FAC Explorer

Corrective Action Plans

Browse how organizations respond to audit findings

Total CAPs
48,660
In database
Filtered Results
7,441
Matching current filters
Showing Page
69 of 298
25 per page

Filters

Clear
Active filters: § 200.303
Finding 526403 (2024-002)
Material Weakness 2024
Charles A. Beard Memorial School Corporation
IN
Internal Control / Segregation of Duties Subrecipient Monitoring Material Weakness § 200.302 § 200.303 § 200.328
Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: This is isolated to FY23 reporting. Internal controls over ESSER reporting were not implemented by previous business office personnel. Corrective action involves the Treasurer preparing the reporting, r...
Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: This is isolated to FY23 reporting. Internal controls over ESSER reporting were not implemented by previous business office personnel. Corrective action involves the Treasurer preparing the reporting, reviewing the reports with the Superintendent, and confirming accuracy before submitting to the Department of Education. The approval is documented. This was implemented for Year 4 reporting submitted April 23, 2024. Completion Date: 4/23/2024
View Audit 345329
Finding 526382 (2024-002)
Significant Deficiency 2024
Vigo County School Corporation
IN
Subrecipient Monitoring Special Tests & Provisions Matching / Level of Effort / Earmarking § 200.303 § 200.333 § 200.334
Contact Person Responsible for Corrective Action: Dr. Tammy Rowshandel, Chief Accountability Officer Contact Phone Number: 812-462-4224 Views of Responsible Official: The School Corporation's management will establish an effective system of internal control to ensure compliance and comply with the g...
Contact Person Responsible for Corrective Action: Dr. Tammy Rowshandel, Chief Accountability Officer Contact Phone Number: 812-462-4224 Views of Responsible Official: The School Corporation's management will establish an effective system of internal control to ensure compliance and comply with the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. Description of Corrective Action Plan: A system will be put in place that ensures compliance with the Special Tests and Provisions-Annual Report Card, High School Graduation Rate requirements. Records will be retained for audit so that appropriate documentation is available to substantiate all future reporting. Building registrars will enter state exit codes for students and upload documentation to substantiate the exit codes that are chosen. Once the documents are uploaded, the registrars will place the word “AUDIT” in the withdrawal comments. This indicates the exit is now audit ready. Schools will conduct regular internal cohort audits. Comparisons of IDOE cohort data and withdrawal information in Skyward will be done. The registrar, assistant principal, and data counselor in each building will work together to check the original uploads of documentation done by the registrar and keep record of this work. One final internal audit will take place at the school level by head counselors and assistant principals to indicate all graduates are correctly identified and all exits have proper documentation on file. The CFO and superintendent will digitally sign off on these records during IDOE July certification. Anticipated Completion Date: March 1, 2025
View Audit 345306
Finding 526381 (2024-003)
Material Weakness 2024
Fairfield Community Schools
IN
Matching / Level of Effort / Earmarking Special Tests & Provisions Subrecipient Monitoring § 200.303
Subject: Education Stabilization Fund – Special Tests and Provisions - Wage Rate Requirements Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listing Number: 84.425D Federal Award Numbers: S425D210013 Pass-Through Entity: Indiana Department...
Subject: Education Stabilization Fund – Special Tests and Provisions - Wage Rate Requirements Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listing Number: 84.425D Federal Award Numbers: S425D210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Special Tests and Provisions - Wage Rate Requirements Audit Findings: Material Weakness Condition: An effective internal control system was not in place at the School Corporation in order to ensure compliance with requirements related to the grant agreement and the Special Tests and Provisions – Wage Rate Requirements compliance requirements. The School Corporation did not include Davis Bacon wage rate requirements in its contract with vendor which includes labor installation. The School Corporation did not obtain the weekly payroll reports certifications from vendor installing equipment. Context: The School Corporation had one project during the audit period which included labor installation costs which were charged to the ESSER II (84.425D) grant award. For the vendor selected for testing, the School Corporation did not include federal wage rate requirement clauses in the contract with the vendor and did not have an internal control designed to collect the weekly payroll reports certifications from vendors and its subcontractors, as applicable, to comply with Davis Bacon wage rate requirements. The amount disbursed for the project during the audit period which includes material and labor totaled $94,444. Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: Management will ensure all federal funded renovation, remodeling, or construction projects anticipated to incur labor costs greater than $2,000 include a signed contract containing a Davis-Bacon wage rate provision and will monitor the vendor to ensure compliance with certified payroll reporting requirements. Responsible Party and Timeline for Completion: Effective immediately for any future projects.
