FAC Explorer

Corrective Action Plans

Browse how organizations respond to audit findings

Total CAPs
56,537
In database
Filtered Results
53,551
Matching current filters
Showing Page
1315 of 2143
25 per page

Filters

Clear
Finding 386119 (2023-002)
Material Weakness 2023
Northwestern Consolidated School District of Shelby County
IN
School Nutrition Programs Internal Control / Segregation of Duties Allowable Costs / Cost Principles § 200.303
FINDING 2023-002 Finding Subject: Child Nutrition Cluster – Internal Controls Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program Assistance Listing Numbers: 10.553, 10.555 Federal Award Number: 7350 Pass-Through Entity: Indiana Departm...
FINDING 2023-002 Finding Subject: Child Nutrition Cluster – Internal Controls Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program Assistance Listing Numbers: 10.553, 10.555 Federal Award Number: 7350 Pass-Through Entity: Indiana Department of Education Compliance Requirements: Activities Allowed and Unallowed, Allowable Costs/Costs Principles, Special Tests and Provisions-Verification of Free and Reduced Price Applications Summary of Finding: Material Weakness Internal Controls were not implemented to prevent noncompliance related to the verification of free and reduced applications and hours and wages. A new internal control procedure will be implemented for the second review of the free and reduced applications and for the hours and wages. Repeat Finding: Prior audit finding number was 2021-002. Contact Person Responsible for Corrective Action: Tammy Achenbach Contact Information: Phone: 317-835-7461 Email: tachenbach@nwshelbyschools.org Views of Responsible Officials: Management agrees with the finding. Management will ensure proper documented review of amounts billed for personnel and for the free and reduce verification 􀀃 INDIANA STATE BOARD OF ACCOUNTS 23 First ~ Best ~ Different! 􀀃 Northwestern􀀃 Consolidated􀀃School􀀃 District􀀃of􀀃Shelby􀀃County􀀃 􀀃 4920􀀃W.􀀃600􀀃N􀀃 Fairland,􀀃IN􀀃46126􀀃 􀀃 Phone:􀀃317􀍲835􀍲7461􀀃 Fax:􀀃317􀍲835􀍲4441􀀃 􀀃 www.nwshelbyschools.org􀀃 Superintendent􀀃 Mr.􀀃Chris􀀃Hoke􀀃 􀀃 Business􀀃Manager􀀃 Mrs.􀀃Tammy􀀃Achenbach􀀃 􀀃 Technology􀀃Director􀀃 Mr.􀀃Josh􀀃Landis􀀃 􀀃 Maintenance􀀃Director􀀃 Mr.􀀃Terry􀀃Coons􀀃 􀀃 Transportation􀀃Director􀀃 Mrs.􀀃Susie􀀃Childress􀀃 􀀃 Special􀀃Education􀀃Director􀀃 Mrs.􀀃Terri􀀃Branson􀀃 􀀃􀀃 School􀀃Board􀀃 Mr.􀀃David􀀃Ploog􀀃 Mrs.􀀃Brooke􀀃Lockett􀀃 Mrs.􀀃Cressa􀀃Rund􀀃 Mr.􀀃Ken􀀃Polston􀀃 Mr.􀀃Terry􀀃Morgan􀀃 Mr.􀀃Travis􀀃Hensler􀀃 Mrs.􀀃Karen􀀃Humphreys􀀃 Cont. page 2 Description of Corrective Action Plan: Review for personnel charges: During the monthly meeting to review the FSMC invoice, along with Operations Ledger, Client P&L, Monthly Reimbursements, Invoices, USDA Reconciliation, Direct Certification, The Hours and Wages will be reviewed and approved. Free and Reduced Verification: Internal Controls for the first round of Free and Reduce Applications will be verified by the Data Controller or the Business Manager and the verification of the random testing of the verifications will be done by the Business Manager or the Deputy Treasurer. Anticipated Completion Date: The district will start the new internal control procedure March 2024 to correct for the 23-24 school year.
View Audit 298525
Finding 386118 (2023-001)
Material Weakness 2023
Hydro-Eakly Independent School District #11
OK
Procurement, Suspension & Debarment Subrecipient Monitoring Material Weakness
The School Superintendent will review all projects funded by Federal funds to determine if any projects are considered construction projects. The Superintendent will require all such contracts to include prevailing wage clauses to ensure that federal wage rates and fringe benefits, are met, as requ...
