FAC Explorer

Corrective Action Plans

Browse how organizations respond to audit findings

Total CAPs
57,820
In database
Filtered Results
8,996
Matching current filters
Showing Page
83 of 360
25 per page

Filters

Clear
Active filters: § 200.303
Finding 568832 (2024-004)
Material Weakness 2024
Rolette Community Care Center
ND
Allowable Costs / Cost Principles Material Weakness § 200.303
Department of Health and Human Services Federal Financial Assistance Listing #93.498 COVID-19 Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution (PRF) Applicable Federal Award Number and Year - Period 6 TIN #205330283 Activities Allowed or Unallowed and Allowable Costs/Cost Pri...
Department of Health and Human Services Federal Financial Assistance Listing #93.498 COVID-19 Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution (PRF) Applicable Federal Award Number and Year - Period 6 TIN #205330283 Activities Allowed or Unallowed and Allowable Costs/Cost Principles Material Weakness in Internal Control Over Compliance Finding Summary: There was no formal review or approval of the expenditure spreadsheet used to calculate the expenditures claimed for the federal program outside of the preparer. In addition, we noted the individual transactions were also not reviewed or approved by someone outside of the business office manager. Responsible Individuals: Kathy Morrow, Business Office Manager, Kelly VandeVorste, Interim Administrator Corrective Action Plan: Management will ensure that the information contained in supporting spreadsheets and individual transactions for federal programs is reviewed and approved by someone other than the preparer or the person initiating the transactions. Anticipated Completion Date: December 31, 2025
View Audit 360565
Finding 568831 (2024-003)
Material Weakness 2024
Rolette Community Care Center
ND
Material Weakness Reporting Internal Control / Segregation of Duties § 200.303
Department of Health and Human Services Federal Financial Assistance Listing #93.498 COVID-19 Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution (PRF) Applicable Federal Award Number and Year - Period 6 TIN #205330283 Reporting Material Weakness in Internal Control Over Complia...
Department of Health and Human Services Federal Financial Assistance Listing #93.498 COVID-19 Provider Relief Fund and American Rescue Plan (ARP) Rural Distribution (PRF) Applicable Federal Award Number and Year - Period 6 TIN #205330283 Reporting Material Weakness in Internal Control Over Compliance and Material Noncompliance Finding Summary: Rolette Community Care Center does not have an internal control system to ensure the amounts reported in the HHS Period 6 Special Report agreed to supporting documentation for each of the quarters included. In addition, there was no evidence of review of either the supporting documentation or the HHS Period 6 Special Report by someone other than the preparer. Responsible Individuals: Kathy Morrow, Business Office Manager Corrective Action Plan: Management will ensure that the information contained in the reports agrees to the supporting documentation and both documentation and the reports submitted are reviewed by someone other than the preparer. Anticipated Completion Date: December 31, 2025
View Audit 360565
Finding 568514 (2024-003)
Significant Deficiency 2024
Bmc Health System, Inc.
MA
Allowable Costs / Cost Principles Internal Control / Segregation of Duties HUD Housing Programs § 200.303
Audit Report Reference: 2024-003 Program name: Research and Development Completion Date: September 30, 2025 Finding 2024-003 is a repeat finding (2023-001) from fiscal year end September 30, 2023. The Health System implemented change controls and audit of employee permissions per the corrective act...