View Audit 345299
Finding 526376 (2024-001)
Material Weakness 2024
Fairfield Community Schools
IN
School Nutrition Programs Internal Control / Segregation of Duties Eligibility § 200.303
Subject: Child Nutrition Cluster - Internal Controls Federal Agency: Department of Agriculture Federal Program: School Breakfast Program, National School Lunch Program Assistance Listing Number: 10.553, 10.555 Federal Award Numbers and Years (or Other Identifying Numbers): FY 22-23, FY 23-24 Pass-Th...
Subject: Child Nutrition Cluster - Internal Controls Federal Agency: Department of Agriculture Federal Program: School Breakfast Program, National School Lunch Program Assistance Listing Number: 10.553, 10.555 Federal Award Numbers and Years (or Other Identifying Numbers): FY 22-23, FY 23-24 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Eligibility Audit Finding: Material Weakness Condition: An effective internal control system was not in place at the School Corporation in order to ensure compliance with requirements related to the grant agreement and the eligibility compliance requirement. Context: The School Corporation’s internal controls over eligibility included an annual approval of the food service software’s eligibility guidelines and also a documented review of individual meal applications by Food Service Department staff. During testing of eligibility, we noted 7 applications, out of 60 total students tested for the audit period, that did not have a timely, documented review by Food Service Department staff. The lack of review was isolated to fiscal year 2023. Additionally, there was no documented annual review by School Corporation personnel of the fiscal year 2024 income eligibility guidelines used by the food service software. Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: Management will ensure all applications for free/reduced meals have a formally documented dual review. Management will also ensure that income thresholds in the student meal system are reviewed annually. Responsible Party and Timeline for Completion: Effective immediately, we have implemented procedures that Amanda Bilbrey, Food Service Assistant will periodically throughout the school year verify that all free & reduced applications are properly reviewed. Attached is the 2024-2025 meal Income Eligibility Guidelines and Titan student meal system printout of meal pricing, that has been reviewed.
View Audit 345299
Finding 526371 (2024-001)
Material Weakness 2024
Tri-Central Community Schools
IN
School Nutrition Programs Internal Control / Segregation of Duties Eligibility § 200.303
Context: During sample testing of 60 students for eligibility, we noted 3 instances where there was no documented review by someone other than the individual making the eligibility determination. The lack of review was isolated to paper applications. Contact Person Responsible for Corrective Action:...
Context: During sample testing of 60 students for eligibility, we noted 3 instances where there was no documented review by someone other than the individual making the eligibility determination. The lack of review was isolated to paper applications. Contact Person Responsible for Corrective Action: Tami Wyant, FSD Contact Phone Number: (765) 963-2560 Ext: 1172 Views of Responsible Official: We concur with the finding. Description of Corrective Action Plan: Prior the start of each school year, the FSD will verify within Skyward Food Service Management System that the eligibility guidelines that have been loaded for use in determining free & reduced lunch status are correct according to the published guidelines. During the eligibility review of applications, the Food Service Director will provide the first review to make her initial determination and the applications will have a second review done by the Asst. Food Service Director, who will put her initials on the paper applications as proof of review. For any online applications that are submitted during the school year the FSD will review online and then push the applications onward within Skyward for final processing since the guidelines have already been verified prior to the start of the school year. The FSD will keep a printed copy of the guidelines loaded in Skyward and the Assistant FSD will verify and initial as a second review and keep on file for audit purposes. Anticipated Completion Date: All paper applications that have been received since the start of the school year, 2024-25, will have a second review done and so noted by the reviewer’s initials. Moving forward, all applications received, whether in paper format or online submission, will have the review done prior to approval. Applications are received throughout the year, so action to remedy this situation will take place immediately for any new applications received.
