FAC Explorer

Corrective Action Plans

Browse how organizations respond to audit findings

Total CAPs
55,616
In database
Filtered Results
8,621
Matching current filters
Showing Page
24 of 345
25 per page

Filters

Clear
Active filters: § 200.303
Finding 1179067 (2025-002)
Material Weakness 2025
Paoli Community School Corporation
IN
Procurement, Suspension & Debarment Subrecipient Monitoring School Nutrition Programs § 200.303
FINDING 2025-002 Finding Subject: Child Nutrition Cluster - Suspension and Debarment Contact Person Responsible for Corrective Action: Lisa Muth, Centralized School Lunch Treasurer and Courtney Brown, Corporation Treasurer Contact Phone Number and Email Address: 812-723-4717 and muthl@paoli.k12.in.u...
FINDING 2025-002 Finding Subject: Child Nutrition Cluster - Suspension and Debarment Contact Person Responsible for Corrective Action: Lisa Muth, Centralized School Lunch Treasurer and Courtney Brown, Corporation Treasurer Contact Phone Number and Email Address: 812-723-4717 and muthl@paoli.k12.in.us or brownc@paoli.k12.in.us Views of Responsible Officials: We concur with the finding. Description of Corrective Action Plan: The Centralized School Lunch Treasurer will ensure that all vendors are not presently suspended or debarred or otherwise excluded from or ineligible for participation in the Child Nutrition Program. The Corporation Treasurer will ensure that all documentation required for vendors is on file. Anticipated Completion Date: February 2026 INDIANA
View Audit 391501
Finding 1179032 (2025-001)
Material Weakness 2025
Vermont State Colleges
VT
Student Financial Aid § 200.303
Finding number: 2025-001 Federal agency: U.S. Department of Education Programs: Student Financial Assistance (SFA) Cluster Assistance Listing Number: 84.007, 84.033, 84.268, 84.063 Award year: 2025 Corrective Action Plan The Colleges hired a new Chief Information Security Officer (CISO), who has beg...
Finding number: 2025-001 Federal agency: U.S. Department of Education Programs: Student Financial Assistance (SFA) Cluster Assistance Listing Number: 84.007, 84.033, 84.268, 84.063 Award year: 2025 Corrective Action Plan The Colleges hired a new Chief Information Security Officer (CISO), who has begun overhauling the information security policies to reflect current practices. The CISO has also created a preliminary draft of a WISP that reflects the Colleges current policies and procedures. This WISP is expected to be completed and implemented during fiscal year 2026, pending board review and approval. Timeline for Implementation of Corrective Action Plan Immediately. Contact Person Sharron Scott, CFO
View Audit 391461
Finding 1179019 (2025-002)
Material Weakness 2025
Clatsop Community College
OR
Student Financial Aid Matching / Level of Effort / Earmarking Reporting § 200.303
Student Financial Assistance Cluster – Assistance Listing No. 84.063, 84.268, 84.007, 84.033 Recommendation: We recommend the College implement an internal control that ensures timely and accurate reporting. We also recommend the College implement changes in processes and procedures for NSLDS enroll...
Student Financial Assistance Cluster – Assistance Listing No. 84.063, 84.268, 84.007, 84.033 Recommendation: We recommend the College implement an internal control that ensures timely and accurate reporting. We also recommend the College implement changes in processes and procedures for NSLDS enrollment reporting and implement an internal control that ensures reporting is both timely and accurate. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: An Ellucian consultant provided us with customized process documentation for our new SIS (Ellucian Colleague) which is saved in a shared drive to ensure consistency in the process. The Interim Dean of Students / Financial Aid Director is currently completing the reporting with our Director of Institutional Research receiving the reports and verifying completeness through National Student Clearinghouse, ensuring that there is an internal control. Name(s) of the contact person(s) responsible for corrective action: Sarah Geleynse & Ian Wilson Planned completion date for corrective action plan: Implemented
View Audit 391428
Finding 1179015 (2025-001)
Material Weakness 2025
Clatsop Community College
OR
Student Financial Aid Matching / Level of Effort / Earmarking Internal Control / Segregation of Duties § 200.303
Student Financial Assistance Cluster – Assistance Listing No. 84.063, 84.268, 84.007, 84.033 Recommendation: We recommend the College return the funds related to unclaimed Title IV–funded checks that are older than 240 days. In addition, we recommend that the College review applicable requirements a...