Audit Report Reference: 2024-003 Program name: Research and Development Completion Date: September 30, 2025 Finding 2024-003 is a repeat finding (2023-001) from fiscal year end September 30, 2023. The Health System implemented change controls and audit of employee permissions per the corrective action plan for 2023-001.The corrective actions for repeat finding 2024-003 addresses documentation of performed controls and training for employees involved in the control activities. Workday Change Review: The HRIS team will continue with a change review audit as they have done in the previous year with a few enhancements to increase auditability. The Sr. HRIS Manager will send official communication to the HRIS team to initiate the end-of-year change review. This email will provide a clear timeline for the audit period with a hard deadline. Once complete, the HR Compliance Manager and/or the Sr. HRIS Manager will issue a written communication to document the completion of the review summary of findings (if any), and corrective actions taken (if applicable). This will remedy the issue of missing approval documentation. The team will also be reeducated around the need to document written approval and testing for changes throughout the year. Workday Security Review: The HRIS team will continue to conduct an audit of security roles and users within Workday to ensure that permissions are updated appropriately. The HRIS Analyst will generate reports for the Sr. HRIS Manager's review, identifying any required changes. The analyst will then make these updates in Workday, followed by a new report for verification. Upon successful verification, the Sr. HRIS Manager will send a formal written communication of the approved changes. Workday Terminations: To address the access provisioning deficiency as it relates to terminating employees, the management team will be re-trained in the importance of adhering to timely terminations of employees in Workday. Person Responsible: Ashley Cesarano - HR Compliance and Workplace Accommodations Manager; Karen Alvarado – Senior Manager HRIS E-mail address: Ashley.Cesarano@bmc.org; Karen.Alvarado@bmc.org
View Audit 360505
Finding 568218 (2024-003)
Significant Deficiency 2024
Northwest Indian Fisheries Commission
WA
Internal Control / Segregation of Duties Subrecipient Monitoring Material Weakness § 200.303 § 200.329
Person(s) responsible for corrective action: Todd Bolster, Director of Administration and Dietrich Schmitt, Grants Program Manager. Management’s Response/Corrective Action Plan: For this tribal pass-through program, narrative, non-financial progress reports are collected from tribes, reviewed and...
Person(s) responsible for corrective action: Todd Bolster, Director of Administration and Dietrich Schmitt, Grants Program Manager. Management’s Response/Corrective Action Plan: For this tribal pass-through program, narrative, non-financial progress reports are collected from tribes, reviewed and approved by the NWIFC Grants Program Manager and submitted to PSFMC. Effective immediately, the NWIFC grants program manager will increase internal controls by including documentation of internal review and approval prior to progress reports being submitted to PSMFC. Anticipated completion date: July 2025.
View Audit 360492
Finding 568217 (2024-002)
Material Weakness 2024
Northwest Indian Fisheries Commission
WA
Questioned Costs Procurement, Suspension & Debarment § 200.303 § 200.318 § 200.320 § 200.326
Person(s) responsible for corrective action: Lucy Yanez, Contract Specialist, Tracy Johnson, Accounts Payable, Tina Hurtado Controller, NWIFC staff and supervisors engaged in procurement and contracting. Management’s Response/Corrective Action Plan: The NWIFC implemented corrective measures relat...
Person(s) responsible for corrective action: Lucy Yanez, Contract Specialist, Tracy Johnson, Accounts Payable, Tina Hurtado Controller, NWIFC staff and supervisors engaged in procurement and contracting. Management’s Response/Corrective Action Plan: The NWIFC implemented corrective measures related to procurement in March of 2024. See FY23 Corrective Action Plan. However, the one procurement sample that was cited as not including “documentation of bidding, alternative price quotes or sole source documentation” contained a sole source justification that was developed before implementation of the FY23 Corrective Action Plan. The sole source justification was based on the specialized knowledge and specific expertise. Procurement samples for purchases or contracts after the implementation of the FY23 Corrective Action Plan, show compliance of adequate bidding, price quotes or sole source documentation consistent with 2 CFR 200. The NWIFC will continue to implement the FY23 Corrective Action Plan, by requiring NWIFC managers and their staff to be responsible for soliciting bids or developing sole source justifications for procurements and contracts consistent with 2 CFR 200. The Contract Specialist will ensure that bid solicitations and sole source justifications are properly documented and filed with each contract. Similarly, the audit noted that certain suspension and debarment samples selected, before the FY23 Corrective Action Plan was implemented in March 2024, lacked documentation of a suspension and debarment review prior to doing business with vendors. In response, the FY23 Corrective Action Plan, put into effect in March 2024, included measures to ensure that both new vendor and annual reviews are documented. The Accounts Payable department will continue to conduct suspension and debarment reviews for all new vendors before conducting business and perform annual reviews of all vendors, in line with the FY23 Corrective Action Plan. Anticipated completion date: Completed March 2024.