View Audit 345288
Finding 526368 (2024-004)
Material Weakness 2024
North Vermillion Community School Corporation
IN
Internal Control / Segregation of Duties Material Weakness Reporting § 200.302 § 200.303 § 200.328
Context: The School Corporation was required to submit two Annual Data Reports to the Indiana Department of Education (IDOE) during the audit period to meet federal reporting requirements for ESSER grant awards. We noted that the ESSER I and ESSER II amounts reported for the reports covering the FY2...
Context: The School Corporation was required to submit two Annual Data Reports to the Indiana Department of Education (IDOE) during the audit period to meet federal reporting requirements for ESSER grant awards. We noted that the ESSER I and ESSER II amounts reported for the reports covering the FY22 time period ($90,217 and $238,439, respectively) did not agree to the underlying expenditure records ($81,958 and $400,439 respectively, for the period of July 1, 2021 through June 30, 2022). Contact Person Responsible for Corrective Action: Michele Harrison/ Corporation treasurer Brian Byrum I Superintendent Contact Phone Number: M. Harrison:765-492-5101 B. Byrum: 765-492-5102 Views of Responsible Official: We concur with the finding. De cription of Corrective Acti0n Pl an: Our management team noted that the ESSER 1 and ESSR II spreadsheet submitted to the state was incorrect; however, the actual expenditures were correct every month. The spreadsheet was corrected in the following annual submission to the DOE (which is outside this audit window). The next Audit will show the corrected spreadsheet for ESSER I and ESSER II. It is also noted that the management team will implement more internal controls with regard to the preparer and reviewer being different personnel. For year 5 collection, the corporation treasurer will provide the expenditure reports, an outside consultant will prepare the spreadsheet, and have the current superintendent review before submitting. Anticipated Completion Date: 3/7/2025
View Audit 345287
Finding 526366 (2024-003)
Material Weakness 2024
North Vermillion Community School Corporation
IN
Internal Control / Segregation of Duties Allowable Costs / Cost Principles Material Weakness § 200.303
Context: We noted there was no secondary, documented formal review for the seven sample accounts payable vouchers. All the payroll vouchers selected were properly reviewed. Contact Person Responsible for Corrective Action: Michele Harrison/ Corporation treasurer Brian Byrum / Superintendent Contact ...
Context: We noted there was no secondary, documented formal review for the seven sample accounts payable vouchers. All the payroll vouchers selected were properly reviewed. Contact Person Responsible for Corrective Action: Michele Harrison/ Corporation treasurer Brian Byrum / Superintendent Contact Phone Number: M. Harrison:765-492-5101 B. Byrum: 765-492-5102 Views of Re ponsible Official: We concur with the finding. Description of Corrective Action Plan: Prior to printing accounts payable checks, the corporation treasurer prints the AP voucher register for the superintendent to review and sign. After this internal control, the treasurer processes the checks. Once checks are printed, the voucher is paired with the invoice, initialled by the corporation treasurer and signed by the superintendent. Anticipated Completion Date: 3/7/2025
View Audit 345287
Finding 526363 (2024-002)
Material Weakness 2024
North Vermillion Community School Corporation
IN
School Nutrition Programs Internal Control / Segregation of Duties Allowable Costs / Cost Principles § 200.303
Context: During testing over controls for eligibility, we noted there was no formal, secondary review for the applications entered in the food service software determining eligibility. Additionally, there was no documented annual review by School Corporation personnel of the income eligibility guide...
Context: During testing over controls for eligibility, we noted there was no formal, secondary review for the applications entered in the food service software determining eligibility. Additionally, there was no documented annual review by School Corporation personnel of the income eligibility guidelines used by the food service software. Contact Person Responsible for Corrective Action: Michele Harrison/ Corporation treasurer Brian Byrum / Superintendent Contact Phone Number: M. Harrison:765-492-5101 B. Byrum: 765-492-5102 Views of Responsible Officia.l : We concur with the finding. Description of Corrective Action Plan: Prior to printing accounts payable checks, the corporation treasurer prints the AP voucher register for the superintendent to review and sign. After this internal control, the treasurer processes the checks. Once checks are printed, the voucher is paired with the invoice, initialled by the corporation treasurer and signed by the superintendent. Anticipated Completion Date: 3/7/2025
View Audit 345287
Finding 526361 (2024-002)
Material Weakness 2024
Fremont Community Schools
IN
Matching / Level of Effort / Earmarking Special Tests & Provisions Subrecipient Monitoring § 200.303
See attached letter that was sent to the DOE on 2/25/25 along with the approval email and documents from DOE. During ESSER II Constmction we had several companies work on projects at Fremont Community Schools. To no one's fault but my own, the Davis-Bacon requirements wore not fully communicated to ...