Student Financial Assistance Cluster – Assistance Listing No. 84.063, 84.268, 84.007, 84.033 Recommendation: We recommend the College return the funds related to unclaimed Title IV–funded checks that are older than 240 days. In addition, we recommend that the College review applicable requirements and implement effective controls and procedures to monitor outstanding Title IV–funded checks throughout the year to ensure timely compliance. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The Business Office provides a list monthly of the uncashed financial aid checks to the Financial Aid Office. The Financial Aid Office is contacting the students to remind them to cash their checks. The funds for the uncashed checks are returned to the College after 90 days and then returned to the source of the funding. Name(s) of the contact person(s) responsible for corrective action: Margaret Antilla and Layla Solar. Planned completion date for corrective action plan: Already implemented.
View Audit 391428
Finding 1179008 (2025-005)
Material Weakness 2025
Howard Community College
MD
Special Tests & Provisions Student Financial Aid Reporting § 200.303
U.S. Department of Education 2025-005: Special Tests and Provisions - NSLDS Enrollment Reporting Student Financial Aid Cluster -Assistance Listing No. 84.063, 84.268 Condition: Enrollment status changes were either not reported to NSLDS within 60 days or did not match the College's records for a por...
U.S. Department of Education 2025-005: Special Tests and Provisions - NSLDS Enrollment Reporting Student Financial Aid Cluster -Assistance Listing No. 84.063, 84.268 Condition: Enrollment status changes were either not reported to NSLDS within 60 days or did not match the College's records for a portion of the sampled students. Recommendation: The institution should evaluate their procedures and policies related to reporting status changes and effective dates to NSLDS and enhance as deemed necessary to ensure that accurate information is reported to NSLDS. Explanation of disagreement with audit finding : There is no disagreement with the audit finding. The Institution acknowledges that while reporting was completed within a timely manner by HCC, NSC did not update within the time allotted to be compliant. HCC remains committed to continuous improvement and compliance. Action taken in response to finding: As noted in the prior year's response, the College committed to full implementation of corrective actions by June 30, 2026, aligned with the conclusion of the 2025-2026 academic year. The institution is currently and actively working on the corrective action plan previously submitted. Actions underway or in progress include: Formal clarification of interdepartmental roles and responsibilities, establishing the Records, Registration and Veteran's Affairs (RRVA) as the primary enrollment reporting authority, with defined review and compliance support from Financial Aid Services. Enhanced reconciliation and quality control procedures, including routine cross-checks between RRVA and Financial Aid Services records prior to each enrollment reporting submission. Standardized review protocols for program-level enrollment changes, including graduates, withdrawals, and subsequent reenrollments in different academic programs. Ongoing monitoring and documentation of NSC errors and warning reports, with timely resolution and escalation when discrepancies appear to originate outside of the College's student information systems. Targeted training for RRVA and Financial Aid staff on enrollment reporting regulations, NSLDS requirements, and audit-risk mitigation. The College believes these actions, coupled with existing reporting practices, sufficiently address the concerns raised and will further strengthen enrollment reporting accuracy and documentation. Full implementation of the corrective action plan remains on schedule for completion by June 30, 2026, as originally committed. Name(s) of the contact person(s) responsible for corrective action: Detra Hooper, Financial Aid Director and Jessica Peterson, Registrar Planned completion date for corrective action plan: June 30, 2026 If the U.S. Department of Education has questions regarding this plan, please call Detra Hooper, Financial Aid Servies Director at 443-518-4776.
