Federal Agency: United States Department of Health and Human Services (HHS) Federal Program: Research & Development ALN Number: Various Federal Award Years: Various Criteria Internal Controls Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements of Federal Awards, (2 CFR 200) section 200.303(a) states, the non federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non federal entity is managing the federal award in compliance with federal statues, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition The Health System utilizes Workday, a cloud based system, to provide human resources and payroll applications. The Health System’s management of Workday includes maintaining the application system layer of the information technology (IT) control environment. The Health System relies on the Workday vendor to support infrastructure layers through Service Organization Control (SOC) Type-1 reporting. Processes that support compliance and administration of the R&D program rely on Workday IT application controls. The Health System also utilizes Infor, a cloud based system, as the entity’s general ledger. The Health System's management of Infor includes maintaining the application system layer of the IT control environment and relies on the Infor vendor to support infrastructure layers through SOC 1 reporting. Processes that support compliance and administration of the R&D program rely on Infor IT application control. During our testing, we observed there were no inappropriate changes to the Workday and Infor application controls directly related to specific controls over compliance related to the R&D program, however we noted the following deficiencies in operating effectiveness of the Health System’s general IT controls environment: Workday 1) The Health System performed and documented a Workday change review during the fiscal year; however, the supporting document did not include sufficient appropriate evidence demonstrating such review. Specifically, management maintained an Excel spreadsheet that noted the changes to the business process definitions were appropriate; however, there were no screenshots to document the completeness and accuracy of the report from the system, or evidence of the sign off by the reviewer. Additionally, we noted appropriate evidence of testing and/or approval was not maintained for 4 of 25 sampled changes during the period. 2) The Health System performed a Workday User Access Review (UAR) during the fiscal year and maintained certain evidence demonstrating the UAR occurred, including required access updates; however, the Health System did not maintain specific evidence that all users were reviewed, approved and updated where necessary (i.e. evidence of the completeness & accuracy for pre and post user listing was not available). 3) With respect to our access removal testing, we noted that the Health System implemented automated controls to remove terminated user access in both Workday and Infor, following processing in Workday. We also tested a sample of 25 terminated users to determine whether their access was removed timely and noted that 9 of the sampled users were not removed timely prior processing in Workday. Cause The conditions above relate to the following, respectively: 1) The condition occurred because the Health System did not formally define the procedures to establish requirements for the change review, including retaining evidence of the completeness and accuracy of the review. Additionally, management does not have a centralized process for maintaining evidence of testing and approval for changes. 2) The condition occurred because the Health System did not formally define the procedures to document a complete and accurate UAR. 3) The exception occurred due to delays in supervisors’ timely reporting of terminations. Possible Asserted Effect Failure to have a reliable general IT control environment over logical access and change management may result in unauthorized changes being made to Workday, which may result in erroneous reliance on the operating effectiveness of automated IT controls, over allowability. Failure to have effective internal controls over allowability may result in federal awards being utilized for unallowable expenditures not in accordance with the federal statues, regulations, and terms and conditions of federal awards. Questioned Costs None. Statistical Sampling The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding Yes. Recommendation We recommend that management review and emphasize the change management policies and procedures with key personnel to help ensure that the Workday change review is performed to address change management risks for the system. In addition, we recommend that evidence related to the review, as well as the testing and approval of changes is maintained. Additionally, we recommend that management maintain documentation of the completeness and accuracy of the user access review to ensure that all users are reviewed, approved, and corrective actions taken. Views of Responsible Officials Recommendation accepted. Please refer to corrective action plan.
Federal Agency: United States Department of Health and Human Services (HHS) Federal Program: Research & Development ALN Number: Various Federal Award Years: Various Criteria Internal Controls Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements of Federal Awards, (2 CFR 200) section 200.303(a) states, the non federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non federal entity is managing the federal award in compliance with federal statues, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition The Health System utilizes Workday, a cloud based system, to provide human resources and payroll applications. The Health System’s management of Workday includes maintaining the application system layer of the information technology (IT) control environment. The Health System relies on the Workday vendor to support infrastructure layers through Service Organization Control (SOC) Type-1 reporting. Processes that support compliance and administration of the R&D program rely on Workday IT application controls. The Health System also utilizes Infor, a cloud based system, as the entity’s general ledger. The Health System's management of Infor includes maintaining the application system layer of the IT control environment and relies on the Infor vendor to support infrastructure layers through SOC 1 reporting. Processes that support compliance and administration of the R&D program rely on Infor IT application control. During our testing, we observed there were no inappropriate changes to the Workday and Infor application controls directly related to specific controls over compliance related to the R&D program, however we noted the following deficiencies in operating effectiveness of the Health System’s general IT controls environment: Workday 1) The Health System performed and documented a Workday change review during the fiscal year; however, the supporting document did not include sufficient appropriate evidence demonstrating such review. Specifically, management maintained an Excel spreadsheet that noted the changes to the business process definitions were appropriate; however, there were no screenshots to document the completeness and accuracy of the report from the system, or evidence of the sign off by the reviewer. Additionally, we noted appropriate evidence of testing and/or approval was not maintained for 4 of 25 sampled changes during the period. 