Corrective Action Plans

2023-028 Department of Human Services Strengthen controls to ensure adequate supporting documentation and accuracy over reporting MANAGEMENT RESPONSE: We agree with the first recommendation. We disagree with the second recommendation. We agree with the first recommendation and will ensure adequate supporting documentation is maintained and readily available to support information reported in the RSA-911. We disagree with the second recommendation. The RSA-17 is currently reviewed by both Program Leadership as well as the ODHS Grant Accounting Manager. Certification is evidenced by the signed RSA-17. This level of review meets federal requirements. Additional review and discussion may be had as a form of best practice but should not be considered a control mechanism. The Grant Accounting Unit will highlight the certification process in the RSA-17 desk manual to delineate between control functions and best practices. Anticipated Completion Date: June 30, 2024 Contact person: Keith Ozols, Vocational Rehabilitation Services Director; Travis Labrum, Grant Accounting Manager

2023-043 Oregon Business Development Department Management should implement accounting review of quarterly reports before submitting to DAS MANAGEMENT RESPONSE: We agree with this recommendation. We agree with this finding. Business Oregon has gone through significant personnel change during the period of American Rescue Plan Act (ARPA) grant disbursements, from January 2022 to June 2023. The Chief Financial Officer, Accounting Manager, and Accountants had moved on to other state agencies. The accounting positions were left vacant for months due to challenges in timely filling these positions with the right skill sets. Although there were only a few accounting staff left when majority of the grant disbursements were made, the remaining accounting processed the disbursements with very tight deadlines. The accounting staff processed grant disbursements through appropriate internal control procedures, reviewed supporting documents for appropriate signature approval on the requests, and made accounting entries for these grant activity transactions. Below is a list of staff hire dates to illustrate the turnover we faced during this time period: • Federal Grant Accountant – November 2023 • Chief Financial Officer – October 2023 • Deputy CFO/Accounting Manager – May 2023 • Program Accountant 2 – April 2023 • Accounting Technician – April 2023 • Debt Accountant 3 – March 2023 • Program Accountant 3 – January 2023 • Program Accountant 3 – August 2022 Due to the accounting team not having enough personnel at the time to prepare reports for the DAS ARPA Grant Program Coordinator, Business Oregon program staff (not accounting staff) took the initiative to complete the reports and submitted the periodic/quarterly reports to DAS. As the Business Oregon program staff did not have access to the SFMA (state accounting system), the program staff used data from another system (Salesforce, not an accounting system) to fill the needed information for the reports. The initial reports submitted to DAS were not reviewed by accounting staff. The program staff continued to complete the reports for DAS until first quarter of 2023, until accountant positions were filled in 2023. While preparing for the FY 2023 Year-End Closing process (June 2023 to July 2023), the newly hired accountants and Deputy CFO/Accounting Manager reviewed as many FY23 financial transactions as they could and made necessary adjustments and accounting entry corrections. Reporting discrepancies were identified between department accounting records and the reports submitted by program staff to DAS/US Dept of Treasury. Business Oregon accountants worked with DAS on revising the SEFA reports and identified ARPA grant-related items that needs to be corrected. The research continued even after the fiscal year 2023 reporting has closed. A reconciliation of records between department accounting and the reports submitted to the DAS Grant program coordinator was completed in January 2024, and the Business Oregon accounting team submitted a revised FY 2023 SEFA report corrections to the DAS SARS team. Going forward, management will ensure that the completion of quarterly financial reports for grant reporting is performed and submitted by the agency’s accounting team and not program staff to ensure data comes from the accounting system with the review by an accountant or accounting manager. Anticipated Completion Date: June 30, 2024 Contact person: Imee Anderson, Chief Financial Officer; Karl Mielke, Deputy Chief Financial Officer

2023-015 Oregon Housing and Community Services Fully implement controls to ensure subrecipients are in compliance with program requirements MANAGEMENT RESPONSE: We agree with this recommendation. OHCS has hired an outside contractor to complete the requested work. Contractor was not in place in time to complete action prior to end of audit work, however work will be finalized prior to the end of the current fiscal year. Anticipated Completion Date: June 30, 2024 Contact person: Dean Criscola, Controller

Finding 2023-042 – Corrective Action Plan There is no disagreement with the audit finding. The University has enacted an Information Security Policy, “URI Information Technology Standard”, which was issued on December 6, 2023. This standard defines the minimum information security requirements for the University of Rhode Island. The full standard can be found at the following URL: https://uri0.sharepoint.com/sites/URIInformationTechnologyServicesCommunication/SitePages/ITS-Security.aspx?ga=1. Anticipated Completion Date: December 6, 2023 Contact Persons: Gabrile Fariello, Interim Chief Information Officer, University of Rhode Island gfariello@uri.edu Michael Khalfayan, Chief Information Systems Officer, University of Rhode Island mkhalfayan@uri.edu