View Audit 391418
Finding 1177958 (2025-002)
Material Weakness 2025
Anne Arundel County Board of Education
MD
Procurement, Suspension & Debarment Subrecipient Monitoring § 200.303
2025-002 Federal Agency: U.S. Department of Agriculture Federal Program Name: Child Nutrition Cluster Assistance Listing Number: 10.553, 10.555, 10.559 Federal Award Identification Number and Year: None Pass-Through Agency: Maryland State Department of Education Pass-Through Number: None Award Perio...
2025-002 Federal Agency: U.S. Department of Agriculture Federal Program Name: Child Nutrition Cluster Assistance Listing Number: 10.553, 10.555, 10.559 Federal Award Identification Number and Year: None Pass-Through Agency: Maryland State Department of Education Pass-Through Number: None Award Period: 7/1/2024 – 6/30/2025 Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matters Recommendation: CLA recommends that the Board review its policies and procedures to ensure they include the three options for determining suspension and debarment status listed in 2 CFR 180.300 and that controls are sufficient to ensure that the suspension and debarment status is verified for all vendors prior to entering into covered transactions. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: The recommendation was included in the FY2024 Single Audit Corrective Action Plan and the following course of action was described therein; The Purchasing Office had processes in place to ensure debarment status was checked before contract award. Both the contract checklist and the Qualifications Affidavit in the solicitation template contained debarment status language to ensure the necessary checks took place. Despite these processes, a contract for curriculum materials was not checked for debarment status before contract award. The cause of that oversight seems to be the different procurement processes used in instructional materials procurements. The contract was not competitively awarded, so they did not require a qualifications affidavit, which would have ensured the debarment status was checked. In this instance, a checklist was not included in the contract file as required, which would have also triggered a debarment check. In response, the Purchasing Office is adding a third layer of oversight - requiring that a revised contract affidavit is completed for every contract award. Language was added to the current contract affidavit that contains an affirmation by the contractor that they are not suspended or debarred by any government entity – local, state, and federal. To summarize, the Purchasing Office will engage one of the three processes listed below to ensure timely debarment checks are conducted on every contract, regardless of funding source. 1) Contract Checklist 2) Qualifications Affidavit 3) Contract Affidavit Contracts chosen in this FY25 sample all predate the implementation of the FY24 corrective action plan as they spanned multiple years. Debarment checks were performed for some of the contracts sampled, but the date of the printout was not legible for the audit team to review. The purchasing team will ensure that dates are legible. AACPS will continue with the process described above to ensure timely debarment checks are conducted. Name(s) of the contact person(s) responsible for corrective action: Mary Jo Childs, Director of Purchasing Planned completion date for corrective action plan: For immediate implementation and ongoing.
View Audit 391387
Finding 1177938 (2025-004)
Material Weakness 2025
Inglewood Unified School District
CA
Allowable Costs / Cost Principles Internal Control / Segregation of Duties Matching / Level of Effort / Earmarking § 200.303 § 200.430
Corrective Actions: • Reinforce expectations through additional training and support for employees and supervisors on the proper preparation and monthly submission of PAR forms. • Strengthen internal review procedures by assigning responsibility for confirming PARs are completed accurately, submitte...
