and not through external email or other document exchange system. • Develop and apply standardized naming conventions for all project documents that will be maintained throughout the life of the project. Documents shall be stored in a manner that promotes transparency and facilities ease of use by auditors. • Take all reasonable measures to ensure grant activities are implemented in a manner that ensures transparency, accountability, and oversight sufficient to (1) minimize the opportunity for waste, fraud, and abuse; (2) ensure that subrecipients use funds to further the objectives of Federal programs and the Arkansas State Broadband Office; and (3) allow the public to understand and monitor subgrants awarded under the program. • Ensuring all reimbursement activity complies with Federal requirements, including Section 60102 of the Infrastructure Act, 2 C.F.R. Part 200 and any supplemental guidance issued by the Federal government. • Responsible for knowing what constitutes eligible and ineligible expenses under both state and Federal rules. • Provide education and guidance to subrecipients and the ASBO on key oversight and compliance requirements. • Ensure payment activities follow all state and Federal policies and procedures. Contractor acknowledges policies may change over the life of the contract. • Identify policies the ASBO is required to adopt and assist in drafting those policies to ensure ASBO compliance with Federal regulations. • Assist the Arkansas State Broadband Office in enforcing program rules and laws and imposing penalties for nonperformance, failure to meet statutory obligations, or wasteful, fraudulent, or abusive expenditure of funds. Such penalties include, but are not limited to, imposition of additional award conditions, payment suspension, award suspension, grant termination, de-obligation/clawback of funds, and debarment of organizations and/or personnel. Views of Responsible Officials and Planned Corrective Action (Continued): • Conduct audits of subrecipients as are necessary and appropriate. Contractor shall report the results of any audits it conducts to the Arkansas State Broadband Office. • Develop a template contract for subrecipients, specifying key terms including contract length, performance standards, construction and service rollout schedules, competitive access requirements, regulatory compliance requirements, environmental controls, grant reporting and data sharing requirements, monitoring and oversight procedures, and penalties for non-compliance. • Retain and provide to the Arkansas State Broadband Office upon request all records, documents, and communications of any kind that relates in any manner to grant awards and project procurement, performance, and reimbursement. This data shall be labeled and stored in a manner that promotes transparency and facilitates ease of use by auditors. Additionally, MBI is building two new systems for ASBO and subgrantee use: 1. Broadband Grants Project Monitoring and Reimbursement System 2. Grant Application Submission, Evaluation, Award, and Appeal System These systems will have the following features: • Facilitate inputs, responses, data gathering, analysis, and adjudication decision recommendations and subsequent documentation of payment decisions for the Arkansas State Broadband Office’s final approval. • Provide a secure mechanism for grant applications and safeguard protected, proprietary, and other confidential information. • Assign a unique identifier to each application and each project. Contractor shall develop and apply a standardized naming convention to all applications and associated documents that will be maintained throughout award, technical review, project monitoring, and project closing. Documents shall be named and stored in a manner that facilitates ease of use by auditors. • System shall exhibit built-in quality controls, such as pre-screening, that assist applicants in submitting applications that meet all minimal requirements for consideration (such as requiring a SAM number). • MBI shall be responsible for pursuing and documenting additional information required for clarification of submitted applications, technical reviews of applications, and project monitoring Views of Responsible Officials and Planned Corrective Action (Continued): • and reimbursement activities. These activities shall be completed within the framework of the Grant Application Submission, Evaluation, Award, and Appeal System or the Broadband Grants Project Monitoring and Reimbursement System and not through external email or other document exchange systems. Anticipated Completion Date: System anticipated go live Date: April 26, 2024 Contact Person: Name: Glen Howie Title: Director Agency: Department of Commerce, Arkansas State Broadband Office Address: 1 Commerce Way, Suite 601 City, State, Zip: Little Rock, AR 72202 Phone Number: 501-682-1123 Email Address: Glen.howie@arkansasEDC.com