2023-002 Special Rest; Graduation Cohort Recommendation: We recommend that the schools develop internal controls and procedures to ensure the documentation is consistently maintained to support compliance with grantor’s requirements. Action planned/taken in response to finding: 1. City Schools will draft guidance to schools reminding them of their obligation to maintain documentation for all student transfers as per the MSDE Student Records Manual, P.32. The initial guidance will remind schools that all documentation needs to be saved as part of a student’s transfer packet. For SY24-25, the guidance will be updated to instruct schools to save all transfer requests in Person Documents in Infinite Campus (IC). This will be a collaboration between the Office of Achievement and Accountability (OAA) and the Schools Office. 2. City Schools will create a new data cleansing report (DCR) to ensure that all transfer codes entered in Infinite Campus have transfer documentation uploaded to IC to support the transfer request. The above guidance will be shared with schools as part of the launch of the new DCR report in SY24-25. This will be a collaboration between OAA and the Office of Information Technology (OIT). 3. City Schools’ School Managers will monitor the new DCR to ensure schools are uploading documentation for every transfer into IC. Name(s) of the contact person(s) responsible for corrective action: Holly Bedwell (OAA) and Sabree Barnes (Schools Office) Planned completion date for corrective action plan: September 9, 2024.

2023-003 Allowable Cost- Payroll Recommendation We recommend that the schools develop internal controls and procedures to ensure the documentation is consistently maintained and readily available to support compliance with grantor’s requirements. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action planned/taken in response to finding: 1. Requirements to support documentation of payroll expenditures will be reviewed with school staff annually as part of grant support visits, resource materials provided and other technical assistance sessions. 2. As part of Spring 2024 site visits to be completed prior to June 30, 2024, Title I specialists will review with school staff requirements for documentation to support payroll expenditures using Title I funds. Documentation of stipend and temporary staff payroll will be collected and saved in the school’s grant monitoring folder. This activity will also occur in September 2024 for summer stipend/temp staff payments. 3. Charter schools utilizing Title II and/or Title IV funds will continue to participate in twice annual monitoring by the Office of Data Monitoring and Compliance to review support documentation for any stipend/temporary staff payments. 4. Schools leveraging ESSER funds in SY23/24 for stipend/temporary staff payments will be requested to upload support documentation to a district established SharePoint site prior to June 30, 2024. 5. By April 30, 2024 requirements for payroll expenditure documentation will be reviewed with district offices implementing grant funded district initiatives. These meetings include Title I, Title II, Title III, Title IV, Perkins and COVID relief grant funds. All district offices will be required to save support documentation for stipend and temporary staff payments for district level and/or district coordinated activities to a SharePoint folder to ensure accessibility for future monitoring activities. The district staff person from the Office of Data Monitoring and Compliance assigned to support the federal grant will review uploaded materials to ensure the documentation supports payroll expenditures. Name(s) of the contact person(s) responsible for corrective action: Kimberly Hoffmann Planned completion date for corrective action plan: June 2024.

Identifying Number: Finding No. 2023-003: Documentation of Internal Controls Internal Control over Compliance Material Weakness Finding: Audit procedures noted controls identified by management over material compliance requirements lacked sufficient documentation to conclude application of controls is in place. Corrective Actions Taken or Planned: Responsible Official: T.J. Snowden (Director of Financial Aid), Walter Brown (CFO) Anticipated Completion Date: 05/30/2024 View of Responsible Individuals: Management agrees with the assessment and the finding. Management will identify what controls need to be in place to ensure federal compliance requirements for Student Financial Aid are in place. These controls will include manual or electronic signoff to exhibit proper execution of controls.

This finding is related to activities on our VOCA grants. As was the case in Finding #004, the majority of the exceptions were related to either finding #2 above or were related to the process in place prior to May 2023. Again, in May 2023 FRLS added an electronic transaction approval process via teams, that documents approvals for all our AP, AR and other transactions initiated by our accounting staff. These are reviewed and approved by the CFO before being posted into the GL. It was also noted that our process of allocating costs from our overhead cost centers to our various grants, was not fully documented. The CFO will undertake a review of this process to ensure that we are in compliance with allowable cost documentation requirements. We will also review and update our documentation of allocations and ensure that each month’s allocation is properly approved. This review will be completed within the next 90 days.