Corrective Actions: • Reinforce expectations through additional training and support for employees and supervisors on the proper preparation and monthly submission of PAR forms. • Strengthen internal review procedures by assigning responsibility for confirming PARs are completed accurately, submitted on time, and signed by both the employee and the supervising administrator. • Ensure PAR documentation is consistently forwarded to Fiscal Services for timely review and any necessary adjustments so payroll charges align with the actual percentages of time worked on Title I activities. Responsible Department/Person: • Educational Services (Federal Programs/Title I) - Program Oversight • Human Resources/Payroll- Payroll Coding Support (as applicable) • Fiscal Services - Compliance Review and Adjustments • Primary Contacts: Siddhant Bhatta (Executive Director of Fiscal Services); Alma Quijas (Fiscal Compliance Manager) Anticipated Completion Date: March 31, 2026
View Audit 391316
Finding 1177929 (2025-002)
Material Weakness 2025
Washington Metropolitan Area Transit Authority
VA
Procurement, Suspension & Debarment Internal Control / Segregation of Duties Subrecipient Monitoring § 200.303
1. Finance Administration will revise P/I 9.6 to incorporate program office requirement to: - Complete SAM.gov training requirement. - Conduct a mandatory verification step requiring Confirmation in SAM.gov that all vendors and purchases are free of debarment or suspension prior to initiating any ag...
1. Finance Administration will revise P/I 9.6 to incorporate program office requirement to: - Complete SAM.gov training requirement. - Conduct a mandatory verification step requiring Confirmation in SAM.gov that all vendors and purchases are free of debarment or suspension prior to initiating any agreement - Perform quality assurance including review of contracts to verify entities are not debarred or suspended 2. Finance Administration will distribute the updated P/I to all Metro employees to ensure organization wide awareness and adherence. 3. Finance Administration will identify a tutorial video to serve as a required training.
View Audit 391314
Finding 1177914 (2025-023)
Material Weakness 2025
Commonwealth of Virginia
VA
Allowable Costs / Cost Principles Internal Control / Segregation of Duties § 200.303 § 200.430
Responsible Person(s): Dale Batten, Deputy Commissioner Rehabilitative Services; Rob Perrine, Information Security Officer Corrective Action Planned: The DARS Information Security Office and the System/Data Owner will continue to remediate the audit findings noted in the IAD audit report on the case...
Responsible Person(s): Dale Batten, Deputy Commissioner Rehabilitative Services; Rob Perrine, Information Security Officer Corrective Action Planned: The DARS Information Security Office and the System/Data Owner will continue to remediate the audit findings noted in the IAD audit report on the case management system. In addition, the ISO and System/Data Owner will continue to meet quarterly with Internal Audit to review remediation progress, address implementation challenges, and ensure corrective actions are completed in a timely manner. Estimated Completion Date: 9/30/2026
View Audit 391258
Finding 1177913 (2025-094)
Material Weakness 2025
Commonwealth of Virginia
VA
Internal Control / Segregation of Duties Subrecipient Monitoring Significant Deficiency § 200.303
Responsible Person(s): Chaye Neal-Jones, Director of Office of Enterprise Management Services; Eric Billings, Director of Grants Management Corrective Action Planned: Staff is working with DBHDS IT to ensure that ticketing workflow includes managerial approval. Additionally, system administrators ar...
Responsible Person(s): Chaye Neal-Jones, Director of Office of Enterprise Management Services; Eric Billings, Director of Grants Management Corrective Action Planned: Staff is working with DBHDS IT to ensure that ticketing workflow includes managerial approval. Additionally, system administrators are removing individuals from the system when they receive HR notification of their separation from the agency via email and the system automatically disables inactive accounts after 60 days. DBHDS is still working to develop a process for periodically reviewing the appropriateness of system users access and the activity of system administrators within the system. Estimated Completion Date: 7/1/2026
View Audit 391258
Finding 1177909 (2025-101)
Material Weakness 2025
Commonwealth of Virginia
VA
Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Person(s): Dan Lewis, Chief Technology Officer; Timothy Kelly, Innovation, Architecture and Governance Director Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE ...
Responsible Person(s): Dan Lewis, Chief Technology Officer; Timothy Kelly, Innovation, Architecture and Governance Director Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 6/15/2026
View Audit 391258
Finding 1177908 (2025-100)
Material Weakness 2025
Commonwealth of Virginia
VA
Eligibility Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Person(s): Kavansa Gardner, Business Program Manager Senior, Benefit Programs; David Carico, Business Operations Manager Corrective Action Planned: Below is the narrative for CR901 and CR902 Records Retention, including current production deployment timelines. CR901 establishes the datab...