Views of Responsible Officials and Planned Corrective Action: Due to the health concerns of the pandemic as well as unprecedented claims volume, claimants were not required to come into a local office for identity verification, the waiting week was waived for 2020, and the requirements for work search were adjusted in order to protect employees and claimants. Before the pandemic, all claimants were required to come to the local office to verify their identity. Removing these process controls resulted in several consequences as itemized below: • By waiving the waiting week, the claimant was able to receive payment the following week. For example, a fraudster could file a claim on Friday, then receive payment on Sunday, removing the typical week that an employer would respond to validate the separation from employment. • The information mailed to the employer and claimant were not received before payments were made due to the lack of waiting week. • Businesses were closed at that time and did not respond to the unemployment paperwork timely to report fraudulent claims. • Identity theft fraudsters often changed the address of the individuals for which they had filed claims in order to prevent the victims from being notified and reporting the fraud. In 2020, the work search requirement was reinstated. In 2021, all claimants had to verify their identity in-person at the local office before the claim was opened for a regular unemployment claim. The UIdentify program was utilized for identity verification for the PUA claims filed after January 1, 2021. The waiting week was reinstated in January 2021, which lengthened the time period for employers to respond before payment was issued. In addition, Internal Audit created the Fraud Investigation Unit and hired additional staff to focus on investigating the identity theft fraud claims. When the perpetrator is identified, a determination is issued and an overpayment is established in the perpetrator’s name/SSN for collection. The NASWA Integrity Data Hub (IDH) crossmatch was implemented in July 2020 as well in an effort to identify additional fraudulent claims for investigation. ADWS was the first UI program to implement 2 projects with the Department of Labor for identity verification. One is using Login.gov and the other involves the United States Postal Service where they verify the identity of claimants for using multifactor authentication and in person presentation of ID. The Login.gov pilot started in 2022 and the USPS pilot project started in 2023. 1. The Login.gov project uses the current system that Federal agencies use to verify identity and went into service in Arkansas as of March 2022. A link is given to the claimant, when they select verify ID through login.gov and go through the steps to verify their identity through the federal government system. If they are approved, we are sent an IA2 verification to the UI processing system to allow staff to match back to the claim to prove ID verification. 2. The United States Postal Service project, implements in Arkansas March 2023, offers the claimant the same link as Login.gov, but grants the additional option to verify their identity at any US Post Office in the country. A barcode is created and must be taken with a valid government-issued ID (they are given examples) along with proof of current address to the post office in person. If they are approved, we are sent an IA2 verification to the UI processing system to allow staff to match back to the claim to prove ID verification. Anticipated Completion Date: Corrective action was taken for the controls the ALA staff recommended. Contact Person: Name: Sheri Rooney Title: Program Administrator Agency: Division of Workforce Services Address: 2 Capitol Mall City, State, Zip: Little Rock, AR 72201 Phone Number: 501-682-3382 Email Address: Sheri.Rooney@arkansas.gov

Views of Responsible Officials and Planned Corrective Action: Department of Human Services Response DHS concurs with the finding. The SNP database has been updated to reflect that a National Disqualified List (NDL) search was run on the 15 providers that were reviewed. The Health and Nutrition Unit for the Office of Early Childhood conducted a staff training on the written application procedure with an emphasis on performing and documenting NDL searches prior to approval of the application. (Note: Effective August 1, 2023, DHS DCCECE has transitioned to Arkansas Department of Education.) Arkansas Department of Education Response Arkansas Department of Education’s Office of Early Childhood, Health and Nutrition unit conducted training December 2023 and continues to maintain staff training on the written application procedure to ensure providers are reviewed against the National Disqualified List (NDL) database and prior to approval. Anticipated Completion Date: Department of Human Services Response Complete Arkansas Department of Education Response Continuous Contact Person: Name: Pamela Burton Title: Director, Health and Nutrition Unit, Division of Elementary and Secondary Education Agency: Arkansas Department of Education Address: 700 Main Street, Room 1216 City, State, Zip: Little Rock, AR, 72203 Phone Number: 501-320-8978 Email Address: Pamela.Burton@ade.arkansas.gov