The School Superintendent will review all projects funded by Federal funds to determine if any projects are considered construction projects. The Superintendent will require all such contracts to include prevailing wage clauses to ensure that federal wage rates and fringe benefits, are met, as required by the Davis-Bacon Act. The Superintendent will review weekly payroll reports provided by the contractor to ensure adherence to the contract clauses. The Superintendent will survey the job site weekly to ensure that required work site notices are posted.
View Audit 298524
Finding 386116 (2023-010)
Material Weakness 2023
City of Lewistown
MT
Procurement, Suspension & Debarment § 200.214
NONCOMPLIANCE WITH PROCUREMENT AND SUSPENSION AND DEBARMENT REQUIREMENTS, CAPITALIZATION GRANTS FOR DRINKING WATER STATE REVOLVING FUNDS, ASSISTANCE LISTING No. 66.468, GRANT No.’s WRF-23530 AND WRF-23531, YEAR ENDED JUNE 30, 2023
NONCOMPLIANCE WITH PROCUREMENT AND SUSPENSION AND DEBARMENT REQUIREMENTS, CAPITALIZATION GRANTS FOR DRINKING WATER STATE REVOLVING FUNDS, ASSISTANCE LISTING No. 66.468, GRANT No.’s WRF-23530 AND WRF-23531, YEAR ENDED JUNE 30, 2023
View Audit 298511
Finding 386110 (2023-002)
Significant Deficiency 2023
Des Moines Independent Community School District
IA
Subrecipient Monitoring Cash Management Reporting
Corrective Action: After the Food and Nutrition Director reviews the monthly claims, she will send an email noting her approval, before the claim is submitted to the state. This email approval will be attached to the journal entry support that is posted in the financial system when recording the rev...
Corrective Action: After the Food and Nutrition Director reviews the monthly claims, she will send an email noting her approval, before the claim is submitted to the state. This email approval will be attached to the journal entry support that is posted in the financial system when recording the revenue. Contact Person: Amanda Miller, Director of Food & Nutrition Services and Logistics / Ray Serrano - Accountant Anticipated Completion Date: June 30, 2024
View Audit 298501
Finding 386108 (2023-003)
Material Weakness 2023
Madison County, Nebraska
NE
Questioned Costs Subrecipient Monitoring Allowable Costs / Cost Principles § 200.332
The County is aware of the above finding and has adjusted our procedures related to disbursing federal funds to subrecipients. We have changed to a cost reimbursement basis for disbursing the federal funds to subrecipients. We currently receive supporting documentation prior to payment.
The County is aware of the above finding and has adjusted our procedures related to disbursing federal funds to subrecipients. We have changed to a cost reimbursement basis for disbursing the federal funds to subrecipients. We currently receive supporting documentation prior to payment.
View Audit 298495 Questioned Costs: $1
Finding 386104 (2023-001)
Significant Deficiency 2023
Northwest Mississippi Community College
MS
Student Financial Aid Subrecipient Monitoring Internal Control / Segregation of Duties
Name Connie Joseph Title Controller Phone (662) 562-3292 Email cjoseph@northwestms.edu Finding 2023-001: U.S. Department of Education-Student Financial Assistance Management is in the process of developing a written information security program. Anticipated Completion Date: Prior to June ...
Name Connie Joseph Title Controller Phone (662) 562-3292 Email cjoseph@northwestms.edu Finding 2023-001: U.S. Department of Education-Student Financial Assistance Management is in the process of developing a written information security program. Anticipated Completion Date: Prior to June 30, 2024
View Audit 298492
Finding 386101 (2023-002)
Significant Deficiency 2023
Wellspace Health
CA
Subrecipient Monitoring Internal Control / Segregation of Duties
Corrective Action Plan: The Organization will strengthen procedures to ensure discounts for sliding fee is applied consistently and accurately. Immediately, the Organization will conduct monthly application audits. An audit of 25 sliding fee application forms completed in the month prior will be exa...