Responsible Person(s): Kavansa Gardner, Business Program Manager Senior, Benefit Programs; David Carico, Business Operations Manager Corrective Action Planned: Below is the narrative for CR901 and CR902 Records Retention, including current production deployment timelines. CR901 establishes the database infrastructure required to support compliant records retention within case management system. This includes partition creation across 75 plus high volume tables to enable structured aging and controlled purge activity aligned to retention thresholds. Production Deployment Timeline; scheduled as part of the February 2026 technical release. This phase is foundational and will be completed before purge logic can safely execute. CR902 Retention Logic and controlled execution; CR902 operationalizes the records retention policy by implementing controlled purge jobs leveraging the partitioning framework established in CR901. This Change Request moves the solution from infrastructure readiness to active lifecycle management. Phase 1 Database partition creation (February 2026 production release schedule) Phase 2 Controlled purge implementation (March 2026 release schedule) Phase 3 Validation, audit confirmation, and reporting controls (April 2026 release schedule) Phase 4 Reoccurring operational retention cycles with documented runbooks (ongoing/living) Estimated Completion Date: 4/30/2026
View Audit 391258
Finding 1177907 (2025-093)
Material Weakness 2025
Commonwealth of Virginia
VA
Eligibility Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Person(s): Kavansa Gardner, Business Program Manager Senior, Benefit Programs; Lunita Browder-Harris, Business Operation Specialist, Business Operations Corrective Action Planned: DSS has identified critical or conflicting roles in the management system. The roles in scope have the capab...
Responsible Person(s): Kavansa Gardner, Business Program Manager Senior, Benefit Programs; Lunita Browder-Harris, Business Operation Specialist, Business Operations Corrective Action Planned: DSS has identified critical or conflicting roles in the management system. The roles in scope have the capability to perform all actions within the system, including inputting applications, determining eligibility, and authorizing benefits. DSS is in the process of implementing a procedure for reviewing and revoking conflicting roles ands privileges for all localities. DSS will work with APA to ensure adequate separation of duties is implemented within the eligibility system. Estimated Completion Date: 6/30/2026
View Audit 391258
Finding 1177906 (2025-085)
Material Weakness 2025
Commonwealth of Virginia
VA
Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Person(s): Barry Davis, Information Security Officer; John Vosper, Assistant Director Information Security and Risk Management Corrective Action Planned: DSS has contracted with two vendors to perform external IT Audits over sensitive systems. DSS is able to completed between 25-35 IT au...
Responsible Person(s): Barry Davis, Information Security Officer; John Vosper, Assistant Director Information Security and Risk Management Corrective Action Planned: DSS has contracted with two vendors to perform external IT Audits over sensitive systems. DSS is able to completed between 25-35 IT audits out of their 89 sensitive systems per year. DSS expects all IT systems will be audited by the end of 2027. A set of 31 IT Audits will be completed March 30, 2026. Estimated Completion Date: 12/31/2027
View Audit 391258
Finding 1177905 (2025-084)
Material Weakness 2025
Commonwealth of Virginia
VA
Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Person(s): Dan Lewis, Chief Technology Officer; Timothy Kelly, Innovation, Architecture and Governance Director Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE ...
Responsible Person(s): Dan Lewis, Chief Technology Officer; Timothy Kelly, Innovation, Architecture and Governance Director Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 5/29/2026
View Audit 391258
Finding 1177904 (2025-068)
Material Weakness 2025
Commonwealth of Virginia
VA
Reporting Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Person(s): Mike Jones, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awardin...