Views of Responsible Officials and Planned Corrective Action: Department of Human Services Response DHS concurs with the finding. Specifically, the documentation provided to auditors during the audit period did not include a full review of allowable expenditures correlated to the federal draws. During the quarter, indirect costs are estimated and are then adjusted to actual indirect costs when the quarterly cost allocation report is completed. If an overpayment was identified after comparing to the cost allocation report, the next federal draw would be reduced by the overpayment. Due to the timing of the DHS Cost Allocation report and the omittance of the allowable 2022 CNP Block grant expenditures, the expenses were understated for 2023 CNP Block grant resulting in the appearance of a federal overpayment. Following the audit, it was determined DHS DCCECE staff coded 161 transactions totaling direct costs of $1,977,927.62 of allowable expenses for October 2022, November 2022, and March 2023 in the State’s accounting software, AASIS, to the 2022 CNP Block grant when only $505,835.54 federal grant funds were available. The difference of $1,472,092.08 in federal funding was properly drawn from the 2023 CNP Block grant, but AASIS error corrections were not timely submitted to the managerial accounting prior to the close of SFY2023 to ensure the proper allocation of the expenditures. The cost allocation report provided to auditors during the audit period only included the 2023 CNP Block grant AASIS coding and did not include the 2022 CNP Block grant AASIS coding of $1,472,092.08. The remaining difference of $24,186.92 is due to timing of DHS’s Cost Allocation quarterly report that became available July 20th for the June 30th 2023 CNP Block grant expenses. DHS submitted additional documentation to ALA in February 2024 accounting for all allowable expenditures. DHS Managerial Accounting staff have been provided additional cost allocation training and audit response training. Documents responsive to audit requests will be more fully reviewed prior to submission as senior finance management staffing allows. Effective August 1, 2023, DHS DCCECE has transitioned to Arkansas Department of Education (ADE). DHS will continue to work in cooperation and coordination to provide all relevant financial information, documentation, or other items necessary for the administrative functions of DCCECE so as not to disrupt any services. Arkansas Department of Education Response Arkansas Department of Education, Finance unit monitors fund balances in the States’s accounting system, AASIS, at minimum, every other day. The frequency of this process accounts for previous activity in funds or cost centers and pending activity recognized at the time of the review including, but not limited to, upcoming expenses and drawdown requests. ADE procedures ensure the finance unit closely oversees cash on hand, if any, and all necessary drawdowns are completed for immediate use. Additionally, funds associated with the Office of Early Childhood (formerly DCCECE) that were carried to ADE are shown in the cash edit table, allowing the fund to have a negative balance in the State’s accounting system, AASIS. Including funds in the cash edit table supports the agency in preventing excess drawdowns by allowing funds to be received after expenses are processed. ADE is confident this procedure ensures accurate amounts are drawn. Anticipated Completion Date: Department of Human Services Response Complete Arkansas Department of Education Response ADE Finance has implemented the named procedure and continues to monitor cash on hand closely, as the ADE Office of Early Childhood staff, (formerly DHS DCCECE), are trained in this procedure. Contact Person: Name: Misty Eubanks Title: Deputy Secretary for Operations and Budget and Interim Chief Financial Officer Agency: Department of Human Services Address: P.O. Box 1437, Slot S201 City, State, Zip: Little Rock, AR, 72203-1437 Phone Number: 501-320-6327 Email Address: misty.eubanks@dhs.arkansas.gov Name: Amy Thomas Title: Accounting Operations Manager Agency: Arkansas Department of Education Address: Four Capitol Mall, Room 204 City, State, Zip: Little Rock, AR, 72201 Phone Number: 501-682-3636 Email Address: Amy.Thomas@ade.arkansas.gov

