Corrective Action Plans

Views of Responsible Officials, Corrective Action Plans, and Contact Information The District acknowledges the need to strengthen the staff?s compliance to policies and procedures related to equipment tracking and property records. ECF is a new program and there was an urgent need for the District to provide the necessary equipment for connectivity to meet the remote learning needs of students/school staff during the COVID-19 emergency period. Beginning January 3, 2023, the District will provide additional training to staff as needed and will reiterate the policies and procedures to ensure compliance with program requirements. The District will conduct a thorough review of devices distributed to students/school staff prior to requesting any reimbursement from the program administrator to ensure compliance with the per-user limitation requirement. Name: Aaron Wai Title: Admin Services Manager, Information Technology Division E-mail: aaron.wai@lausd.net

Contact Information: Anthony Brocato Chief Financial Officer Lynn County Hospital District Audit Finding Reference Number: 2022-004 Corrective Action Plan: Management agrees with the finding. We will expand our procurement policy to include a control to verify that a vendor is not suspended or debarred from receiving federal funding as required by 2 CFR Section 180, Subpart C. The corrective action plan will be implemented by September 30, 2023.

2022-002: Internal Control over Compliance and Compliance with Activities Allowed or Unallowed and Allowable Costs/Cost Principles Contact: Karina F. Alvarez Title: Senior Director of Total Rewards Anticipated Completion Date: September 2023 Corrective Action: The Center?s is committed to ensuring the appropriate documentation is in place in order to adhere to federal regulations regarding activities allowed or unallowed and allowable costs. In response to the audit finding, the Center is taking the following corrective actions to address the audit recommendations: ? Management will review and update policies as needed to ensure employee compensation changes are documented sufficiently and verified through a quality control review; ? Implement additional functionality and security to minimize the potential for data entry error; and ? Design, develop, and implement a new Human Resource Information System (HRIS) that will provide a digital and modern platform to manage review and approval workflows surrounding compensation adjustments. Status as of February 2023: Management has informed the impacted employee and has updated their compensation documentation accordingly.

FA 2022-003 Improve Controls over Equipment Compliance Requirement: Equipment and Real Property Management Internal Control Impact: Significant Deficiency Compliance Impact: Nonmaterial Noncompliance Federal Awarding Agency: U.S. Department of Education Pass-Through Entity: Georgia Department of Education Assistance Listing Number and Title: COVID-19 - 84.425D - Elementary and Secondary School Emergency Relief Fund COVID-19 - 84.425U - American Rescue Plan Elementary and Secondary School Emergency Relief Fund Federal Award Number: S425D200012 (Year: 2020), S425D210012 (Year: 2021) S425U2120012 (Year: 2021) Questioner Costs: None Identified Description: The policies and procedures of the School District were insufficient to provide adequate internal controls over equipment and real property management as it relates to the Elementary and Secondary School Emergency Relief Fund program. Corrective Action Plans: We concur with this finding. The District is developing corrective actions to strengthen internal controls, policies, and procedures and ensure adherence through improved monitoring. Estimated Completion Date: Fiscal Year 2024 Contact Person: Dr. Myisha Warren, Executive Director of Federal Programs Telephone: 678-676-1200 Email: Myisha_Warren@dekalbschoolsga.org

FA 2022-002 Improve Controls over Indirect Costs Compliance Requirement: Activities Allowed or Unallowed Allowable Costs/Cost Principle Internal Control Impact: Significant Deficiency Compliance Impact: Nonmaterial Noncompliance Federal Awarding Agency: U.S. Department of Education Pass-Through Entity: Georgia Department of Education Assistance Listing Number and Title: COVID-19 - 84.425D - Elementary and Secondary School Emergency Relief Fund COVID-19 - 84.425U - American Rescue Plan Elementary and Secondary School Emergency Relief Fund Federal Award Number: S425D210012 (Year: 2021), S425U2120012 (Year: 2021) Questioner Costs: $559,442.53 Description: The School District charged indirect cost expenditures to the Elementary and Secondary School Emergency Relief Fund program in excess to the maximum amount allowed. Corrective Action Plans: We concur with this finding. The District is developing corrective actions to strengthen internal controls, policies, and procedures and ensure adherence through improved monitoring. Estimated Completion Date: Fiscal Year 2024 Contact Person: Dr. Myisha Warren, Executive Director of Federal Programs Telephone: 678-676-1200 Email: Myisha_Warren@dekalbschoolsga.org