Corrective Action Plan: The Organization will strengthen procedures to ensure discounts for sliding fee is applied consistently and accurately. Immediately, the Organization will conduct monthly application audits. An audit of 25 sliding fee application forms completed in the month prior will be examined for accuracy, along with their supporting data. All information from these applications will be cross‐verified in NextGen. The results from the sliding fee monthly audits will be monitored and reported quarterly at the Quality Assurance and Quality Improvement meetings. This has continued to occur monthly. We will be implementing a workflow adjustment stating all Slide applications will be noted in the system with a 30day expire date. This will ensure the staff will be able to notify the patient they would need to begin the process over and present the supporting documentation. Once the documentation is received the timeframe will extend to the one year. Furthermore, the Organization will continue the practice of conducting skills assessments at the start of the year and once more in July. These assessments are crucial as they help pinpoint staff members who might benefit from refresher training. Moreover, a meeting has been scheduled to finalize the days and times for virtual sliding fee application training. This training, aimed at all staff who handle a sliding fee form, will be spread out over four weeks, with one session per week lasting an hour. Additionally, the Organization will introduce a sliding fee training video to the new employee orientation. After completing their NextGen training, staff will receive this training video via email. Furthermore, this video will also be sent to all health center leadership to be utilized at the health center level. Estimated completion date: September 30, 2024 Contact person: Shannon Potter, Deputy Chief of Business Service
View Audit 298487
Finding 386100 (2023-005)
Significant Deficiency 2023
Shelby County, Tn
TN
Allowable Costs / Cost Principles Internal Control / Segregation of Duties
Rosita Timmons, Deputy Administrator, is currently working with the Project Officer, Jennifer Gray, to gain a better understanding of the finding and the changes necessary to comply with the site visit report. In prevoius conversations with Melody Berry, former project officer, during 2023, the chan...
Rosita Timmons, Deputy Administrator, is currently working with the Project Officer, Jennifer Gray, to gain a better understanding of the finding and the changes necessary to comply with the site visit report. In prevoius conversations with Melody Berry, former project officer, during 2023, the changes were considered acceptable. The department was moving forward with the plan to update duties. After discussing the logistics of adding Non-Medical Case Management, it was determined by the Planning Council Evaluation and Assessment Committee which consists of sub-recipients and clients that it is not feasible to add Non-Medical Case Management because it would create a barrier for the clients due to having to see multiple staff and make multiple appointments, which is something the clients and provider agreed would cause a barrier. The Evaluation Committee agreed that EIS workers could take some of those Non-Medical Case Management duties from the medical case managers which will give them more time to focus on the clients' helthcare outcomes. Final approval and acceptance of the corrective action taken is still pending. Upon final approval from the HRSA, this finding will be considered addressed and closed.
View Audit 298480
Finding 386099 (2023-001)
Significant Deficiency 2023
Sheltering Arms Housing Corporation
MO
Questioned Costs HUD Housing Programs Reporting
CORRECTIVE ACTION PLAN FOR THE YEAR ENDED JUNE 30, 2023 Title 2, U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), Subpart F, Section 511 – Audit Findings Follow-up requires the auditee to pr...
CORRECTIVE ACTION PLAN FOR THE YEAR ENDED JUNE 30, 2023 Title 2, U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance), Subpart F, Section 511 – Audit Findings Follow-up requires the auditee to prepare a corrective action plan to address each audit finding included in the current year auditor’s reports. The Corrective Action Plan for Current Year Findings present our corrective action plan for the Financial Statement and/or Federal Award Findings described in the accompanying Schedule of Findings and Questioned Costs for the period ended June 30, 2023. Finding 2023-001 Responsible Party Name: Amy Spaeth Position: Co-CEO – Management Agent Telephone Number: 816-236-2435 Federal Agency U.S. Department of Housing and Urban Development Federal Program Supportive Housing for Persons with Disabilities (Section 811) Compliance Requirements N – Special Tests and Provisions Finding Type Federal Awards Auditee’s Comment on Finding We agree with the auditor’s finding. Corrective Action We have deposited the shortfall of $4,320 into the reserve for replacement account in July 2023. We will follow our process to deposit and reconcile the reserve for replacement account on a monthly basis. Anticipated Completion Date N/A
View Audit 298479 Questioned Costs: $1
Finding 386098 (2023-001)
Significant Deficiency 2023
Granite United Way
NH
Reporting Subrecipient Monitoring
Granite United Way will establish additional policies and procedures to ensure that all Federal awards are identified and reported accurately on the SEFA and that subrecipient amounts are reconciled with the expenditures in the general ledger. The Chief Impact Officer will now prepare the initial dr...