View Audit 360492 Questioned Costs: $1
Finding 568215 (2024-002)
Significant Deficiency 2024
Survivors of Torture, International
CA
Cash Management Significant Deficiency Matching / Level of Effort / Earmarking § 200.303
Finding 2024-002 Condition: During the auditors’ walkthroughs of the cash draw process, the Organization indicated that there is a lack of evidence supporting preparation and review of federal drawdowns. Corrective action plan: Management agrees with the recommendation and will establish a written ...
Finding 2024-002 Condition: During the auditors’ walkthroughs of the cash draw process, the Organization indicated that there is a lack of evidence supporting preparation and review of federal drawdowns. Corrective action plan: Management agrees with the recommendation and will establish a written policy and implement a documented process for the preparation and review of federal drawdowns, including clear evidence of review such as signoffs or electronic approvals. Responsible Individual: Andres Chavarro, Finance Manager Planned Completion date: 07/01/2025
View Audit 360483
Finding 568062 (2024-001)
Significant Deficiency 2024
Bastrop County Women's Shelter, Inc. Dba Family Crisis Center
TX
Cash Management Reporting Significant Deficiency § 200.303
1) Effective 3/7/25, reports and requests for reimbursements are being reviewed, signed and dated by the Executive Director prior to submission to ensure the reports and requests for reimbursements are not incomplete or inaccurate; and 2) Financial Policy addressing the Deficiency in Internal Contro...
1) Effective 3/7/25, reports and requests for reimbursements are being reviewed, signed and dated by the Executive Director prior to submission to ensure the reports and requests for reimbursements are not incomplete or inaccurate; and 2) Financial Policy addressing the Deficiency in Internal Controls over Compliance were already in place during the audit period. These policies were reviewed by the Board of Directors on 6/11/25 and found to align with the best practices and compliance requirements. Following the audit, we have also taken steps to reinforce the adherence and ensure consistent implementation across all relevant areas. Responsible Parties: Brandi Senters, Finance Director, will be responsible for implementation, with oversight from Interim Executive Director, Bernie Jackson.
View Audit 360432
Finding 568028 (2024-004)
Significant Deficiency 2024
Catholic Medical Mission Board, Inc.
NY
Allowable Costs / Cost Principles Significant Deficiency Matching / Level of Effort / Earmarking § 200.303
Management acknowledges the importance of maintaining accessible and complete documentation to support all transactions charged to federal grants. The inability to provide the requested approvals for certain transactions was due to the challenging security conditions in some country offices during t...
Management acknowledges the importance of maintaining accessible and complete documentation to support all transactions charged to federal grants. The inability to provide the requested approvals for certain transactions was due to the challenging security conditions in some country offices during the audit period. To strengthen documentation access and retention, the Organization has transitioned to NetSuite, where backup documentation for transactions is now stored centrally on the cloud and can be easily accessed by headquarters staff. This change enhances our ability to ensure timely review, approval, and audit readiness, regardless of field conditions. We remain committed to continuous improvement of our internal controls and documentation practices. Responsible Person: Country Finance Directors
View Audit 360404
Finding 568008 (2024-002)
Significant Deficiency 2024
Great Lakes Inter-Tribal Council Inc.
WI
Reporting Subrecipient Monitoring Internal Control / Segregation of Duties § 200.303
Corrective Actions Taken or Planned: Create procedures by the type of required reporting by grantor, as necessary. The procedure will include what and how the required report will be completed, who will and/or should review the required report, including signature for proof, and when the required re...