FA 2022-001 Improve Budgetary Controls over Expenditures Compliance Requirement: Activities Allowed or Unallowed Allowable Costs/Cost Principle Internal Control Impact: Significant Deficiency Compliance Impact: Nonmaterial Noncompliance Federal Awarding Agency: U.S. Department of Education Pass-Through Entity: Georgia Department of Education Assistance Listing Number and Title: COVID-19 - 84.425D - Elementary and Secondary School Emergency Relief Fund Federal Award Number: S425D200012 (Year: 2020), S425D210012 (Year: 2021) Questioner Costs: $62,747.69 Description: A review of expenditures charged to the Elementary and Secondary School Emergency Relief Fund program revealed instances in which expenditures had not been properly approved by the pass-through entity. Corrective Action Plans: We concur with this finding. The District is developing correction actions to strengthen internal controls, policies, and procedures and ensure adherence through improved monitoring. Estimated Completion Date: Fiscal Year 2024 Contact Person: Dr. Myisha Warren, Executive Director of Federal Programs Telephone: 678-676-1200 Email: Myisha_Warren@dekalbschoolsga.org

Reference number ? 2021-003 Contact person ? Celia Solomita, CFO Management agrees that protocols will be implemented to ensure that all invoices are formally approved prior to payment. This will be in place prior to December 31, 2023.

Reference number ? 2022-001 Contact person ? Celia Solomita, CFO Management agrees that protocols will be implemented to ensure that all invoices are formally approved prior to payment. This will be in place prior to December 31, 2023.

The City has implemented steps to be more proactive in subrecipient monitoring and will perform additional testing to meets these requirements.

Finding 2022-04 Federal Agency Name: Department of Health and Human Services Program Name: Community Facilities Loans and Grants CFDA #10.766 Finding Summary: There was no formal review separate from the preparer performed over reconciliations of the USDA program reserve fund and there was no formal review of the balance in comparison to the required minimum reserve balance. Responsible Individuals: Mandy Robinson, Administrator and Carol Schoch, Business Office Manager Corrective Action Plan: Management will ensure formal documentation of reviews is present moving forward. Anticipated Completion Date: June 2023

Management?s Response: OFB?s current data systems for inventory (Primarius) and finance (Great Plains) do not permit the direct transfer of data, leading to a cumbersome manual process that is prone to error. OFB will work to correct this problem in the coming year by working with the owners of Primarius (version 1 and 2) on technical fixes and on upgrading the system. OFB will continue to review various options, submitting potential solutions to the auditors for review and approval until a viable solution is agreed upon. OFB is also in the process of upgrading its accounting software to Sage Intacct.

Corrective Action Plan - Finding 2022-002 We agree with the finding and observations, which are consistent with Finding 2021-002, and specifically note the following coorective actions that were implemented subsequent to June 30, 2022: - The Chief of Staff will contact the DOE to determine if past reports not filed should be submitted at this time and if reports filed with incorrect amounts should be corrected. - The Associate VP for Finance & Controller will review HEERF repoting requirements to ensure any future reporting required is submitted on a timely basis. - The Associated VP for Finance & Controller will review any future reporting for HEERF funds before submission to ensure they reconcile to the College's accounting records. Responsible Official - Gillian King, Chief of Staff Anticipated Completion Date: Completed

FINDING 2022-004 ? ELEMENTARY AND SECONDARY SCHOOL EMERGENCY RELIEF FUND DAVIS-BACON PREVAILING WAGE REQUIREMENTS Contact Person Responsible for Corrective Action: Lisa Baker, Business Manager Contact Person's Phone Number: 765-664-0624 Views of Responsible Official: There is no disagreement with the audit finding. Description of Correction Action Plan: When the school district is awarded federal funds that will be used for construction, alteration, or repair projects in excess of $2,000, the superintendent and/or business manager will notify the contractors that the project is being funded by federal funds and the requirements as outlined by the Davis-Bacon Act. In addition, the superintendent and/or the business manager will ensure that the contractors provide weekly payroll report certifications and will review the documents to ensure compliance with the wage rate requirements. Anticipated Completion Date: March 24, 2023

FINDING 2022-003 ? ELEMENTARY AND SECONDARY SCHOOL EMERGENCY RELIEF FUND REPORTING Contact Person Responsible for Corrective Action: Lisa Baker, Business Manager Contact Person's Phone Number: 765-664-0624 Views of Responsible Official: There is no disagreement with the audit finding. Description of Correction Action Plan: The recipients of the ESSER Data Reporting notice from the Indiana Department of Education, which include the director of curriculum and assessment and the business manager, will work together to ensure the data reports are properly completed, approved, and submitted by the due date. The director of curriculum and assessment will complete the reports and present them to the business manager who will review and approve the reports. The director of curriculum and assessment will submit the reports and make record of the date and time submitted. Anticipated Completion Date: March 24, 2023