Granite United Way will establish additional policies and procedures to ensure that all Federal awards are identified and reported accurately on the SEFA and that subrecipient amounts are reconciled with the expenditures in the general ledger. The Chief Impact Officer will now prepare the initial draft of the SEFA, including federal agency assistance listing numbers, pass-through entities, program names and subrecipient information. This draft will be reviewed by the Contracts Specialist for accuracy and comparison with the existing contracts for accurate information. The Chief Financial Officer will review the draft SEFA and compile the general ledger transactions, which will have already been reconciled with the invoice submissions to the state of NH. Cover sheets for check requests will differentiate between Subawards/Subrecipients and Procurement Contracts/Contractors when designated to the line item names Subcontracts/Agreements to ensure that procurement contracts/contractor expenses are not misclassified on the SEFA as Subawards/Subrecipient expenses.
View Audit 298472
Finding 386097 (2023-001)
Significant Deficiency 2023
City of Portsmouth
NH
Procurement, Suspension & Debarment Subrecipient Monitoring Reporting
The City of Portsmouth, New Hampshire respectfully submits the following corrective action plan for the year ended June 30, 2023. Audit period: July 1, 2022 – June 30, 2023 The finding from the schedule of findings and questioned costs is discussed below. The finding is numbered consistently with th...
The City of Portsmouth, New Hampshire respectfully submits the following corrective action plan for the year ended June 30, 2023. Audit period: July 1, 2022 – June 30, 2023 The finding from the schedule of findings and questioned costs is discussed below. The finding is numbered consistently with the number assigned in the schedule. FINDING—FEDERAL AWARD PROGRAMS AUDITS DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT 2023-001 Community Development Block Grant - Assistance Listing Number 14.218 Recommendation: We recommend the City enhance internal controls and procedures to comply with all FFATA reporting requirements. Explanation of disagreement with audit finding: There is no disagreement with the audit finding. Action taken in response to finding: Some FFATA reports were not entered timely into FSRS in FY 23. This was due to an incomplete understanding about the requirement as well as no FFATA reporting requests by the federal granting agency (HUD) to the City. All required FFATA reports were entered into the FSRS after the deadlines, and City staff responsible for FFATA reporting have completed additional training on the requirements. We do not anticipate untimely reports to the FSRS in the future. Name(s) of the contact person(s) responsible for corrective action: Elise Annunziata, Community Development Director Planned completion date for corrective action plan: All required FFATA reports were already entered into the FSRS, and City staff responsible for FFATA reporting have completed additional training on the requirements. We do not anticipate untimely reports to the FSRS in the future.
View Audit 298471
Finding 386094 (2023-004)
Significant Deficiency 2023
Municipality of Rio Grande
PR
Matching / Level of Effort / Earmarking Significant Deficiency
The implementation of the Corrective Action Plan 2023-003 will ensure that complete reports are submitted for the validation of the compliance with this finding. Additionally, we will analyze our approved budget by ACUDEN to meet supplemental the terms and conditions of the Child Care and Developmen...
The implementation of the Corrective Action Plan 2023-003 will ensure that complete reports are submitted for the validation of the compliance with this finding. Additionally, we will analyze our approved budget by ACUDEN to meet supplemental the terms and conditions of the Child Care and Development Fund Program. Implementation Date: Fiscal Year 2023-2024 Responsible Person: Mr. Ángel L. Reyes Matos, Finance Director
View Audit 298462
Finding 386093 (2023-003)
Significant Deficiency 2023
Municipality of Rio Grande
PR
Subrecipient Monitoring Reporting Significant Deficiency
As an internal control, the accountant in charge of the program will keep monthly reports of the expenditures to expedite the collection of information and submit timely and complete reports. The documentation of the reports will be physically filed and digitally saved in the accounting files. Impl...
As an internal control, the accountant in charge of the program will keep monthly reports of the expenditures to expedite the collection of information and submit timely and complete reports. The documentation of the reports will be physically filed and digitally saved in the accounting files. Implementation Date: Fiscal Year 2023-2024 Responsible Person: Mr. Ángel L. Reyes Matos, Finance Director
View Audit 298462
Sacred Heart Village II Inc.
DE
HUD Housing Programs Internal Control / Segregation of Duties
Corrective Action Plan: Sacred Heart Village II Inc. will contact its HUD representative to discuss this matter and determine if there is an obligation to repay any previous subsidies received. Contact Person Responsible for Corrective Action: Karen Smith, CFO Anticipated Completion Date of Correcti...