The Treasurer will review both the elementary and the jr high/high school lunch and breakfast counts prior to the claims being submitted to CRRS.

Reference Number: 2023-003 Prior Year Finding: No Federal Agency: U.S. Department of Treasury Federal Program: COVID-19 – Coronavirus State and Local Fiscal Recovery Funds Assistance Listing Number: 21.027 Award Number and Year: ARP17SL1 (5/23/2021 – 12/31/2026) Compliance Requirement: Subrecipient Monitoring Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Criteria or specific requirement: Compliance: 2 CFR §200.332 - Requirements for Pass-Through Entities states, in part, that all pass-through entities must: (a) Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes information at the time of the subaward and if any of these data elements change, include the changes in subsequent subaward modification. When some of this information is not available, the pass-through entity must provide the best information available to describe the Federal award and subaward. Required information includes: i. Subrecipient name (which must match the name associated with its unique entity identifier); ii. Subrecipient's unique entity identifier; iii. Federal Award Identification Number (FAIN); iv. Federal Award Date (see the definition of Federal award date in § 200.1 of this part) of award to the recipient by the Federal agency; v. Subaward Period of Performance Start and End Date; vi. Subaward Budget Period Start and End Date; vii. Amount of Federal Funds Obligated by this action by the pass-through entity to the subrecipient; viii. Total Amount of Federal Funds Obligated to the subrecipient by the pass-through entity including the current financial obligation; ix. Total Amount of the Federal Award committed to the subrecipient by the pass-through entity; x. Federal award project description, as required to be responsive to the Federal Funding Accountability and Transparency Act (FFATA); xi. Name of Federal awarding agency, pass-through entity, and contact information for awarding official of the Pass-through entity; xii. Assistance Listings number and Title; the pass-through entity must identify the dollar amount made available under each Federal award and the Assistance Listings Number at time of disbursement; xiii. Identification of whether the award is R&D; and xiv. Indirect cost rate for the Federal award (including if the de minimis rate is charged) per section 200.414. (b) Evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring described in paragraphs (d) and (e) of this section, which may include consideration of such factors as: (1) The subrecipient's prior experience with the same or similar subawards; (2) The results of previous audits including whether or not the subrecipient receives a Single Audit in accordance with Subpart F - Audit Requirements of this part, and the extent to which the same or similar subaward has been audited as a major program; (3) Whether the subrecipient has new personnel or new or substantially changed systems; (4) The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives Federal awards directly from a Federal awarding agency). (d) Monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with Federal statutes, regulations, and the terms and conditions of the subaward; and that subaward performance goals are achieved. Passthrough entity monitoring of the subrecipient must include: (1) Reviewing financial and performance reports required by the pass-through entity. (2) Following-up and ensuring that the subrecipient takes timely and appropriate action on all deficiencies pertaining to the Federal award provided to the subrecipient from the pass-through entity detected through audits, on-site reviews, and other means. (3) Issuing a management decision for audit findings pertaining to the Federal award provided to the subrecipient from the pass-through entity as required by § 200.521 Management decision. (e) Depending upon the pass-through entity's assessment of risk posed by the subrecipient (as described in paragraph (b) of this section), the following monitoring tools may be useful for the pass-through entity to ensure proper accountability and compliance with program requirements and achievement of performance goals: (1) Providing subrecipients with training and technical assistance on program-related matters. (2) Performing on-site reviews of the subrecipient's program operations. (3) Arranging for agreed-upon-procedures engagements as described in § 200.425 Audit services. (f) Verify that every subrecipient is audited as required by Subpart F of this part when it is expected that the subrecipient's Federal awards expended during the respective fiscal year equaled or exceeded the threshold set forth in § 200.501. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non- Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Prince George’s County (the County) was unable to provide support that subawards it issued contained all required federal information nor that it properly monitored its subrecipients. Context: Five subrecipients were selected for testing, and the following exceptions were noted: For one of five subrecipients, the County did not have a subaward agreement in place with the subrecipient. As such, all required information was not furnished to the subrecipient. Five of five subaward agreements were missing the following required information: o Federal Award Identification Number (FAIN) For two of five subrecipients, the County was unable to provide support that it conducted during the award monitoring. For one of five subrecipients, the County was unable to provide support that it had verified that the subrecipients were audited as required by Subpart F. Questioned costs: Undetermined. Cause: The County did not establish effective internal controls and procedures over subrecipient monitoring. Effect: Excluding the required federal grant award information at the time of the subaward may cause subrecipients and their auditors to be uninformed about specific programs and other regulations that apply to the funds they receive. There is also the potential for subrecipients to have incomplete Schedules of Expenditures of Federal Awards (SEFA) in their Single Audit reports, and federal funds may not be properly audited at the subrecipient level in accordance with the Uniform Guidance. Not conducting during the award monitoring may result in a failure of the Division to detect that its subrecipients used subawards for unauthorized purposes, managed them in violation of the terms and conditions of the subawards, or that subaward performance goals were not achieved. Without ensuring subrecipients have obtained audits as required by Subpart F, there is an increased risk that subrecipients could be inappropriately spending and/or inaccurately tracking and reporting federal funds over multiple year periods, and these discrepancies may not be properly monitored, detected, and corrected by Division personnel on a timely basis. Recommendation: The County should review and enhance internal controls and procedures to ensure that all required information is included in all subawards, that proper subrecipient monitoring is conducted, and that evaluation of independent audits is performed. Action taken in response to findings: OCR has submitted the subaward agreement to include all required information for review and approval in SPEED. The subaward agreement is awaiting approval and will be sent to the Office of Finance in April 2024. Name of the contact person responsible for corrective action: Ameria Williams, Budget and Human Resources Manager. Planned completion date for corrective action plan: April 30, 2024. Explanation of disagreement with audit findings: There is no disagreement with the audit findings. Views of responsible officials: The Office of Community Relations (OCR) is reviewing and working to enhance internal controls and procedures to ensure all required information is included in the subaward, that proper subrecipient monitoring is conducted, and the evaluation of independent audits are performed. OCR is working with the subrecipient to gather payroll receipts and proof of the disbursement of funds to grantees selected through the RFPs managed by the subrecipient. Any questions concerning the findings or corrective action plan can be directed to Euniesha Davis, Director, OCR, at 301-952-4729.