See attached letter that was sent to the DOE on 2/25/25 along with the approval email and documents from DOE. During ESSER II Constmction we had several companies work on projects at Fremont Community Schools. To no one's fault but my own, the Davis-Bacon requirements wore not fully communicated to these companies. One company that did work for us could not respond with a positive affirmation on Davis-Bacon. Their response is as follows: "We will not be able tQ v.rovide a letter stating we paid our employees a Prevailing Wage (pr work completed at Fremont Community Schools. We do not have any proposals or signed contracts stating these iobs were Prevailing Wage. As such, our employees were not p_aid a Prevailing Wage when working on these proiects. •~ I (Dr. William Stitt) have watched the webinar regarding Davis-Bacon requirements provided by the U.S. Department of Education (USDE) and U.S. Department of Labor (DO1). I have also read through the questions and responses for the December 7, 2023 webinar. I attest that I and Fremont Community Schools commit that applicable Davis-Bacon requfrements will be utilized on any future construction, or construction related, activities using $2,000 or greater of Federal grant funds and will follow Davis-Bacon requirements.
View Audit 345281
Finding 526306 (2024-001)
Material Weakness 2024
Greenwood Community School Corporation
IN
Procurement, Suspension & Debarment Subrecipient Monitoring School Nutrition Programs § 200.303
FINDING 2024-001 (Auditor Assigned Reference Number) Finding Subject: Child Nutrition Cluster Summary of Finding: Lack of an internal control system to ensure compliance with the Suspension and Debarment requirements for contractors and subrecipients Contact Person Responsible for Corrective Action:...
FINDING 2024-001 (Auditor Assigned Reference Number) Finding Subject: Child Nutrition Cluster Summary of Finding: Lack of an internal control system to ensure compliance with the Suspension and Debarment requirements for contractors and subrecipients Contact Person Responsible for Corrective Action: Katy Dowling Contact Phone Number and Email Address: 317-889-4060 and kdowling@gws.k12.in.us Views of Responsible Officials: The district concurs with the finding. The procurement of the item in question began with the prior Director of Food Service and was then completed at a later date by her successor. We believe this is a contributing factor to this error. The district participates in CIESC’s Region 9 Child Nutrition Cooperative. This cooperative conducts the bidding/procurement process on behalf of its members in compliance with all Federal Procurement and Suspension and Debarment requirements. From time to time, there are items needed that are not available through the cooperative. Most often, this is food service equipment purchases. Description of Corrective Action Plan: Policy 6325 covers procurement for federal grants/funds. Within this policy, procurement and suspension and debarment expectations are provided. The district plans to add an administrative guideline that will cover the process for any purchase reasonably expected to exceed $25,000 including, but not limited to, (1) how to verify if a vendor is suspended or debarred; (2) what documentation is required and how it is submitted/tracked; (3) validation process involving accounts payable for purchases over $25,000 from federal grants/funds to confirm steps 1 and 2 were properly followed. In addition, communication and direction will be provided to any staff in the district who have the ability to make purchases for grant-funded items. Anticipated Completion Date: 3/1/25 – Review of purchases from grant funds from 7/1/24 through 2/20/25 to ensure compliance. 3/1/25 – Completion of Administrative Guidelines 6325 to specify the internal control process. 3/1/25 – Communication to impacted staff regarding the policy and administrative guideline.
View Audit 345221
Finding 526260 (2024-082)
Material Weakness 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring § 200.303 § 200.332
Responsible Contact Person(s): Ousman Kah, Subrecipient Monitoring Coordinator Corrective Action Planned: A Grants Management solution is being pursued by DSS in anticipation that it can be deployed with Subrecipient Monitoring capabilities needed to comply with these requirements. A new budget requ...