Views of Responsible Officials and Planned Corrective Action: Department of Human Services Response DHS concurs with the finding. The Division of Childcare and Early Childhood Education (DCCECE) utilized a custom software platform to provide payment files to the State’s accounting software, AASIS, to issue payments to recipients. Within this software, the AASIS coding for Sponsor Administrative costs is coded to CNP Block Consolidated (ALN 10.555) instead of CNP CACFP Sponsor Administrative (ALN 10.558) for the questioned costs of $98,474.00. Expense error corrections were not received timely by managerial accounting staff prior to the close out of SFY2023. Effective August 1, 2023, the division formerly known as DCCECE at DHS transitioned to the Arkansas Department of Education (ADE). DHS alerted financial staff with ADE in February 2024 to review the custom software platform to ensure grant expenses are being properly coded now. Due to depleted grant funds in CNP CACFP Cash in Lieu (ALN 10.558), the questioned costs of $38,341.68 in grants funds were manually moved by DHS Managerial Accounting staff into the CNP Block Consolidated grant. Managerial accounting staff have been retrained to ensure adequate federal funds are available prior to drawing. If manual adjustments are required, the division’s CFO, or their designee, must review and approve manual adjustments prior to the managerial accounting staff executing manual adjustments. DHS Office of Finance is developing an internal control documenting the prior approval process. DHS will continue to work in cooperation and coordination with ADE to provide all relevant financial information, documentation, or other items necessary for the administrative functions of DCCECE so as not to disrupt any services. Arkansas Department of Education Response The Arkansas Department of Education, Finance unit monitors federal grant awards by using separate cost centers for each program and award year within. This process provides transparent delineation of expenses and revenues within the State’s accounting system, AASIS. Additionally, ADE Finance owns an established procedure to reconcile federal grant awards for each month, within 90 days of the month’s end. The reconciliation procedure accounts for all activity within the grants and ensures data is aligned from the federal drawdown system to the State’s accounting system, AASIS. Anticipated Completion Date: Department of Human Services Response 3/31/2024 Arkansas Department of Education Response The itemized CNP programs are reconciled using ADE procedures as of August 1,2023. ADE ensures the accuracy of data from August 1, 2023, through January 31, 2024. Contact Person: Name: Misty Eubanks Title: Deputy Secretary for Operations and Budget and Interim Chief Financial Officer Agency: Department of Human Services Address: P.O. Box 1437, Slot S201 City, State, Zip: Little Rock, AR, 72203-1437 Phone Number: 501-320-6327 Email Address: misty.eubanks@dhs.arkansas.gov Name: Amy Thomas Title: Accounting Operations Manager Agency: Arkansas Department of Education Address: Four Capitol Mall, Room 204 City, State, Zip: Little Rock, AR, 72201 Phone Number: 501-682-3636 Email Address: Amy.Thomas@ade.arkansas.gov

Contacts: Alex Antkowiak, David Kilpatrick, and Katherine Robinson Titles: VP Accounting and Senior Director, Education Programs & Productions, and Payroll Manager, respectively Anticipated Completion Date: September 2024 Corrective Action: The Center is committed to ensuring the appropriate documentation is in place to adhere to federal regulations regarding activities allowed or unallowed and allowable costs. In response to the audit finding, the Center is taking the following corrective actions to address the audit recommendations: • Accounting will convene meetings with Production and Operations Managers to communicate the Fiscal Year 2023 Federal Award Findings, study and strengthen internal controls in place, review the general criteria within 2 CFR Section 200.403 for manager awareness, and reinforce the importance of accuracy and timeliness of pay rates. • Production and Operations Managers will enact recommendations from Accounting Personnel to strengthen internal controls, proactively communicate with Unions throughout the year and prior to year-end to stay informed of any changes to rates established in Collective Bargaining Agreements and apply changes in pay rates prospectively from date of notice and retrospectively when required. • The Payroll Department, in collaboration with Accounting, will establish a schedule to sample support from managers for compliance with transparency initiatives. Status as of February 2024: The Theater for Young Audience Touring Production and Operations Manager in charge of payroll processing has updated processes to create an audit trail for pay rate calculation, update payroll submission form to include a PDF copy of the audit trail for Payroll Department’s inspection.