Responsible Person(s): Mike Jones, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 6/30/2026
View Audit 391258
Finding 1177903 (2025-053)
Material Weakness 2025
Commonwealth of Virginia
VA
Internal Control / Segregation of Duties Subrecipient Monitoring § 200.303
Responsible Person(s): Barry Davis, Information Security Officer; Timothy Kelly, Innovation, Architecture and Governance Director; Steve McCauley, Assistant Director Information Security and Risk Management Corrective Action Planned: DSS Information Security and Risk Management team will ensure risk...
Responsible Person(s): Barry Davis, Information Security Officer; Timothy Kelly, Innovation, Architecture and Governance Director; Steve McCauley, Assistant Director Information Security and Risk Management Corrective Action Planned: DSS Information Security and Risk Management team will ensure risk and control assessments identify and evaluate IAM focused security controls. DSS will develop and define processes and practices to collect monitor and evaluate performance metrics to ensure IAM functions are following define agency service level agreements. DSS will identify different systems and classes for IAM functions. DSS will then create a process to ensure performance metrics are identified. DSS will then implement a procedure to monitor and evaluate the performance metrics. DSS has a documented separation and offboarding process published on its Fusion employee portal. This is a multi-step manual process. DSS is developing training for supervisors and managers to ensure that they know how to navigate through the process. In addition, DSS is developing manual and automated processes to ensure compliance with the process. Estimated Completion Date: 12/30/2026
View Audit 391258
Finding 1177902 (2025-052)
Material Weakness 2025
Commonwealth of Virginia
VA
Internal Control / Segregation of Duties Significant Deficiency § 200.303
Responsible Person(s): Dan Lewis, Chief Technology Officer; Timothy Kelly, Innovation, Architecture and Governance Director Corrective Action Planned: DSS is establishing the processes and supporting system resources to ensure that DSS has an effective and compliant change management process. These ...
Responsible Person(s): Dan Lewis, Chief Technology Officer; Timothy Kelly, Innovation, Architecture and Governance Director Corrective Action Planned: DSS is establishing the processes and supporting system resources to ensure that DSS has an effective and compliant change management process. These include: completion of migrating all application to a single repository which enables change tracking and version control in development projects; use of workflows in the system to enforce delivery of required artifacts prior to change submission; changes to the Change Advisory Board process, and post-change processes to validate meeting the acceptance criteria. Estimated Completion Date: 4/30/2026
View Audit 391258
Finding 1177901 (2025-051)
Material Weakness 2025
Commonwealth of Virginia
VA
Internal Control / Segregation of Duties Significant Deficiency § 200.303
Responsible Person(s): Dan Lewis, Chief Technology Officer; Timothy Kelly, Innovation, Architecture and Governance Director Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE ...
Responsible Person(s): Dan Lewis, Chief Technology Officer; Timothy Kelly, Innovation, Architecture and Governance Director Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 3/9/2026
View Audit 391258
Finding 1177900 (2025-050)
Material Weakness 2025
Commonwealth of Virginia
VA
Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Person(s): Barry Davis, Information Security Officer; John Vosper, Assistant Director Information Security and Risk management Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective act...
Responsible Person(s): Barry Davis, Information Security Officer; John Vosper, Assistant Director Information Security and Risk management Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 12/30/2028
View Audit 391258
Finding 1177899 (2025-049)
Material Weakness 2025
Commonwealth of Virginia
VA
Internal Control / Segregation of Duties Significant Deficiency § 200.303
Responsible Person(s): Barry Davis, Information Security Officer; John Vosper, Assistant Director Information Security and Risk Management; Steve McCauley, Assistant Director Information Security and Risk Management Corrective Action Planned: DSS Information Security and Risk Management is reconcili...