Reference Number: Prior Year Finding: Federal Agency: Federal Program: Assistance Listing Number: Award Number and Year: Compliance Requirement: Type of Finding: Criteria or specific requirement: 2023-002 No U.S. Department of Treasury COVID-19 - Coronavirus State and Local Fiscal Recovery Funds 21.027 ARPl 7SL1 (5/23/2021 - 12/31/2026) Earmarking and Reporting Material Weakness in Internal Control Over Compliance, Material Noncompliance Compliance: Earmarking - Under Treasury's Final Rule that became effective on April 1, 2022, recipients can calculate lost revenue for the years 2020, 2021, 2022, and 2023 based on the formula provided in the Final Rule to determine the amount of State and Local Fiscal Recove1y Funds (SLFRF) that can be used for the "provision of government services." To calculate revenue loss at each of these dates, recipients must follow a four-step process which includes: a. Calculate revenues collected in the most recent full fiscal year prior to the public health emergency (i.e., last full fiscal year before January 27, 2020), called the base year revenue. b. Estimate counterfactual revenue, which is equal to the following formula, where n is the number of months elapsed since the end of the base year to the calculation date: base year revenue x (1 + growth adjustment) n/ 12. The growth adjustment is the greater of either a standard growth rate- 5 .2 percent- or the recipient's average annual revenue growth in the last full three fiscal years prior to the COVID-19 public health emergency. c. Identify actual revenue, which equals revenues collected over the twelve months immediately preceding the calculation date. d. Revenue loss for the calculation date is equal to counterfactual revenue minus actual revenue (adjusted for tax changes) for the twelve-month period. Further, the Final Rule defines the term general revenue to include revenues collected by a recipient and generated from its underlying economy and would capture a range of different types of tax revenues, as well as other types of revenue that are available to supp01t government services. In calculating revenue, recipients should sum across all revenue streams covered as general revenue. Reporting - Per 2 CFR 200.328 and 31 CFR section 35.4(c), States, territories, metropolitan cities, counties, and Tribal governments were required to submit one interim rep01t and quarterly Project and Expenditure repo1ts thereafter. A Key Line Item containing critical info1mation, as defined by Treasury, in these reports is the Revenue Replacement section. Control: Per 2 CFR section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in "Standards for Internal Control in the Federal Government" issued by the Comptroller General of the United States or the "Internal Control Integrated Framework", issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: Prince George's County (the County) did not calculate their revenue loss in accordance with the Final Rule. As a result, amounts reported under the Revenue Replacement section of the Project and Expenditure reports were inaccurate for all quarters within the fiscal year ended June 30, 2023. Context: The County used inconect base year revenues in their revenue loss calculation. Only general fund revenue was used in the calculation instead of summing across all revenue streams as defined by the Final Rule. Fmther, the County used an incorrect growth rate of 4.0% instead of 5.2% as required by the Final Rule. The Revenue Replacement section of the Project and Expenditure rep01ts were inaccurate due to these errors. Cause: The County's policies and procedures were not sufficient to ensure that their revenue loss calculation was in accordance with the Final Rule and that accurate information was reported in their Project and Expenditure reports under the Revenue Replacement section. Effect: The County was not in compliance with federal requirements, and failure to comply with those requirements could jeopardize future funding. Questioned costs: Undetermined. Recommendation: We recommend that the County revise the revenue loss calculation to be in accordance with the U.S. Treasury's guidance as outlined by the Final Rule and submit a revised Project and Expenditure report to the U.S. Treasury 's SLFRF p011al. Action taken in response to finding: The Office of Management and Budget (0MB) revised the revenue loss calculation. A revised Project and Expenditure report will be submitted by 0MB through the U.S. Treasury's SLFRF portal in April 2024. Name(s) of the contact person(s) responsible for corrective action: David Juppe Revenue and Legislation Manager. Planned completion date for corrective action plan: April 30, 2024. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Views of responsible officials: At the time that the Office of Management and Budget (0MB) calculated the revenue loss it was unclear whether it applied to only general funds or all funds. Guidance from the U.S. Treasury Department was updated frequently following enactment of the American Rescue Plan Act of 2021. Based on the finding of the audit that the revenue loss calculation is not in accord with the Final Rule, 0MB staff re-calculated the data using all funds . Any questions concerning the findings or corrective action plan can be directed to Stanley A. Earley, Director, 0MB at 301 -952-3300.