Responsible Contact Person(s): Ousman Kah, Subrecipient Monitoring Coordinator Corrective Action Planned: A Grants Management solution is being pursued by DSS in anticipation that it can be deployed with Subrecipient Monitoring capabilities needed to comply with these requirements. A new budget request has been submitted for funding of a contingent Subrecipient Monitoring System solution. This will help bridge the deficiencies noted util an integrated permanent solution is implemented. Estimated Completion Date: 6/30/2025
View Audit 345214
Finding 526259 (2024-071)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Naveen Abraham, Chief Core Infrastructure Services Corrective Action Planned: Ensuring that infrastructure suppliers fulfill all contractual requirements with respect to Commonwealth security policies and standards necessitates a programmatic, continuous improvement ap...
Responsible Contact Person(s): Naveen Abraham, Chief Core Infrastructure Services Corrective Action Planned: Ensuring that infrastructure suppliers fulfill all contractual requirements with respect to Commonwealth security policies and standards necessitates a programmatic, continuous improvement approach. VITA has made improved cybersecurity a primary goal and major initiatives have completed and are underway. Based on the improved SLAs and with the improved tools previously implemented, VITA will continue to monitor and improve the security of infrastructure services through ongoing governance, including the requirements of architecture documentation, system security plans, and audit reports. VITA’s infrastructure services group will work with our security group to confirm that the current state achieves security standards compliance. VITA will also continue to work with agencies to drive continued vulnerability remediation and access to log data and to further refine documentation regarding SOPs of the security program and regarding the responsibilities of VITA vs the responsibilities of agencies and suppliers. Estimated Completion Date: 6/30/2025
View Audit 345214
Finding 526258 (2024-068)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer Karen Holt, Human Resource Business Process Consultant Corrective Action Planned: An agency-wide work group will be established to determine the exact processes need to implement the controls necessary to address this fi...
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer Karen Holt, Human Resource Business Process Consultant Corrective Action Planned: An agency-wide work group will be established to determine the exact processes need to implement the controls necessary to address this finding. Estimated Completion Date: 6/30/2025
View Audit 345214
Finding 526257 (2024-067)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Eligibility HUD Housing Programs Significant Deficiency § 200.303
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Stephen Schleck, Associate Director of Enterprise Business Solutions Angela Morse, Benefit Programs Corrective Action Planned: A Change Request (CR), for the management system was developed 2 years ago and DSS is reviewing the CR...
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Stephen Schleck, Associate Director of Enterprise Business Solutions Angela Morse, Benefit Programs Corrective Action Planned: A Change Request (CR), for the management system was developed 2 years ago and DSS is reviewing the CR to determine a status. It was agreed by Line of Business and ITS EBS and the O&M provider that there will be an iterative approach to completing the record retention and purge rules for implementation in the management system. DSS anticipates the first of a series of changes to address this finding to be implemented in the February 2024 Information Technology Services release. DSS is planning for the final phase of Purge by quarter three of 2025 and will include the following scope: • Scope of change is 150 EDBC tables across all programs beyond a defined cut-off date. • A one-time purge process and on-going purge process will be developed to purge the Uncertified/Unauthorized, Non-current Eligibility Determination. • Develop ongoing purge process for the Phase 1 and Phase 2 tables. • Purge Data files and Data logs App/Batch server. Estimated Completion Date: 12/30/2025
View Audit 345214
Finding 526256 (2024-064)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Fede...
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 12/31/2025
View Audit 345214
Finding 526255 (2024-061)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management Corrective Action Planned: DSS Information Security and Risk Management security awareness and training assets will develop role based training for system administrat...
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management Corrective Action Planned: DSS Information Security and Risk Management security awareness and training assets will develop role based training for system administrators and data custodians. Estimated Completion Date: 6/30/2025
View Audit 345214
Finding 526254 (2024-058)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management John Vosper, Assistant Director of Information Security & Risk Management Corrective Action Planned: DSS has contracted external IT auditors to perform IT audits once...
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management John Vosper, Assistant Director of Information Security & Risk Management Corrective Action Planned: DSS has contracted external IT auditors to perform IT audits once every three years on an ongoing rotating basis in accordance with yellow book audit standards. Estimated Completion Date: 12/15/2025
View Audit 345214
Finding 526253 (2024-053)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Mike Jones, Chief Information Officer Steve Hanoka, Information Security Officer Corrective Action Planned: Vulnerability Management policies and procedures exist. These include scanning for both vulnerabilities and baseline configuration. They are being tracked acco...