Finding 2023-003 – Head Start Cluster – Reporting Contact Person Responsible for Corrective Action: Brenda Overton Contact Phone Number: 574.393.5866 Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: We will ensure all required federal reports have a documented, formal review of the reports before they are submitted to ensure the information submitted is accurate Anticipated Completion Date: April 2024

Finding 2023-001 – Head Start Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles Contact Person Responsible for Corrective Action: Brenda Overton Contact Phone Number: 574.393.5866 Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: We will ensure all vouchers are reviewed by a secondary individual, all supporting backup is maintained for each claim, and all payroll amounts agree to approved contracts. Anticipated Completion Date: April 2024

U.S. Department of Agriculture 2023 - 003 Food Distribution Cluster – Assistance Listing No. 10.568, 10.569 Recommendation: We recommend that Gleaners review its process and procedures to ensure all control sign-offs are maintained on receipts. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: Management has reviewed the process and procedures with department manager and new staff. Management will follow up quarterly to verify the process is completed accordingly. Names of the contact persons responsible for corrective action: Tiffany Stead and Joseph Slater Planned completion date for corrective action plan: 10/1/2023.

Recommendation: We recommend the District design procedures and controls to ensure adequate prior approval of construction related expenditures charged to the Education Stabilization Fund program. Explanation of disagreement with audit findings: There isno disagreement with the audit finding. District Response: Name of the contact person responsible for corrective action: Ruben Hernandez, Assistant Superintendent, Business Services. Planned completion date for corrective action plan: Immediate.

Criteria: 2CFR 200.303(a) establishes that the auditee must establish and maintain effective internal control over the federal award that provides assurance that the entity is managing the federal award in compliance with federal statutes, regulations, and conditions of the federal award. Condition: The Health System’s final expenditure listing identified as eligible and claimed under the Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution program were not reviewed and approved by a separate individual outside of the preparer. In addition, the Health System’s special report submitted to the Department of Health and Human Services for Period 4 was not reviewed and approved by a separate individual outside of the preparer. Responsible Individual: Ashley Woodward, Chief Financial Officer Corrective Action Plan: Management is aware of this control deficiency. Management is reviewing its system of internal control over compliance and plans to implement a control process which includes a secondary review and approval of the summarized final expenditure listing used to claim the allowable costs under the federal program and a secondary review and approval of required reports to be submitted to the federal agency. Anticipated Completion Date: June 30, 2024

FA 2023-001 Strengthen Controls over Wage Rate Requirements Compliance Requirement: Special Tests and Provisions Internal Control Impact: Significant Deficiency Compliance Impact: Nonmaterial Noncompliance Federal Awarding Agency: U.S. Department of Education Pass-Through Entity: Georgia Department of Education Assistance Listing Number and Title: COVID-19 - 84.425U - American Rescue Plan Elementary and Secondary School Emergency Relief Fund Federal Award Number: S425U210012 (Year: 2021) Questioned Costs: None Identified Prior Year Finding: Not Applicable Description: A review of construction-related expenditures charged to the Elementary and Secondary School Emergency Relief Fund programs revealed that the School District's internal control procedures were not operating to ensure that Wage Rage Requirements were followed properly. Corrective Action Plans: The School District will review and update the current procedures to ensure that the Wage Rate requirements are met. Estimated Completion Date: June 30, 2024 Contact Person: Dr. Samuel P. Light, Superintendent Telephone: (706) 359-3742 Email: slight@lcboe.us

Action taken in response to finding: Fiscal Affairs will review reporting requirements for any funding received; communicate such requirements to the appropriate parties within the University; and coordinate with Office of Research & Sponsored Programs to ensure that the reporting requirement is met.