Reference Number: 2023-001 Prior Year Finding: 2022-002 Federal Agency: U.S. Department of Housing and Urban Development Federal Program: Community Development Block Grants/Entitlement Grants Assistance Listing Number: 14.218 Award Number and Year: B-19-UC-24-0002 (7/31/2019 – 9/1/2027), B-20-UC-24- 0002 (8/17/2020 – 9/1/2028), B-21-UC-24-0002 (10/27/2021 – 9/1/2029), B-22-UC-24-002 (7/1/2022 – 9/1/2029) Compliance Requirement: Reporting – Federal Funding Accountability and Transparency Act (FFATA) Type of Finding: Material Weakness in Internal Control Over Compliance, Material Noncompliance Recommendation: We recommend that the County develop internal controls and procedures to ensure that FFATA reporting requirements are met. We further recommend the County develop controls and procedures to ensure that all required subawards are reported accurately and timely to FSRS. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: DHCD will review and update procedures to ensure the department is in full compliance with the FFATA guidelines. In addition, DHCD will review all remaining balances from prior year grant awards and record the awards in FSRS. Name(s) of the contact person(s) responsible for corrective action: Edren Lewis, Chief Budget, Accounting and Loan Servicing Manager Planned completion date for corrective action plan: June 30, 2024 Any questions concerning the findings or corrective action plan can be directed to Aspasia Xypolia, Director, DHCD at 301-883- 5531.

Department of Health and Human Services Federal Financial Assistance Listing #93.498 COVID‐19 Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution Applicable Federal Award Number and Year – Period 4 TIN #370645239 Activities Allowed or Unallowed and Allowable Costs/Cost Principles Finding Summary: During our testing, there was no documentation of review and approval of the expenditure listing or lost revenue calculation. The Organization also miscalculated the portion of an expense that was reimbursed by another source.Responsible Individuals: Paul Courtney, CFO Corrective Action Plan: Management will implement internal control policies and procedures to ensure the expenditure listing and lost revenue calculation are reviewed and approved to ensure that all payments are necessary, correct, meet the requirements of the federal program, and are properly recorded in the reports required to be submitted to the federal agency. Anticipated Completion Date: June 30, 2024

Department of Health and Human Services Federal Financial Assistance Listing #93.498 COVID‐19 Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution Applicable Federal Award Number and Year – Period 4 TIN #370645239 Reporting Finding Summary: The Organization included a lost revenues in the Department of Health and Human Services (HHS) special report for Period 4 that were incorrectly calculated which caused the report to be inaccurate. Responible Individuals: Paul Courtney, CFO Corrective Action Plan: Management will enhance internal controls to ensure the lost revenue calculation reported on the HHS special report meet the requirements of the federal program. Anticipated Completion Date: June 30, 2024