Corrective Action Plan: Sacred Heart Village II Inc. will contact its HUD representative to discuss this matter and determine if there is an obligation to repay any previous subsidies received. Contact Person Responsible for Corrective Action: Karen Smith, CFO Anticipated Completion Date of Corrective Action: Immediately
View Audit 298461
Sacred Heart Village II Inc.
DE
HUD Housing Programs
Corrective Action Plan: Beginning July 2023, Sacred Heart Village II Inc. began increasing its monthly deposits to the reserve for replacement account by $1,000. The Organization plans to continue making these additional payments until the account is fully funded. Contact Person Responsible for Corr...
Corrective Action Plan: Beginning July 2023, Sacred Heart Village II Inc. began increasing its monthly deposits to the reserve for replacement account by $1,000. The Organization plans to continue making these additional payments until the account is fully funded. Contact Person Responsible for Corrective Action: Karen Smith, CFO Anticipated Completion Date of Corrective Action: Approximately six years
View Audit 298461
Finding 386090 (2023-002)
Significant Deficiency 2023
Delaware College of Art and Design
DE
Questioned Costs Internal Control / Segregation of Duties Special Tests & Provisions
Internal control procedures will be strengthened between Financial Aid, the Registrar’s Office, and the Bursar’s Office.
Internal control procedures will be strengthened between Financial Aid, the Registrar’s Office, and the Bursar’s Office.
View Audit 298459 Questioned Costs: $1
Finding 386084 (2023-001)
Significant Deficiency 2023
Miracosta Community College District
CA
Special Tests & Provisions Student Financial Aid Subrecipient Monitoring
During the year-end audit testing phase, the Financial Aid office was notified in August 2023 of the deficiencies noted on this finding. The Financial Aid office immediately took action to implement the recommendations in August 2023. The District established effective controls in August 2023 to en...
During the year-end audit testing phase, the Financial Aid office was notified in August 2023 of the deficiencies noted on this finding. The Financial Aid office immediately took action to implement the recommendations in August 2023. The District established effective controls in August 2023 to ensure the return of funds occurs within 45 days from the date the institution determines the student withdrew from all classes and that the withdrawal determination is performed within the required timeframe. Additionally, the District implemented procedures in August 2023 to ensure that the academic calendar loaded in the financial aid software is accurate and based on the most up to date information. The District implemented procedures in August 2023 to ensure that the correct student status is utilized in the calculation of Return to Title IV.
View Audit 298451
Finding 386083 (2023-001)
Significant Deficiency 2023
Local Area of the Workforce Development in the Northwest
PR
Matching / Level of Effort / Earmarking Subrecipient Monitoring Period of Performance
The Corrective Action Plan in a continuous basis will be as follow: 1.Employment and Educational Fairs for the Youth Program are being developed to recruit out of school Youth and promote work experiences activity. 2. The Promotion and Dissemination staff began an aggressive campaign in different ad...
The Corrective Action Plan in a continuous basis will be as follow: 1.Employment and Educational Fairs for the Youth Program are being developed to recruit out of school Youth and promote work experiences activity. 2. The Promotion and Dissemination staff began an aggressive campaign in different advertising media to recruit out of school youth. 3. The program area has already planned for the month of May and June 2024 to carry out work experience activities coordinated with private companies and municipalities. It is planned for young people out of school and in school. 4. Both the program staff and the fiscal agent will be continuously monitoring the expense and obligations to the work experience activities to comply with the 20% expense. 5.The youth committee attached to the Northwest Local Board will comprise a representative from finance, budget and planning staff (youth program and executive) who will measure the achievement of the 20% benchmark on a quarterly basis. 6.This committee will take appropriate actions in order to verify the correctness of the expenditures according to the 20% expense requirement mentioned above. 7.This committee will provide to the Executive Director, recommendations to the operational areas in order to comply to the goal of expenditures required under sections 20CFR 681,590,681,600(a)(3) and681.600 of WIOA. 8.A report will be issue to the operational levels in accordance to the recommendations adopted by the Executive Director. 9. The public policy for the implementation of the work experience element of the youth program gave the opportunity to increase 2% of youth services. 10.The Northwest Local Area has established strategies for the dissemination of services for the youth program. This is done through the integration of social networks (lnstagram and Facebook), radio, signs, press, television and official internet page. 11.The youth area, together with the promotion unit, established an itinerary of visits to the municipalities that comprise our area in order to carry out campaigns(Work Fairs)to guide our services and recruitment. 12.We will continue to join efforts through mass campaigns with an effective strategic plan to outreach the youth program. LEAD PERSONS ACCOUNTABLE FOR ACTION ITEM COMPLETION Executive Director, Area Executive, MIS Director and Finance Director
View Audit 298447
Finding 386081 (2023-002)
Significant Deficiency 2023
Municipality of Guayama
PR
Reporting
Finding 2023-002: Reporting Head Start: Reports submitted after its due date Reportable Condition: See condition 2023-002 Recommendation: Due diligence of the supervisory personnel to ensure that reports are submitted within its due date. Action Taken: The Municipality will take the necessary steps ...