Corrective Action Planned: The County will implement procedures to ensure when a contractor is paid with federal funds, sam.gov will be utilized to verify the entity has not been suspended or debarred and such procedure will be adequately documented. Anticipated Completion Date: Ongoing Responsible Party: Mike Hall, Bryan Mellage, Michael Weiss, Nemaha County Board

FINDING 2023-002 Finding Subject: Child Nutrition Cluster – Internal Controls Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program Assistance Listing Numbers: 10.553, 10.555 Federal Award Number: 7350 Pass-Through Entity: Indiana Department of Education Compliance Requirements: Activities Allowed and Unallowed, Allowable Costs/Costs Principles, Special Tests and Provisions-Verification of Free and Reduced Price Applications Summary of Finding: Material Weakness Internal Controls were not implemented to prevent noncompliance related to the verification of free and reduced applications and hours and wages. A new internal control procedure will be implemented for the second review of the free and reduced applications and for the hours and wages. Repeat Finding: Prior audit finding number was 2021-002. Contact Person Responsible for Corrective Action: Tammy Achenbach Contact Information: Phone: 317-835-7461 Email: tachenbach@nwshelbyschools.org Views of Responsible Officials: Management agrees with the finding. Management will ensure proper documented review of amounts billed for personnel and for the free and reduce verification 􀀃 INDIANA STATE BOARD OF ACCOUNTS 23 First ~ Best ~ Different! 􀀃 Northwestern􀀃 Consolidated􀀃School􀀃 District􀀃of􀀃Shelby􀀃County􀀃 􀀃 4920􀀃W.􀀃600􀀃N􀀃 Fairland,􀀃IN􀀃46126􀀃 􀀃 Phone:􀀃317􀍲835􀍲7461􀀃 Fax:􀀃317􀍲835􀍲4441􀀃 􀀃 www.nwshelbyschools.org􀀃 Superintendent􀀃 Mr.􀀃Chris􀀃Hoke􀀃 􀀃 Business􀀃Manager􀀃 Mrs.􀀃Tammy􀀃Achenbach􀀃 􀀃 Technology􀀃Director􀀃 Mr.􀀃Josh􀀃Landis􀀃 􀀃 Maintenance􀀃Director􀀃 Mr.􀀃Terry􀀃Coons􀀃 􀀃 Transportation􀀃Director􀀃 Mrs.􀀃Susie􀀃Childress􀀃 􀀃 Special􀀃Education􀀃Director􀀃 Mrs.􀀃Terri􀀃Branson􀀃 􀀃􀀃 School􀀃Board􀀃 Mr.􀀃David􀀃Ploog􀀃 Mrs.􀀃Brooke􀀃Lockett􀀃 Mrs.􀀃Cressa􀀃Rund􀀃 Mr.􀀃Ken􀀃Polston􀀃 Mr.􀀃Terry􀀃Morgan􀀃 Mr.􀀃Travis􀀃Hensler􀀃 Mrs.􀀃Karen􀀃Humphreys􀀃 Cont. page 2 Description of Corrective Action Plan: Review for personnel charges: During the monthly meeting to review the FSMC invoice, along with Operations Ledger, Client P&L, Monthly Reimbursements, Invoices, USDA Reconciliation, Direct Certification, The Hours and Wages will be reviewed and approved. Free and Reduced Verification: Internal Controls for the first round of Free and Reduce Applications will be verified by the Data Controller or the Business Manager and the verification of the random testing of the verifications will be done by the Business Manager or the Deputy Treasurer. Anticipated Completion Date: The district will start the new internal control procedure March 2024 to correct for the 23-24 school year.