Finding Number: 2023-005 Assistance Listing, Federal Agency, and Program Name 10.558, U.S. Department of Agriculture, Child Care and Adult Food Program Federal Award Identification Number and Year 15-016-271P-00 Pass through Entity Illinois State Board of Education Finding Type Material weakness Repeat Finding No Criteria Per 2 CFR 200.303(a), the nonfederal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in "Standards for Internal Control in the Federal Government," issued by the Comptroller General of the United States, or the "Internal Control Integrated Framework," issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Other requirements include: a) Per 7 CFR 226.10(c)(1), prior to submitting its consolidated monthly claim to the State agency, each sponsoring organization must perform edit checks on each facility's meal claim; per 7 CFR sections 226.16(g) and (h), a sponsoring organization must disburse advance and meal reimbursement payments to centers and day care homes under its sponsorship within five working days of receiving them from its state agency. b) Per 7 CFR 226.15(f), each sponsoring organization of day care homes shall determine which of the day care homes under its sponsorship are eligible as tier I day care homes c) Communication from the passthrough entity to return to pre COVID 19 monitoring, as required under 7 CFR 226.16(d)(4)(iii), effective October 1, 2022, where sponsoring organizations are required to perform onsite monitoring of each of its facilities three times every year, which includes requirements to ensure the amount of time between reviews does not exceed six months (unless review average is used). Condition A lack of documented controls as evidence of supervisory review and segregation of duties to ensure compliance with Federal program requirements, specifically over: a) monthly expenditure reports submitted to the passthrough entity b) tier (day care home eligibility) determinations c) subrecipient monitoring Questioned Costs None Identification of How Questioned Costs Were Computed N/A no instances of material noncompliance noted that would result in questioned costs Context a) During testing a sample of 5 monthly expenditure submissions, we noted no formally documented supervisory review in place. Additionally, during testing of 40 disbursements to providers, we noted no formally documented supervisory review to ensure disbursements to providers are made within 5 working days of receipt from the State passthrough entity. b) While gaining an understanding of controls over tier (day care home eligibility) determinations, we noted no controls established to ensure supervisory review of these determinations. c) While testing a sample 40 provider monitoring visits, we noted 3 visits without evidence of supervisory review and 6 visits where the visit was completed and validated in the software by the same individual. Additionally, we noted 16 day care homes and 2 day care centers with less than the required 3 annual on site monitoring visits for the year, and 15 day care homes and 2 day care centers where onsite monitoring performed were more than the required 6 months apart. Cause and Effect A lack of effectively designed, implemented, and operating controls in any of these areas could result in a material noncompliance with program requirements or Uniform Guidance. Recommendation We recommend management formalize documentation of a supervisory review of: a) monthly expenditure submissions before submitting to the passthrough entity, including documented supervisory controls to ensure disbursement timeliness is met within 5 working days as part of this review; b) of data used in making tier/eligibility determinations for accuracy and completeness; and c) of subrecipient monitoring. Additionally, we recommend management work with its passthrough entities to confirm compliance requirements, especially when compliance requirements change as the result of ending or expiring waivers and flexibilities. Planned Corrective Action Plan –Organization will document process that is used for second review of the monthly expenditure submissions by 04/30/2024. There are no instances of the Organization not providing funds to provider within the mandated 5 days, however, the Organization will document the process for provider payments within 5 days by 04/30/2024. The software required to be used by the funder for management of the program does have limitations on how the data input for making tier/eligibility determinations second review is documented. Organization will design process to document this second review has occurred by 04/30/2024. Staffing shortages coming out the COVID-19 waivers resulted in the inability to perform all required Subrecipient monitoring. This staffing shortage was rectified by 08/31/2023. Contact person responsible for corrective action: Loukisha Pennex, Chief of Youth and Family Potential, Anjanette Brown, CFO and Teresa Rodriguez, Senior Director of Grants and Contracts. Anticipated Completion Date: April 2024

FINDING 2023-008 Compliance Requirement(s): COVID-19 - Education Stabilization Fund - Wage Rate Requirements Audit Findings: Material Weakness, Modified Opinion Summary of Finding: Construction contracts in excess of $2,000 financed by federal assistance funds must pay wages not less than those established for the locality of the project (prevailing wage rates) by the Department of Labor (DOL) to their laborers and mechanics. Nonfederal entities are to include in their construction contracts subject to the Wage Rate Requirements a provision that the contractor or subcontractor comply with these requirements and the DOL regulations. This would include a requirement to submit a copy of the payroll and statement of compliance to the entity for each week in which contract work was performed. The School Corporation had not designed nor implemented a system of internal controls to ensure that construction contracts in excess of $2,000 paid from federal grant funds included a prevailing wage rate clause. Seven construction contracts, totaling $103,163, were paid for with Education Stabilization Fund award during the audit period. All seven contracts were selected for testing. None of the contracts included the required prevailing wage rate clause nor were the associated certified payrolls and statements of compliance obtained. Views of Responsible Officials: We Concur with this finding. Description of Corrective Action Plan: For construction processes that involve federal funds and cost over $2000, we will get contacts /bids for work that require the Davis Bacon Act to be followed in terms of Wage Rate Requirements and that they provide us with certified payrolls of compliance. Anticipated Completion Date: Immediately