Corrective Actions Taken or Planned: Create procedures by the type of required reporting by grantor, as necessary. The procedure will include what and how the required report will be completed, who will and/or should review the required report, including signature for proof, and when the required report should be completed. Procedures will be added to the accounting department procedures and shared with staff as necessary. This is a work in progress and will continue to be adjusted as necessary. Contact person(s) responsible for corrective action: Gina Brown, CFO Anticipated Completion Date: September 2025
View Audit 360368
Finding 567911 (2024-001)
Material Weakness 2024
City of Livonia, Michigan
MI
Cash Management Material Weakness Period of Performance § 200.303
Finding Number: 2024-001 Condition: The City lacked adequate controls to verify that expenditures charged to the grant were incurred within the proper period of performance. Transactions were processed without sufficient review or procedures around the period of performance, resulting in expenditur...
Finding Number: 2024-001 Condition: The City lacked adequate controls to verify that expenditures charged to the grant were incurred within the proper period of performance. Transactions were processed without sufficient review or procedures around the period of performance, resulting in expenditures being charged from outside the allowable timeframe. Planned Corrective Action: The City has worked with the State to identify expenses outside the period of performance. The City has sent the money back to the State that was before the performance start date. All balances are properly stated as of November 30. 2024. Contact person responsible for corrective action: Connie Kumpula Anticipated Completion Date: 5/23/2025
View Audit 360257
Finding 567881 (2024-056)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring Allowable Costs / Cost Principles Special Tests & Provisions § 200.303
Finding 2024-056 Disaster Grants - Public Assistance (Presidentially Declared Disasters), ALN 97.036 - EM Grants Manager Security Management and Access Controls Management Views MSP agrees with the finding. MSP implemented the EM Grants Manager system in November 2023 and did not fully establish pr...
Finding 2024-056 Disaster Grants - Public Assistance (Presidentially Declared Disasters), ALN 97.036 - EM Grants Manager Security Management and Access Controls Management Views MSP agrees with the finding. MSP implemented the EM Grants Manager system in November 2023 and did not fully establish procedures for maintaining documentation of user access forms, reviewing privileged access, and disabling inactive users due to the number of current disasters and limited staff. Planned Corrective Action For part a., MSP implemented an access approval process in November 2023 to maintain documentation of access request forms within the EM Grants Manager system. For parts b. and c., MSP will create procedures to help ensure the timely completion of privileged user reviews and inactive user deactivation. MSP will perform the required user reviews and deactivate applicable accounts by September 30, 2025. Anticipated Completion Date September 30, 2025 Responsible Individual(s) Penny Burger, MSP
View Audit 360209
Finding 567697 (2024-026)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring Reporting Internal Control / Segregation of Duties § 200.303
Finding 2024-026 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Workfront Security Management and Access Controls Management Views DTMB agrees with the finding. Planned Corrective Action DTMB implemented process improvements in May 2024 related to the tracking and documentation of...
Finding 2024-026 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Workfront Security Management and Access Controls Management Views DTMB agrees with the finding. Planned Corrective Action DTMB implemented process improvements in May 2024 related to the tracking and documentation of user access requests to support approval of user access and system roles. The exceptions cited are related to users whose access was granted prior to the improved documentation being implemented. Anticipated Completion Date Completed Responsible Individual(s) Jennifer Edmonds, DTMB
View Audit 360209
Finding 567696 (2024-025)
Significant Deficiency 2024
State of Michigan
MI
Allowable Costs / Cost Principles Subrecipient Monitoring Period of Performance § 200.303
Finding 2024-025 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Insufficient Respite Payment Controls Management Views MDHHS agrees with the finding. Planned Corrective Action During fiscal year 2024, MDHHS improved the payment review process prior to manual input into the Medic...