Finding 2023-002: Reporting Head Start: Reports submitted after its due date Reportable Condition: See condition 2023-002 Recommendation: Due diligence of the supervisory personnel to ensure that reports are submitted within its due date. Action Taken: The Municipality will take the necessary steps to ensure compliance with the financial reporting datelines by establishing additional procedures as part of the internal control procedures for compliance with reporting due dates.
View Audit 298442
Town of Wakefield
MA
Reporting Internal Control / Segregation of Duties
CORRECTIVE ACTION PLAN Oversight Agency for Audit: U.S. Department of Elementary and Secondary Education The Town of Wakefield, Massachusetts respectfully submits the following corrective action plan for the year ended June 30, 2023. Name and address of independent public accounting firm: ...
CORRECTIVE ACTION PLAN Oversight Agency for Audit: U.S. Department of Elementary and Secondary Education The Town of Wakefield, Massachusetts respectfully submits the following corrective action plan for the year ended June 30, 2023. Name and address of independent public accounting firm: Powers & Sullivan, LLC 100 Quannapowitt Parkway, Suite 101 Wakefield, MA 01880 Audit period: July 1, 2022 through June 30, 2023 The finding from the June 30, 2023, schedule of findings and questioned costs is discussed below. The finding is numbered consistently with the number assigned in the schedule. FINDINGS—FEDERAL AWARD PROGRAMS AUDITS U.S. DEPARTMENT OF TREASURY COVID-19 - Coronavirus State and Local Fiscal Recovery Funds Federal Assistance Listing Number 21.027 2023-001: Reporting to the Federal Government Compliance Requirement: Reporting Type of Finding: Compliance and Internal Control over Compliance – Other Matter Criteria or Specific Requirement: Grantees must comply with reporting requirements established by the U.S. Treasury that includes reporting the total grant expenditures incurred for the reporting period. Since the Town is a Non-Entitlement Unit that was allocated less than $10.0 million in funding, the Town is required to submit, to the U.S. Department of Treasury, a project and expenditure report by April 30, 2022, and annually thereafter. Condition: The Town submitted the annual project and expenditure report timely, however the expenditures reported as of June 30, 2023, did not reconcile with the Town’s accounting ledger. Questioned Costs: None Reported. Context: The Town filed the required project and expenditure report in a timely manner; however the current period expenditures and cumulative expenditures were overstated by $7,215,950 and $6,453,661, respectively. The discrepancies were due to a misunderstanding about how expenditures should be recognized on the project and expenditure report. Effect: The expenditures reported on the Town’s project and expenditure report did not match the accounting ledger. Cause: The Town reported the total allotment of Coronavirus State and Local Fiscal Recovery Funds as expended and obligated on the project and expenditure report, instead of the expenditures incurred and obligated as of March 31, 2023. Recommendation: Management should implement procedures to ensure that current period and cumulative expenditures reported on the project all expenditure report are recorded in the corresponding period that they are reported on the Town’s general ledger. The Town should amend the previous submission so that the correct expenditures are reported. Views of Responsible Officials and Planned Corrective Actions: Management made a good faith effort to submit its reporting to the U.S. Treasury on a timely basis. This was a misunderstanding regarding how the expenditures should be recognized on the project and expenditure report. Management plans to amend the previous submission and to implement procedures to properly report expenditures going forward.
View Audit 298435
Finding 386079 (2023-004)
Material Weakness 2023
Howard County
IA
Internal Control / Segregation of Duties
We have reviewed procedures and plan to make improvements to internal control.
We have reviewed procedures and plan to make improvements to internal control.