Finding 2022-002 Federal Agency: U.S. Department of the Treasury Program/Cluster: Coronavirus State and Local Fiscal Recovery Funds Federal Assistance Listing Number: 21.027 Pass-through: N/A Award No. and Year: N/A Compliance Requirement: Reporting Type of Finding: Significant Deficiency Views of Responsible Officials and Corrective Action Plan: The questioned submission was reviewed multiple times, the documents were reviewed prior to the submission through meetings, confirmation emails and the saving of the reports on a shared folder. We believe these procedures were sufficient for documenting the review process taking into account that the Treasury submission system is a single submit system that lacks the maker / checker (approver) feature. We do not believe this finding is a significant deficiency as noted by the Auditors. Moving forward we will add the additional step of having the reviewer sign off on the online report (printout) prior to submission. Responsible Individual(s): Ashely Doyle, Budget Officer Anticipated Completion Date: March 15, 2023

Program Name: Education Stabilization Fund ? Assistance Listing 84.425D & 84.425U Condition: All construction contracts in excess of $2,000 awarded by non-Federal entities must include a provision for compliance with the Davis-Bacon Act as supplemented by the Department of Labor regulations. This includes a requirement for the contractor to submit to the non-Federal entity weekly, for each week in which any contract work is performed, a copy of the payroll and a statement of compliance (certified payrolls). Corrective Action Plan: Management will work with contractors to get provisions included in construction contracts in progress and ensure new contracts have required provisions and obtain certified payrolls. Person Responsible for Corrective Action: David Jones, Business Manager Anticipated Completion Date ? FY2023

For 2022, quarterly reviews were being performed; however, due to the transition in personnel in the Accounting and Finance areas, the annual review was not done. The College has updated its procedures to include a review of the annual submission similar to the current practice of reviewing the quarterly submission.

The College reported the students? status to the National Student Clearinghouse (NSC). The NSC in turn is contractually engaged by the College to update NSDLS. We will work with NSC to determine why the students? status was not updated timely and ensure that student status is accurately and timely reported to NSLDS going forward.

Condition: The Health Center?s Period 2 report to HHS included duplicate amounts for utilities expenses. Planned Corrective Action: Management will continue to refine processes to more diligently review expenses to ensure no duplicate expenses are included in the underlying supporting documentation. However, the Health Center included as eligible expenses in the Period 2 submission only those amounts up to the funding received, plus accrued interest. Had the noted questioned costs been identified prior to submission, the Health Center would have included additional amounts in the eligible expenses reported in the PRF reporting portal to demonstrate satisfactory use of the PRF funding received. The Health Center had $418,778 in additional eligible operating expenses which were not included in the Period 1 submission and $1,916,769 in additional eligible capital expenses not included in the Period 2 submission which would have been used to replace the identified questioned costs. Person Responsible: Wade Eschenbrenner, CFO Anticipated Completion Date: Ongoing

REPORTING Recommendation: We recommend the Department review the instructions for completion of the federal financial reports with training provided to the program staff preparing and reviewing the federal financial reports to ensure submitted reports are complete and timely. We recommend the Department implement effective processes and procedures to maintain the submitted reports and the documentation used to prepare the reports in the files of the Department. Corrective Action: The Department understands the issues and is taking corrective action to improve reporting. Due to the New Mexico emergent events that took place in FY22, the Department made the emergent events the Department?s priority and onboarding became a secondary focus for the Department. In FY23, the Department has shifted its priority to onboarding across the Department, and we have onboarded a Grants Unit Manager to oversee the reporting requirements of all federal grants. A procedural checklist will be implemented to ensure that: 1. the recipient share section is completed, 2. that financial reports are submitted to the Department timely, and 3. all Performance Progress Reports as submitted. Due Date of Completion: June 30, 2023 Responsible Person(s): Chief Financial Officer