Finding 2024-025 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Insufficient Respite Payment Controls Management Views MDHHS agrees with the finding. Planned Corrective Action During fiscal year 2024, MDHHS improved the payment review process prior to manual input into the Medical Services Administration Manual Payment System (MSAPay) to help ensure there are no improper payments, as demonstrated by no improper payments identified for fiscal year 2024. MDHHS will develop and implement a post payment review process for the final respite payments that were entered into MSAPay during December 2024 and anticipates completion by September 30, 2025. Anticipated Completion Date September 30, 2025 Responsible Individual(s) Crystal Kline, MDHHS Jessica Bowen, MDHHS Elaina Brown, MDHHS
View Audit 360209
Finding 567695 (2024-024)
Significant Deficiency 2024
State of Michigan
MI
Allowable Costs / Cost Principles Cash Management Eligibility § 200.303
Finding 2024-024 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Grant Reimbursement Approval Procedures Management Views EGLE agrees with the finding. Planned Corrective Action The EGLE Water Resources Division’s (WRD) administration staff adjusted their review process in April 20...
Finding 2024-024 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - Grant Reimbursement Approval Procedures Management Views EGLE agrees with the finding. Planned Corrective Action The EGLE Water Resources Division’s (WRD) administration staff adjusted their review process in April 2024 to comply with overall EGLE guidance that all reimbursement requests should be reviewed by a program representative and financial representative to ensure payments are made for activities authorized by the grant agreement. However, WRD had not fully completed the retroactive review of payments for fiscal year 2024. This has since been corrected and all retroactive reviews to ensure compliance with program technical specifications were completed as of May 1, 2025. Anticipated Completion Date Completed Responsible Individual(s) Phil Argiroff, EGLE Amy Hicks, EGLE
View Audit 360209
Finding 567694 (2024-023)
Significant Deficiency 2024
State of Michigan
MI
Allowable Costs / Cost Principles Internal Control / Segregation of Duties Subrecipient Monitoring § 200.303
Finding 2024-023 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - PTMS Security Management and Access Controls Management Views MDOT agrees with the finding. Planned Corrective Action MDOT EIM and Office of Passenger Transportation will collaborate and provide oversight to ensure ...
Finding 2024-023 Coronavirus State and Local Fiscal Recovery Funds, ALN 21.027 - PTMS Security Management and Access Controls Management Views MDOT agrees with the finding. Planned Corrective Action MDOT EIM and Office of Passenger Transportation will collaborate and provide oversight to ensure that Public Transportation Management System (PTMS) user access is reviewed semiannually for privileged accounts and annually for all other accounts. MDOT will implement an improved process which will include obtaining, verifying, and documenting the written approval for all identified users by the designated System Security Administrators. Access will be modified/removed, as appropriate, based on responses or removed for non-responders prior to the end of each six-month period for privileged users and each fiscal year for all other users. Anticipated Completion Date September 30, 2025 Responsible Individual(s) Sandy Lovell, MDOT Gina Huhn, MDOT Jean Ruestman, MDOT Kyle Nelson, MDOT Andy Esch, MDOT
View Audit 360209
Finding 567688 (2024-022)
Significant Deficiency 2024
State of Michigan
MI
Matching / Level of Effort / Earmarking Procurement, Suspension & Debarment Allowable Costs / Cost Principles § 200.303
Finding 2024-022 Highway Planning and Construction, ALN 20.205 - AASHTOWare Security Management and Access Controls Management Views MDOT agrees with the finding. Planned Corrective Action MDOT’s Office of Enterprise Information Management (EIM), Bureau of Field Services-Construction Field Service...