View Audit 298433
Finding 386065 (2023-002)
Significant Deficiency 2023
Rice Lake Housing Authority
WI
Subrecipient Monitoring HUD Housing Programs Internal Control / Segregation of Duties
2023-002 - Insufficient Collateral Corrective Action Planned: The Authority will closely monitor all deposits to make sure that the amount of funds on deposit are protected by federal deposit insurance, corporate surety bond, or collateral. Completion Date: June 30, 2024
2023-002 - Insufficient Collateral Corrective Action Planned: The Authority will closely monitor all deposits to make sure that the amount of funds on deposit are protected by federal deposit insurance, corporate surety bond, or collateral. Completion Date: June 30, 2024
View Audit 298424
Finding 386063 (2023-001)
Significant Deficiency 2023
Rice Lake Housing Authority
WI
Internal Control / Segregation of Duties Reporting
Corrective Action Planned: Due to the Authority's size, it is cost-prohibitive and impractical to achieve the ideal level of segregation of duties. The Authority has implemented as many controls and segregation of duties as practically possible for an organization of this size. Completion Date: Ongo...
Corrective Action Planned: Due to the Authority's size, it is cost-prohibitive and impractical to achieve the ideal level of segregation of duties. The Authority has implemented as many controls and segregation of duties as practically possible for an organization of this size. Completion Date: Ongoing
View Audit 298424
Finding 386058 (2023-002)
Significant Deficiency 2023
Ripon College
WI
Special Tests & Provisions Subrecipient Monitoring Significant Deficiency
Finding 2023-002 Sept. 27, 2023 Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm-Leach-Bliley Act, including a written information security program p...
Finding 2023-002 Sept. 27, 2023 Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for safeguarding sensitive data under the Gramm-Leach-Bliley Act, including a written information security program policy that addresses the six required minimum safeguard elements identified within 16 Code of Federal Regulations (CFR) 314.4 (b). Statement of Condition: A formal written policy was not completed and documented in fiscal 2023 which would have addressed the required written policy noted in 16 CFR 314.4 (b). Corrective Action Plan: • The College agrees and concurs with the audit finding. • The College is working with a cybersecurity partner, OculusIT (OculusIT.com) to assist us with GLBA compliance and cybersecurity hardening of the college’s IT infrastructure. OculusIT will assist us in preparing the required documentation that addresses risk assessment of all three areas noted in the finding. Many elements of GLBA compliance have already been put in place as elaborated below. • Designates a qualified individual responsible for overseeing and implementing the institution’s information security program and enforcing the information security program in compliance (16 CFR 314.4(a)). Vince Vargiya is the College’s designated qualified individual. • Provides for the information security program to be based on a risk assessment that identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information (as the term customer information applies to the institution) that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks (16 CFR 314.4(b)). OculusIT will undertake a GLBA risk assessment covering the following areas of the College: o Senior Management o IT Security o Admissions o Registrar Office o Financial Aid Office o HR and Payroll o Student Financial Services o Library Work on completing pre-audit questionnaires for each area is in progress. • Regarding a written information security policy that addresses the minimum safeguard requirements, see below. • Provides for the design and implementation of safeguards to control the risks the institution identifies through its risk assessment (16 CFR 314.4(c)). At a minimum, the institution’s written information security program must address the implementation of the minimum safeguards identified in 16 CFR 314.4(c)(1) through (8). The eight minimum safeguards that the written information security program must address are summarized as follows: o Implement and periodically review access controls. We regularly review access controls to systems containing financial data. Our formal policy will document this. o Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted. We maintain a server inventory, noting which sites contain financial information. Our formal policy will document this. o Encrypt customer information on the institution’s system and when it’s in transit. Our server data is encypted using standard SQL TDE encryption. All data transmitted to off campus partners uses the sftp protocol. Our formal policy will document this. o Assess apps developed by the institution. The College’s enterprise apps are commercially sourced, updated using vendor supplied processes per annual support contracts, and not developed in-house. Our formal policy will document this. o Implement multi-factor authentication for anyone accessing customer information on the institution’s system. All users who access Jenzabar (SIS, Financials), PowerFaids (Financial Aid) must use DUO MFA. RaisersEdge (Advancement/Donor Management) employs text or email MFA. All email accounts are secured with google 2 step authentication. Our