Assistance Listings number: 17.258 WIOA Adult Program; Assistance Listings number: 17.259 WIOA Youth Activities; and Assistance Listings number: 17.278 WIOA Dislocated Worker Formula Grants Contact Person: Jeremy Flowers, WIOA Executive Director Anticipated completion date: June 30, 2024 Concur. To help ensure the County meets the WIOA Cluster’s earmarking requirement to spend no less than 20 percent of WIOA Youth Activities funds allocated to the County to provide in-school and out-of-school youth with paid and unpaid work experiences (WEX), the County has revised its process for tracking work experience expenditures. The County will utilize the revised process and provide technical assistance to the sub-recipient, Chicanos Por La Causa (CPLC) to implement procedures that will lead to an increase in Youth enrollments and placement into WEX to ensure at least 20 percent of the WIOA Youth Activities funds allocated to the County are used to provide in-school and out-of-school youth with paid and unpaid WEX. County staff are currently working with CPLC staff to implement a different approach to attaining the WEX requirements. The recommended solutions include improved tracking and monitoring of the WIOA Youth WEX activities to include both paid and unpaid work experiences, increasing all youth outreach, partnering with other local youth programs, and enrolling youth with barriers pursuant to current policy. The County will be tracking Youth progress and will be revising strategies as needed. The County’s goal is to see a significant increase in Youth WEX program activities by the end of fiscal year 23-24.

FINDING 2023-003 Finding Subject: COVID-19 - Education Stabilization Fund - Reporting Summary of Finding: The School Corporation had not designed nor implemented a system of internal control to ensure that the six Elementary and Secondary School Emergency Relief (ESSER) annual data reports required to be filed during the audit period were complete and accurate prior to submission. The Reports were prepared by one employee without an oversight or review process in place to prevent, or detect and correct, errors. Contact Person Responsible for Corrective Action: Greg Walker, Superintendent Contact Phone Number and Email Address: 812-723-4717 and walkerg@paoli.k12.in.us Views of Responsible Officials: We concur with the finding. Description of Corrective Action Plan: The Superintendent will enter information into the annual data report required for ESSER and once completed the Corporation Treasurer will review the information entered for accuracy. The Corporation Treasurer will sign off that the information entered is correct and then the Superintendent will submit the data report. Anticipated Completion Date: Projected date of completion is April 2024.

2023-007: Special Tests & Provisions Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: Significant Deficiency in Internal Control over Compliance Other Matters Recommendation: ISU should implement procedures to ensure that enrollment data, changes in status and effective dates within NSLDS match the records of the intuition and are reported timely. We also recommend that the University implement a formal review procedure to document the review process. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: During our discussion, it became apparent that a significant portion of the findings pertaining to the Office of the Registrar stemmed from enrollment status change not being reported to NSLDS within 60 days. To remedy this, we have added three new automated enrollment uploads right after the upload of the graduation file respectively in Fall, Spring and Summer. The three automated enrollment uploads to be sent to NSLDS are scheduled as follows: 1. On February 16; 2. On June 3; 3. On September 1. Name(s) of the contact person(s) responsible for corrective action: Hala Abou Arraj, Registrar Planned completion date for corrective action plan: Implemented in February 2024

2023-006: Eligibility Federal Program Title: Student Financial Assistance Cluster Assistance Listing Number: Various Type of Finding: Material Weakness Other Matters Recommendation: ISU should evaluate its procedures around disbursement of loans and ensure that notifications of disbursements are sent and contain all of the required elements outline in the FSA handbook. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: To meet requirements outlined in 34 CFR 668.165, ISU includes information in a student’s award notification email and in their MyISU portal of pertinent Direct Loan information including their “Award Payment Schedule” and what steps to take to accept, decline or modify their award offers. Additionally, in July 2023, ISU implemented an automated email notification in our daily job scheduler, AppWorx, that is sent on each date of disbursement to student Direct Loan borrowers and parent borrowers of Direct Parent PLUS (added Feb 2024) notifying them of the disbursement and reminding them what they need to do to revise or cancel the loan disbursement. Name(s) of the contact person(s) responsible for corrective action: James Martin, Director of Financial Aid Planned completion date for corrective action plan: Implemented in December 2023.