Finding 2024-022 Highway Planning and Construction, ALN 20.205 - AASHTOWare Security Management and Access Controls Management Views MDOT agrees with the finding. Planned Corrective Action MDOT’s Office of Enterprise Information Management (EIM), Bureau of Field Services-Construction Field Services Division, and Bureau of Development-Design Division will collaborate and provide oversight to ensure that user access for the American Association of State Highway and Transportation Officials software (AASHTOWare) Preconstruction and Construction & Materials modules is reviewed semiannually for privileged accounts and annually for all other accounts. MDOT will implement an improved process, which will be facilitated by the designated System Security Administrators, and access will be modified or removed, as appropriate, prior to the end of each six-month period for privileged users and annually for all other users. Anticipated Completion Date January 1, 2026 Responsible Individual(s) Mark Shulick, MDOT Dan Burns, MDOT Kristin Schuster, MDOT Dee Parker, MDOT Lindsey Renner, MDOT Jason Gutting, MDOT Kyle Nelson, MDOT Andy Esch, MDOT
View Audit 360209
Finding 567678 (2024-021)
Significant Deficiency 2024
State of Michigan
MI
Internal Control / Segregation of Duties Subrecipient Monitoring Period of Performance § 200.303 § 200.308
Finding 2024-021 National Guard Military Operations and Maintenance (O&M) Projects, ALN 12.401 - Extension Procedures Management Views DMVA agrees with the finding. Planned Corrective Action DMVA will set annual recurring calendar appointments to review program activities with the program managers...
Finding 2024-021 National Guard Military Operations and Maintenance (O&M) Projects, ALN 12.401 - Extension Procedures Management Views DMVA agrees with the finding. Planned Corrective Action DMVA will set annual recurring calendar appointments to review program activities with the program managers one month before the end of the period of performance to ensure a joint understanding of extension requirements, allowing sufficient time to prepare and submit period of performance extension requests timely, if needed. Anticipated Completion Date September 1, 2025 Responsible Individual(s) Rachelle Breeden, DMVA
View Audit 360209
Finding 567677 (2024-020)
Significant Deficiency 2024
State of Michigan
MI
Cash Management § 200.303
Finding 2024-020 National Guard Military Operations and Maintenance (O&M) Projects, ALN 12.401 - Timeliness of Cash Draws Management Views The Department of Military and Veterans Affairs (DMVA) agrees with the finding. Planned Corrective Action DMVA has communicated the importance of timely compl...
Finding 2024-020 National Guard Military Operations and Maintenance (O&M) Projects, ALN 12.401 - Timeliness of Cash Draws Management Views The Department of Military and Veterans Affairs (DMVA) agrees with the finding. Planned Corrective Action DMVA has communicated the importance of timely completion of cash draws. DMVA will consolidate expenditure reports sent to federal program managers to reduce overall quantity and improve timeliness. Additionally, DMVA will implement a revised document management methodology for expenditure reports returned from federal program managers that are ready for final approval and submission to the United States Property and Fiscal Office. Anticipated Completion Date September 30, 2025 Responsible Individual(s) Rachelle Breeden, DMVA
View Audit 360209
Finding 567676 (2024-010)
Significant Deficiency 2024
State of Michigan
MI
Internal Control / Segregation of Duties § 200.303
Finding 2024-010 MDE, Change Management Process Management Views MDE agrees with the finding. Planned Corrective Action For MiND, the standard change management process requires documenting the test results. However, there are scenarios when the data in question is only in the production environme...
Finding 2024-010 MDE, Change Management Process Management Views MDE agrees with the finding. Planned Corrective Action For MiND, the standard change management process requires documenting the test results. However, there are scenarios when the data in question is only in the production environment; or it might be production specific deployment like changing application settings which does not have relevance to the test environment. In these cases, MDE will maintain documentation in DevOps that the deployment is production specific. MDE will increase the post-review process of MiND related work items from a semi-annual to quarterly basis to ensure all required evidence of testing is recorded appropriately. For NexSys, MDE will review the change management process with DTMB and implement additional steps to ensure tickets are closed in a timely manner and all testing results have been appropriately documented. Anticipated Completion Date September 30, 2025 Responsible Individual(s) Monica Butler, MDE Peter Jones, MDE
View Audit 360209
Finding 567675 (2024-009)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring § 200.303
Finding 2024-009 MDE, Security Management and Access Controls Management Views The Michigan Department of Education (MDE) agrees with the finding. Planned Corrective Action For part a., with the release of Michigan Nutrition Data (MiND) 2.0 in November 2024, the system now has the added documentat...