formal policy will document this. o Dispose of customer information securely. When server hardware is decommissioned, the data drives are physically smashed. When leased endpoint systems are returned to the leasing company, their hard drives are wiped using standard software. Our formal policy will document this. o Anticipate and evaluate changes to the information system or network. We meet regularly with OculusIT to discuss changes to the network. Our endpoints are monitored for malware via a managed detection and response system. Our servers and network switches are monitored 24/7 by the Oculus SOC, and unusual events are flagged and presented to us for analysis. Our formal policy will document this. o Maintain a log of authorized users’ activity and keep an eye out for unauthorized access. We have implemented a SIEM server which monitors server and network access and activity and is monitored by the OculusIT SOC. Our formal policy will document this. • Provides for the institution to regularly test or otherwise monitor the effectiveness of the safeguards it has implemented (16 CFR 314.4(d)). We have implemented a SIEM server which monitors server and network access and activity and is monitored by the OculusIT SOC. We receive weekly reports on any server vulnerabilities. We actively work to remediate identified vulnerabilities. We have implemented annual penetration testing, and have completed testing for 2023. We have remediated identified penetration issues. Our formal policy will document this. • Provides for the implementation of policies and procedures to ensure that personnel are able to enact the information security program (16 CFR 314.4(e)(1)). We require semi annual security awareness training and monthly phishing testing through KnowBe4. Our formal policy will document this. • Addresses how the institution will oversee its information system service providers (16 CFR 314.4(f)). We require providers to submit SOC1 or HECVAT documentation. Our formal policy will document this. • Provides for the evaluation and adjustment of its information security program in light of the results of the required testing and monitoring; any material changes to its operations or business arrangements; the results of the required risk assessments; or any other circumstances that it knows or has reason to know may have a material impact the institution’s information security program (16 CFR 314.4(g)). We work with OculusIT to follow up on results of testing and risk assessments. For example, we rescan our network to follow up on the results of pen testing. We meet with the Oculus SOC team to discuss server vulnerabilities uncovered on a monthly basis. Our formal policy will document this process. Names of Contact Persons Responsible for Corrective Action Plan: Gary Rodman (Senior Director of Information Technology), rodmang@ripon.edu, 920-748-8343 Vince Vargiya (Vice President Information Security | CISO, OculusIT) vince_varigiya@oculusit.com 844-462-8587 ext. 193 Anticipated Completion Date: Implementation of this plan began in March 2023, focusing on infrastructure hardening. Formal written polices will be put in place no later than June 30, 2024.
View Audit 298423
Finding 386053 (2023-001)
Significant Deficiency 2023
Ripon College
WI
Special Tests & Provisions Student Financial Aid Reporting
Finding 2023-001 Sept. 26, 2023 Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the Natio...
Finding 2023-001 Sept. 26, 2023 Criteria: The College is responsible for designing, implementing, and maintaining internal control over compliance for special tests and provisions and for accurately reporting significant data elements under the Campus-Level and Program-Level records within the National Student Loan Data System (NSLDS) that Department of Education (DOE) considers high risk. Statement of Condition: Management's review of the enrollment reporting did not detect errors on certain student data elements. Certain student records within the NSLDS were identified with inaccurate data elements. Corrective Action Plan: • The College agrees and concurs with the audit finding. • The Registrar’s Office has reviewed and remediated all files that were not accurately reported data elements in NSLDS as of September 2023. • The Registrar’s Office will work with the Financial Aid Office to review and regularly monitor student campus and program level enrollment status, especially in the cases of those that have dropped below full time, and are no longer enrolled for various reasons. • The Registrar’s Office will monitor the NSC error report which states discrepancies between NSC and NSLDS. • The Registrar’s Office will work with NSC to remediate processing issues between NSC and NSLDS reports in order to ensure that NSLDS is receiving accurate information. Names of Contact Persons Responsible for Corrective Action Plan: Michele Wittler (Associate Dean of Faculty and Registrar), wittlerm@ripon.edu, 920-748-8119 Katy Crane (Assistant Registrar), cranek@ripon.edu, 920-748-8119 Linda Kinziger (Director of Financial Aid), kinzigerl@ripon.edu, 920-748-8358 Anticipated Completion Date: This plan has been implemented with corrections already made as of September 2023 by the Registrar’s Office. It will be finalized with the fiscal year June 30, 2024 year-end review of Enrollment Reporting.
View Audit 298423
« 1 1313 1314 1316 1317 2143 »