CASH MANAGEMENT Recommendation: We realize the Department continues to have staff turnover. We recommend the Department review its process and implement effective policies, procedures, and controls to ensure the accounting records appropriately reflect the activity of the grant. The Department should consider efficiencies to make the process less cumbersome. While the Department has existing processes at the federal program level, there appears to be a need for higher level monitoring and reconciliation of federal program activity to ensure the completeness of federal program-level reconciliations and reimbursements. The Department should consider further contracting with an outside third party to aid in the process of performing reconciliations and billings. The deficit fund balance in the Federal Grants Fund (40280) should be reviewed and addressed. The Department should evaluate the need to obtain a deficiency appropriation or some other funding to cover this deficit. Corrective Action: The Department partially understands the issue. The Department will internally audit our expenditures to ensure that all transactions include an operating unit. The Department will also establish a checklist to include that all signatures are collected and that applicable documentation is received for reimbursement purposes. As part of our Sub Grant recipient review for Assistance Listings 97.036 and 97.067, we cannot reimburse the subrecipient until they submit applicable receipts for reimbursement and answer all requests for information as required by FEMA. Due Date of Completion: June 30, 2023 Responsible Person(s): Chief Financial Officer, Grants Unit Manager

SUBRECIPIENT MONITORING Division of Emergency Management (DEM) Assistance Listing Number 97.036, COVID-19 97.036 A new grant monitor has been hired for the recovery grants managed by DEM. The monitor has reviewed and updated the agency policies related to subrecipient monitoring and is conducting training with other program staff to ensure understanding. The Public Assistance (PA) Program in DEM has completed the Risk Assessment for 2022 using the risk assessment tool and identified the highest risk project worksheets. DEM is reviewing the municipal audits conducted by the State Auditor?s office for PA sub-recipients. DEM has developed a Monitoring Plan for the coming year and completed a calendar of upcoming monitoring visits. DEM is using the FEMA approved monitoring protocol and the subrecipient monitoring standards outlined in 2 CFR 200.303, and it is our belief that we are complying with all applicable regulations and requirements.

REPORTING Division of Emergency Management (DEM) Assistance Listing Number 97.036, COVID-19 97.036 To resolve the finding and refine our processes through our new understanding of the requirements, DEM will re-evaluate all Federal Funding Accountability and Transparency Act (FFATA) reports that have already been submitted in the FFATA Subaward Reporting System (FSRS) this year for accuracy and adherence to the requirements. Upon review, any needed corrections will be made, and the reports will be re-submitted. Further, DEM met with Public Assistance and other grant program leads to relay the newly understood expectations and to review the finding for further input and resolution. DEM will implement a procedural checkpoint between program staff and internal auditing staff to ensure that the information submitted is correct and complete. All FFATA reporting will continue to be based upon obligations and not payments, original subaward obligations will be reported within 45 days of obligation, any additional subaward obligation amendment will be reported within 45 days of obligation, all subawards reported will include a project description, and all submitted reports will have a review requiring the signature of the person submitting the report as well as one additional staff member that audits the report against the available information. These updates are expected to be completed and implemented by May 2023.