Finding 2024-009 MDE, Security Management and Access Controls Management Views The Michigan Department of Education (MDE) agrees with the finding. Planned Corrective Action For part a., with the release of Michigan Nutrition Data (MiND) 2.0 in November 2024, the system now has the added documentation supporting the individual approved system roles required for this security control. For part b.1., MDE will start reviewing non-privileged internal Grant Electronic Monitoring System/Michigan Administrative Review System accounts on an annual basis and will store documentation of the review. MDE has started writing the policy adjustment for this change. To validate their continued need, MDE will annually review all MiND accounts for appropriate access that have access to SOM proprietary information. For part b.2., MDE has provided input to DTMB on this technical control, and MDE intends to comply with the revised SOM Technical Standard 1340.00.020.01 (Access Control Standard). MDE plans to complete both the policy adjustment and the annual review for 2025 by December 31, 2025. For part c., MDE implemented the process for deactivating users to meet this security requirement in November 2024 when MiND 2.0 was released. The process for deactivating users to meet this security requirement for the Next Generation Grant, Application and Cash Management System (NexSys) was implemented in May 2025. Anticipated Completion Date a. Completed b.1. September 30, 2025 b.2. December 31, 2025 c. Completed Responsible Individual(s) Monica Butler, MDE Joshua Long, MDE Peter Jones, MDE David Judd, MDE
View Audit 360209
Finding 567674 (2024-008)
Significant Deficiency 2024
State of Michigan
MI
Subrecipient Monitoring Cash Management Eligibility § 200.303
Finding 2024-008 MDE, IT General Controls Management Views DTMB agrees it did not fully implement its user access removal and recertification processes when transitioning responsibilities between employees. Planned Corrective Action DTMB corrected the issues noted and the reassigned employee res...
Finding 2024-008 MDE, IT General Controls Management Views DTMB agrees it did not fully implement its user access removal and recertification processes when transitioning responsibilities between employees. Planned Corrective Action DTMB corrected the issues noted and the reassigned employee resumed DTMB’s existing user access removal and recertification processes in November 2024. Anticipated Completion Date Completed Responsible Individual(s) Rex Menold, DTMB Aaron Dupre, DTMB
View Audit 360209
Finding 567666 (2024-019)
Significant Deficiency 2024
State of Michigan
MI
Allowable Costs / Cost Principles Internal Control / Segregation of Duties § 200.303
Finding 2024-019 WIC Special Supplemental Nutrition Program for Women, Infants, and Children, ALN 10.557 - MI-WIC Change Management Process Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS discussed the change management documented requirements with the information t...
Finding 2024-019 WIC Special Supplemental Nutrition Program for Women, Infants, and Children, ALN 10.557 - MI-WIC Change Management Process Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS discussed the change management documented requirements with the information technology (IT) contractor during April 2025 to ensure all testing is documented appropriately. MDHHS has updated the Michigan Women, Infants, and Children Information System (MI-WIC) Change Management Controls process to include a review of each change to ensure it has successfully completed all components of the change management process prior to completion of associated release activities. Anticipated Completion Date Completed Responsible Individual(s) Kristina Brady, MDHHS Bagya Kodur, MDHHS
View Audit 360209
Finding 567665 (2024-018)
Significant Deficiency 2024
State of Michigan
MI
Allowable Costs / Cost Principles Subrecipient Monitoring § 200.303
Finding 2024-018 WIC Special Supplemental Nutrition Program for Women, Infants, and Children, ALN 10.557 - MI-WIC Access Controls Management Views MDHHS and DTMB agree with the finding. Planned Corrective Action DTMB implemented a process in November 2024 to review privileged accounts with direct ...