Responsible Contact Person(s): Mike Jones, Chief Information Officer Steve Hanoka, Information Security Officer Corrective Action Planned: Vulnerability Management policies and procedures exist. These include scanning for both vulnerabilities and baseline configuration. They are being tracked according to SEC530 resolution standards. Goal is to ensure that all vulnerabilities are remediated within the SLA or have approved exceptions by May 30, 2025. In addition, DMAS has gained guidance from VITA on acceptable alternatives to penetration testing and are tracking completion. Estimated Completion Date: 5/30/2025
View Audit 345214
Finding 526252 (2024-047)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Fede...
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 6/30/2025
View Audit 345214
Finding 526251 (2024-042)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Eligibility Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Kavansa Gardner, IT Manager Corrective Action Planned: DSS performed an annual access review of user accounts for the system. As of December 20, 2024, the DSS projected completion date for the 2024 system Annual Review was December 31, 2024. The IT Manager is waiting f...
Responsible Contact Person(s): Kavansa Gardner, IT Manager Corrective Action Planned: DSS performed an annual access review of user accounts for the system. As of December 20, 2024, the DSS projected completion date for the 2024 system Annual Review was December 31, 2024. The IT Manager is waiting for eight more FIPs to submit screenshots of roles that have been removed or changed. The IT Manager has been in contact with all noncompliant agencies and has meetings scheduled to ensure all necessary documentation is obtained prior to the cutoff point. DSS will be reviewing final documents to certify the accuracy of the review before deadline. Estimated Completion Date: 1/31/2025
View Audit 345214
Finding 526250 (2024-041)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Eligibility Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Angela Morse, Director of Benefit Programs Kavansa Gardner, IT Manager Corrective Action Planned: DSS will perform and document a conflicting access review for the management system to identify the combinations of roles that could pose separation of duties conflicts an...
Responsible Contact Person(s): Angela Morse, Director of Benefit Programs Kavansa Gardner, IT Manager Corrective Action Planned: DSS will perform and document a conflicting access review for the management system to identify the combinations of roles that could pose separation of duties conflicts and ensure compensating controls are in place to mitigate risks arising from those conflicts. Additionally, DSS will work with the vendor to update the role-based security access documentation to reflect all system changes from prior case management system related releases when there are proposed changes to the roles matrix. Estimated Completion Date: 12/31/2025
View Audit 345214
Finding 526249 (2024-035)
Material Weakness 2024
Commonwealth of Virginia
VA
Material Weakness Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management Kevin Platea, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determine...
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management Kevin Platea, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 12/31/2026
View Audit 345214
Finding 526248 (2024-025)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Dwayne Sneade, Director of Cybersecurity Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3...
Responsible Contact Person(s): Kevin Platea, Chief Information Officer Dwayne Sneade, Director of Cybersecurity Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 12/31/2025
View Audit 345214
Finding 526247 (2024-024)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Subrecipient Monitoring Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management John Vosper, Assistant Director of Information Security & Risk Management Sam Owusu, IT Risk Manager of Information Security & Risk Management Corrective Action Plann...
Responsible Contact Person(s): Barry Davis, Chief Information Security Officer and Director of Information Security & Risk Management John Vosper, Assistant Director of Information Security & Risk Management Sam Owusu, IT Risk Manager of Information Security & Risk Management Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 12/31/2026
View Audit 345214
Finding 526246 (2024-023)
Significant Deficiency 2024
Commonwealth of Virginia
VA
Reporting Significant Deficiency Internal Control / Segregation of Duties § 200.303
Responsible Contact Person(s): Mike Jones, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federa...
Responsible Contact Person(s): Mike Jones, Chief Information Officer Corrective Action Planned: This finding was marked as FOIA Exempt (FOIAE) and as a result, the State Comptroller has determined that the resulting corrective actions are FOIAE under §2.2-3705.2 (9.) of the Code of Virginia. Federal awarding agencies and pass-through entities, please see the Appendix titled “Applicable Management Contacts for Findings and Questioned Costs” to request the corrective action planned from the applicable entity. Estimated Completion Date: 4/30/2025
View Audit 345214
« 1 67 68 70 71 298 »