FINDING 2023-007 Compliance Requirement(s): Non-Profit School Food Service Accounts Audit Findings: Material Weakness, Other Matters Summary of Finding: There was no documented control in place over the receipt of monthly meal reimbursements. One individual received notification of deposit, received funds into accounting software, and prepared bank reconciliations. There was no documented review of the receipt of monthly meal reimbursements by a second individual not involved in the original receipt process. Views of Responsible Officials: We Concur with this finding. Description of Corrective Action Plan: The Business Manager and Cafeteria Manager will meet monthly to review the deposit statement from the bank to verify all deposits are accurate and accounted for the Food Service Fund. The bank statement will be initialed by both parties and retained on file in the business office. Anticipated Completion Date: Immediately

FINDING 2023-006 Compliance Requirement(s): Reporting Audit Findings: Material Weakness, Other Matters Summary of Finding: An effective internal control system, which would include segregation of duties, was not in place at the School Corporation in order to ensure compliance with requirements related to the grant agreement and the following compliance requirements: Reporting There was no documented control in place over the review of monthly reimbursement claims. Claims were prepared and submitted by one individual without documentation that they were being reviewed by a second person not involved in the original process. The lack of controls resulted in overstatements in the number of meal counts used for reimbursement purposes when compared to School Corporation supporting documentation. Views of Responsible Officials: We Concur with this finding. Description of Corrective Action Plan: The food service director will enter the claims into CNPWeb Claim reimbursement site using the information from the Point of Sale system reports for reimbursable meals. The Business Manager will then confirm the meal counts before submitting the Claims. The FSMC food service director meets with the Superintendent monthly to review all claims and food service financials. A meeting agenda will be signed by all parties involved and retained on file in the business office. Anticipated Completion Date: Immediately

FINDING 2023-005 Compliance Requirement(s): Allowable Activities, Allowable Costs / Cost Principles Audit Findings: Material Weakness, Other Matters Summary of Finding: An effective internal control system, which would include segregation of duties, was not in place at the School Corporation in order to ensure compliance with requirements related to the grant agreement and the following compliance requirements: Allowable Activities, Allowable Costs / Cost Principles The School Corporation paid trash removal services from the School Lunch fund without a methodology or supporting documentation for the amount charged. Without a reasonable methodology for the expenses paid, the amount was considered a questioned cost. The total amount charged to the School Lunch fund was $15,448. Internal controls over vendor disbursements were in place but were not operating effectively during the audit period. Additionally, there was no documentation indicating that payroll disbursements were reviewed or approved by a second individual not involved in the original payroll process. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Views of Responsible Officials: We Concur with this finding. Description of Corrective Action Plan: The School will start to divide trash removal services between cafeteria accounts and building accounts when being paid monthly. Verification of percentage coming from each account will be discussed. Internal controls will be put in place to document that payroll disbursements are being reviewed by a second individual. Payroll disbursement reports will be presented to the correct central office employee. Anticipated Completion Date: Immediately

FINDING 2023-004 Compliance Requirement(s): Reporting Audit Finding(s): Material Weakness and Other Matters Summary of Finding: An effective internal control system, which would include segregation of duties, was not in place at the School Corporation in order to ensure compliance with requirements related to the grant agreement and the following compliance requirements: Reporting The Unit has not separated incompatible activities within the managing of the federal award programs. The failure to establish these controls could enable material misstatements and noncompliance to be undetected. Management reviews award agreements, contracts and DOE reporting dates and requirements and submits the Annual report to IDOE. Management reviews report for accuracy between the Treasurer and Grant Manager (Asst. Superintendent). A second approval could not be verified. Segregation of duties during the process of entering, approving, and submitting the Annual Reports failed. Views of Responsible Officials: We Concur with this finding. Description of Corrective Action Plan: In the future, the Required DOE Reports will be prepared by the assistant superintendent, who oversees all grant management. Then, the Business Manager will review the prepared reports; upon review, both the business manager and the assistant superintendent will sign/initial the signifying their review of the documents. The report will also be shared with the Superintendent, who will sign off as well. Anticipated Completion Date: Effective Immediately