Finding 2024-018 WIC Special Supplemental Nutrition Program for Women, Infants, and Children, ALN 10.557 - MI-WIC Access Controls Management Views MDHHS and DTMB agree with the finding. Planned Corrective Action DTMB implemented a process in November 2024 to review privileged accounts with direct database access semiannually. Anticipated Completion Date Completed Responsible Individual(s) Nathan Buckwalter, DTMB
View Audit 360209
Finding 567659 (2024-006)
Significant Deficiency 2024
State of Michigan
MI
Special Tests & Provisions Subrecipient Monitoring Internal Control / Segregation of Duties § 200.303
Finding 2024-006 ADP Security Program Management Views Although MDHHS and DTMB agree annual testing was not conducted for one system and not all necessary updates to the system security plan were completed during the audit period for four systems, MDHHS and DTMB disagree that effective controls wer...
Finding 2024-006 ADP Security Program Management Views Although MDHHS and DTMB agree annual testing was not conducted for one system and not all necessary updates to the system security plan were completed during the audit period for four systems, MDHHS and DTMB disagree that effective controls were not implemented to ensure confidentiality, integrity, and availability of its automated data processing (ADP) information systems. MDHHS and DTMB also disagree that the security of critical systems was at risk by failing to mitigate potential vulnerabilities as described in the effect statement of the finding. MDHHS and DTMB have compensating controls in place to ensure confidentiality, integrity, and availability of its ADP information systems in addition to mitigating potential vulnerabilities. MDHHS and DTMB monitor remediation of Plans of Actions and Milestones for all information systems even after expiration of the authority to operate (ATO). For one system cited, MDHHS is required to audit the system as part of the responsibilities related to the Affordable Care Act and the Medicaid Expansion marketplace. Those audits are conducted to show compliance with federal information security and privacy requirements related to data stored in those systems. The system required to be audited as part of the Affordable Care Act, along with two other systems cited, are reviewed biennially through the Internal Control Evaluation process where control evidence is updated to demonstrate the effectiveness of controls. Each system cited did not have any significant changes and implemented controls are still working as expected. Planned Corrective Action DTMB has hired additional resources to help ensure the timely completion of the required work below. For part a., MDHHS and DTMB will conduct testing of the disaster recovery plan (DRP) by September 30, 2025, and will follow SOM Technical Standards on DRP testing going forward. For part b., MDHHS and DTMB will complete the necessary updates to the system security plans, including updating the risk assessments, and anticipate completion for all cited systems by July 1, 2025. MDHHS and DTMB anticipate that ATO renewals will be attained for all cited systems by August 30, 2025. Anticipated Completion Date a. September 30, 2025 b. August 30, 2025 Responsible Individual(s) Laura Visser, MDHHS Nathan Buckwalter, DTMB Lyndia Deromedi, MDHHS Heather Frick, DTMB Kasi Hunzinger, MDHHS Veronica Maxson, MDHHS Karen Scott, MDHHS Michelle Smith, MDHHS
View Audit 360209
Finding 567657 (2024-004)
Significant Deficiency 2024
State of Michigan
MI
Internal Control / Segregation of Duties § 200.303
Finding 2024-004 Bridges Change Management Process Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS change control processes require a communication to be sent within three business days after each release that validates the changes to Bridges were applied as expect...
Finding 2024-004 Bridges Change Management Process Management Views MDHHS agrees with the finding. Planned Corrective Action MDHHS change control processes require a communication to be sent within three business days after each release that validates the changes to Bridges were applied as expected and this validation is documented and retained as part of the release close-out process. MDHHS added a checklist to immediate releases during April 2025 to help eliminate human error and ensure documentation of all post-implementation approvals is retained for each release. Anticipated Completion Date Completed Responsible Individual(s) Holly Roderick, MDHHS
View Audit 360209
« 1 81 82 84 85 360 »