Responsible Person(s): Barry Davis, Information Security Officer; John Vosper, Assistant Director Information Security and Risk Management; Steve McCauley, Assistant Director Information Security and Risk Management Corrective Action Planned: DSS Information Security and Risk Management is reconciling the system to identify security roles for each sensitive system. Estimated Completion Date: 6/30/2026
View Audit 391258
Finding 1177898 (2025-048)
Material Weakness 2025
Commonwealth of Virginia
VA
Reporting Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Person(s): Dan Lewis, Chief Technology Officer; Timothy Kelly, Innovation, Architecture and Governance Director Corrective Action Planned: DSS will follow the direction of the IAG Team to improve compliance with the security standard. IAG has created a new roadmap for remediation of rela...
Responsible Person(s): Dan Lewis, Chief Technology Officer; Timothy Kelly, Innovation, Architecture and Governance Director Corrective Action Planned: DSS will follow the direction of the IAG Team to improve compliance with the security standard. IAG has created a new roadmap for remediation of related IT security and governance findings, and the IAG director is working with the CTO, CISO and TSD leadership on defining concrete plans for remediation of all related findings. The IAG director, the CTO and the TSD leadership continue to implement and refine the division-wide process to ensure sufficient resources are available and dedicated to prioritizing and implementing the planned IT governance structure changes. Roadmap review sessions are scheduled. Remediation working sessions are in process of being scheduled. Estimated Completion Date: 3/27/2026
View Audit 391258
Finding 1177897 (2025-043)
Material Weakness 2025
Commonwealth of Virginia
VA
Internal Control / Segregation of Duties Subrecipient Monitoring Reporting § 200.303
Responsible Person(s): Steve Hanoka, Information Security Officer Corrective Action Planned: DMAS has started confirming the geographic location for sensitive data monthly and the vulnerability scans every 90 days for the one provider Medicaid management services IT Service provider. DMAS is taking ...
Responsible Person(s): Steve Hanoka, Information Security Officer Corrective Action Planned: DMAS has started confirming the geographic location for sensitive data monthly and the vulnerability scans every 90 days for the one provider Medicaid management services IT Service provider. DMAS is taking steps to ensure that this is completed for all of the service providers that are not under cloud oversight. Estimated Completion Date: 6/30/2026
View Audit 391258
Finding 1177895 (2025-014)
Material Weakness 2025
Commonwealth of Virginia
VA
Subrecipient Monitoring § 200.303 § 200.332
Responsible Person(s): Ousman Kah - Subrecipient Monitoring Coordinator Corrective Action Planned: This item can be marked as completed as the findings audit period was June 30, 2025. While all recommendations and corrective actions were initiated as of July 1, 2025, and are currently in place. The ...
Responsible Person(s): Ousman Kah - Subrecipient Monitoring Coordinator Corrective Action Planned: This item can be marked as completed as the findings audit period was June 30, 2025. While all recommendations and corrective actions were initiated as of July 1, 2025, and are currently in place. The pending Executive summary was done as of December 30, 2025. Estimated Completion Date: 12/30/2025
View Audit 391258
Finding 1177894 (2025-025)
Material Weakness 2025
Commonwealth of Virginia
VA
Procurement, Suspension & Debarment Subrecipient Monitoring Matching / Level of Effort / Earmarking § 200.303
Responsible Person(s): Ida Witherspoon, Chief Financial Officer; William Carter, Federal Reporting Manager Corrective Action Planned: Grants now uses a financial system created report to perform a perfunctory audit, matching submission data received from the various Program and Budget staff against ...
Responsible Person(s): Ida Witherspoon, Chief Financial Officer; William Carter, Federal Reporting Manager Corrective Action Planned: Grants now uses a financial system created report to perform a perfunctory audit, matching submission data received from the various Program and Budget staff against each individual upload into the federal system. Vendors are filtered by ALN by each analyst responsible for monitoring the various ALN's that make up the DSS portfolio. Once the lists are cross checked, DSS reaches out again to the sub awarding authority responsible within the agency to ask for additional FFATA information. Estimated Completion Date: 6/30/2026
View Audit 391258
« 1 22 23 25 26 345 »