SPECIAL TEST AND PROVISIONS - ADP RISK ANALYSIS & SYSTEM SECURITY REVIEW Department of Health and Human Resources (DHHR) Assistance Listing Number 93.775, 93.777, COVID-19 93.777, 93.778, ARRA 93.778 The DHHR utilizes an external service organization for the design, development, implementation, and operation of the West Virginia Medicaid Management Information System (MMIS). The system furnishes the core MMIS functionality to support the State's Medicaid program, including maintaining provider, member/recipient, and reference/procedure code data, as well as processing and adjudication rules for claims, encounters, and prior authorizations. The system also provides configuration and system management tools to govern access to data, user security, and communications. The system is an object-oriented, rules-based software program that is designed to manage multiple lines of health care business. The system employs a unified relational database that enables efficient use of data and consistent information throughout all applications. The system includes functionality for claims processing and adjudication, provider administration, benefit plan and policy administration, member administration, and medical service authorization management. The service organization has developed a variety of policies and procedures including related control activities to help ensure their objectives are carried out and risks are mitigated. The control environment includes control objectives related to claims input (hard copy/paper claims and electronic claims); claims processing; claims payment; file maintenance (provider master file, recipient master file, and procedure codes); logical access (passwords and authentication, adding and modifying user access, terminating user access, access to privileged functions, and access review monitoring); change management; production scheduling; and backup procedures. Control activities are performed at a variety of levels throughout the organization and at various stages during the relevant business or information technology process. As expected, controls may be preventive or detective in nature and may encompass a range of manual and automated controls, including authorizations, reconciliations, and information technology controls. The service organization has a formal program in place to review and update the service organization's policies and procedures on at least an annual basis. Any changes to the policies and procedures are reviewed and approved by the service organization?s management and communicated to its employees. As indicated in the Condition section of this finding, the DHHR obtains a Service Organization Controls (SOC) 1 Type 2 report from its service organization on an annual basis. For the period ended June 30, 2022, although the DHHR did not formally document its review of the service organization?s SOC 1 Type 2 report, the DHHR did indeed review it and can hereby confirm that the service organization provided an assertion about the fairness of the presentation of the description and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives stated in the description. The service organization was responsible for preparing the description and assertion, including the completeness, accuracy, and method of presentation of the description and assertion; providing the services covered by the description; specifying the control objectives and stating them in the description; identifying the risks that threaten the achievement of the control objectives; selecting the criteria stated in the assertion; and designing, implementing, and documenting controls that are suitably designed and operating effectively to achieve the related control objectives stated in the description. The DHHR can also hereby confirm that the service organization?s service auditor conducted the examination in accordance with attestation standards established by the American Institute of Certified Public Accountants. Those standards required the service auditor to plan and perform the examination to obtain reasonable assurance about whether, in all material respects, based on the criteria in the service organization?s assertion, the description is fairly presented, and the controls were suitably designed and operating effectively to achieve the related control objectives stated in the description throughout the specified period. Finally, the DHHR can hereby confirm that in the service auditor?s opinion, in all material respects, based on the criteria described in the service organization?s assertion: 1) the description fairly presented the West Virginia MMIS that was designed and implemented throughout the period July 1, 2021 to June 30, 2022; 2) the controls related to the control objectives stated in the description were suitably designed to provide reasonable assurance that the control objectives would be achieved if the controls operated effectively throughout the period July 1, 2021 to June 30, 2022 and the subservice organizations and the user entity applied the complementary controls assumed in the design of the service organization?s controls throughout the period July 1, 2021 to June 30, 2022; and 3) the controls operated effectively to provide reasonable assurance that the control objectives stated in the description were achieved throughout the period July 1, 2021 to June 30, 2022 if the complementary subservice organizations and the user entity controls assumed in the design of the service organization?s controls operated effectively throughout the period July 1, 2021 to June 30, 2022. The DHHR is of the opinion that it is in compliance with 45 CFR 95.621 since it receives and reviews the SOC 1 Type 2 report from the service organization and since the report documents that the service organization establishes and maintains a program for conducting periodic risk analyses to ensure appropriate, cost-effective safeguards are incorporated into new and existing systems or whenever significant system changes occur. However, the DHHR recognizes the concern expressed within this finding, in that the DHHR does not include the SOC 1 Type 2 report as part of its own policies and procedures for ADP security over the MMIS. To enhance its controls, the DHHR will implement a policy and related procedures to document MMIS compliance with 45 CFR 95.621. The procedures will include but not be limited to a requirement to review and approve the SOC 1 Type 2 report from the MMIS service organization and document the review and approval process (e.g., for such matters as the service organization?s assertions, descriptions of its systems and controls, control objectives, and related controls, and the service auditor?s description of tests of controls and results). The anticipated date for implementation of the policy and related procedures is September 30, 2023, which is prior to the anticipated date for receipt of the next SOC 1 Type 2 report from the service organization.

SPECIAL TESTS AND PROVISIONS ? MANAGED CARE FINANCIAL AUDIT Department of Health and Human Resources (DHHR) Assistance Listing Number 93.775, 93.777, COVID-19 93.777, 93.778, ARRA ? 93.778 The DHHR Bureau for Medical Services (BMS) collected and reviewed the audited financial statements from the managed care organizations (MCOs); however, review and approval of the financial statements were not documented. The BMS is establishing a process to document this approval process for the next reporting period. The BMS also understands the requirements related to 42 CFR 438.602(e). These requirements became effective for contracts starting on or after July 1, 2017. The BMS acknowledges their responsibility to audit the financial and encounter data for the MCOs no less than once every three years and to post the results on the state website. The BMS has previously relied upon agreed-upon procedures engagements conducted by an independent auditor to support the accuracy, truthfulness, and completeness of the MCO reported encounter and financial data. For the reporting period ended June 30, 2022, the BMS has contracted and engaged with an MCO oversight and actuarial vendor to conduct the independent audits and post them to the state website upon completion and approval by the BMS; however, as of the date of this report, the audit has not yet been completed by the vendor. For future reporting periods, the BMS intends to retain an MCO oversight and actuarial vendor to conduct the required independent audits to ensure continued compliance with 42 CFR 438.602(e).