FINDING 2023-003 Compliance Requirement(s): Equipment and Real Property Management Audit Findings: Material Weakness, Other Matters Summary of Finding: An effective internal control system, which would include segregation of duties, was not in place at the School Corporation in order to ensure compliance with requirements related to the grant agreement and the following compliance requirements: Equipment and Real Property Management The Unit did not have an internal control system and procedures in place to ensure property records are properly maintained, and include all the required information. The property records do not contain the following information about the equipment: description (including serial number or other identification number), source of funding for the property (including the federal award identification number), who holds title, the acquisition date, cost of the property, percentage of federal participation in the project costs for the federal award under which the property was acquired, location, use and condition of the property, and any ultimate disposition data including the date of disposal and sales price of the property (2 CFR 200.313(d)(1)). A physical inventory of equipment was not performed at least once within the last 2 years. The Unit did not have an internal control system and procedures in place to ensure equipment is appropriately safeguarded and maintained. Views of Responsible Officials: We Concur with this finding. Description of Corrective Action Plan: Internal controls will be put in place to ensure property records contain proper information about the equipment. The grant manager and treasurer will work on the documentation as equipment meeting requirements is ordered to ensure updated records. We will also contract another outside entity to do biannual updates of our capital assets. Anticipated Completion Date: Immediately

The migration to a new general ledger financial reporting system is an isolated incident and given the improved reporting capabilities the change in product provided a positive impact. UWGC experienced turnover for the program manager position that created a learning curve that was addressed but resulted in audit completion delay. UWGC has an experienced manager currently overseeing the program who will follow policies and procedures as prescribed and on a timely basis to allow for prompt reporting submission.

Finding Number: 2023-010 Federal Program: 21.023, US Department of Treasury, COVID-19 – Emergency Rental Assistance Condition Per Auditor: The County’s controls over general ledger to Schedule of Expenditures of Federal Awards (“SEFA”) and beneficiary payment database reconciliation did not identify several adjustments that were needed to both the general ledger and the SEFA. Planned Corrective Action: Management will update processes and controls to ensure completeness of grant activity is received for review and reconciliation. Anticipated Completion Date: 6/30/25 Responsible Contact Person: Shauntika Bullard

Federal Award Findings and Questioned Costs Finding 2023-001 Federal Agency Name: Department of Health and Human Services Assistance Listing Number: 93.498 Program Name: Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution Initial Fiscal Year Finding Occurred: 2023 Finding Summary: The District did not reduce expenses by amounts reimbursed by other sources related to cost-based reimbursement, as some costs incurred in providing services to the Medicare population are reimbursed. The amount of questionable costs not reduced for Medicare reimbursement total $369,475. However, the District had unreimbursed expenses identified on the HRSA Period 4 report as well as additional payroll in excess of what was reported: Additional ARP RURAL Personnel Expenses reduced for amounts reimbursed by other sources Q4 (2022) $45,337 Additional ARP RURAL Fringe Benefit Expenses reduced for amounts reimbursed by other sources Q4 (2022) $10,820 Unreimbursed Expenditures attributed to COVID-19 (reported on Period 4 Report) reduced for amounts reimbursed by other sources $9,122 TOTAL UNREIMBURSED EXPENDITURES $65,279 The District would appreciate consideration of the $65,279 unreimbursed expenses in determining the amount owed back for unspent funding so as to reduce the amount to be paid back to HRSA to $304,196. Corrective Action Plan: The District will enhance internal control practices to ensure expenses are reviewed for reimbursement from other sources and meet the requirements of the federal program. To ensure that expenses are reduced for amounts reimbursed by other sources, the District will incorporate a cost ratio calculation in their process of computing allowable expenses for federal funding programs. Responsible Individuals: Catherine White, Chief Financial Officer and Pennie Peasley, Accounting Manager Anticipated Completion Date: April 1, 2024

Finding 2023-001: Subrecipient Monitoring Audit Finding: In testing compliance over subrecipient monitoring, we noted the Fund does not have a subrecipient monitoring policy in place that fully conforms with the requirements of Title 2 CFR 200.332. Corrective Action Plan: The Conservation Fund is committed to sound and compliant policies and procedures for the administration of subawards. While the Fund’s current practice includes steps to screen subrecipients and monitor their performance, the Fund agrees its subrecipient monitoring procedures should be formalized and strengthened. Accordingly, a formal policy will be adopted by June 2024 which fully conforms with the requirements of the Uniform Guidance. In addition, this policy will incorporate procedures for ensuring appropriate reporting of subawards under the Federal Funding Accountability and Transparency Act. Person(s) responsible for implementation of the corrective action plan: Monica A. Garrison, Senior Vice President Finance & Treasurer. Hillina Fetehawoke, Director of Accounting & Financial Reporting. Anticipated completion date: June 2024