2) The Health System performed a Workday User Access Review (UAR) during the fiscal year and maintained certain evidence demonstrating the UAR occurred, including required access updates; however, the Health System did not maintain specific evidence that all users were reviewed, approved and updated where necessary (i.e. evidence of the completeness & accuracy for pre and post user listing was not available). 3) With respect to our access removal testing, we noted that the Health System implemented automated controls to remove terminated user access in both Workday and Infor, following processing in Workday. We also tested a sample of 25 terminated users to determine whether their access was removed timely and noted that 9 of the sampled users were not removed timely prior processing in Workday. Cause The conditions above relate to the following, respectively: 1) The condition occurred because the Health System did not formally define the procedures to establish requirements for the change review, including retaining evidence of the completeness and accuracy of the review. Additionally, management does not have a centralized process for maintaining evidence of testing and approval for changes. 2) The condition occurred because the Health System did not formally define the procedures to document a complete and accurate UAR. 3) The exception occurred due to delays in supervisors’ timely reporting of terminations. Possible Asserted Effect Failure to have a reliable general IT control environment over logical access and change management may result in unauthorized changes being made to Workday, which may result in erroneous reliance on the operating effectiveness of automated IT controls, over allowability. Failure to have effective internal controls over allowability may result in federal awards being utilized for unallowable expenditures not in accordance with the federal statues, regulations, and terms and conditions of federal awards. Questioned Costs None. Statistical Sampling The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding Yes. Recommendation We recommend that management review and emphasize the change management policies and procedures with key personnel to help ensure that the Workday change review is performed to address change management risks for the system. In addition, we recommend that evidence related to the review, as well as the testing and approval of changes is maintained. Additionally, we recommend that management maintain documentation of the completeness and accuracy of the user access review to ensure that all users are reviewed, approved, and corrective actions taken. Views of Responsible Officials Recommendation accepted. Please refer to corrective action plan.
Federal Agency: United States Department of Health and Human Services (HHS) Federal Program: Research & Development ALN Number: Various Federal Award Years: Various Criteria Internal Controls Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements of Federal Awards, (2 CFR 200) section 200.303(a) states, the non federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non federal entity is managing the federal award in compliance with federal statues, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition The Health System utilizes Workday, a cloud based system, to provide human resources and payroll applications. The Health System’s management of Workday includes maintaining the application system layer of the information technology (IT) control environment. The Health System relies on the Workday vendor to support infrastructure layers through Service Organization Control (SOC) Type-1 reporting. Processes that support compliance and administration of the R&D program rely on Workday IT application controls. The Health System also utilizes Infor, a cloud based system, as the entity’s general ledger. The Health System's management of Infor includes maintaining the application system layer of the IT control environment and relies on the Infor vendor to support infrastructure layers through SOC 1 reporting. Processes that support compliance and administration of the R&D program rely on Infor IT application control. During our testing, we observed there were no inappropriate changes to the Workday and Infor application controls directly related to specific controls over compliance related to the R&D program, however we noted the following deficiencies in operating effectiveness of the Health System’s general IT controls environment: Workday 1) The Health System performed and documented a Workday change review during the fiscal year; however, the supporting document did not include sufficient appropriate evidence demonstrating such review. Specifically, management maintained an Excel spreadsheet that noted the changes to the business process definitions were appropriate; however, there were no screenshots to document the completeness and accuracy of the report from the system, or evidence of the sign off by the reviewer. Additionally, we noted appropriate evidence of testing and/or approval was not maintained for 4 of 25 sampled changes during the period. 2) The Health System performed a Workday User Access Review (UAR) during the fiscal year and maintained certain evidence demonstrating the UAR occurred, including required access updates; however, the Health System did not maintain specific evidence that all users were reviewed, approved and updated where necessary (i.e. evidence of the completeness & accuracy for pre and post user listing was not available). 3) With respect to our access removal testing, we noted that the Health System implemented automated controls to remove terminated user access in both Workday and Infor, following processing in Workday. We also tested a sample of 25 terminated users to determine whether their access was removed timely and noted that 9 of the sampled users were not removed timely prior processing in Workday. Cause The conditions above relate to the following, respectively: 1) The condition occurred because the Health System did not formally define the procedures to establish requirements for the change review, including retaining evidence of the completeness and accuracy of the review. Additionally, management does not have a centralized process for maintaining evidence of testing and approval for changes. 2) The condition occurred because the Health System did not formally define the procedures to document a complete and accurate UAR. 3) The exception occurred due to delays in supervisors’ timely reporting of terminations. Possible Asserted Effect Failure to have a reliable general IT control environment over logical access and change management may result in unauthorized changes being made to Workday, which may result in erroneous reliance on the operating effectiveness of automated IT controls, over allowability. Failure to have effective internal controls over allowability may result in federal awards being utilized for unallowable expenditures not in accordance with the federal statues, regulations, and terms and conditions of federal awards. Questioned Costs None. Statistical Sampling The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding Yes. Recommendation We recommend that management review and emphasize the change management policies and procedures with key personnel to help ensure that the Workday change review is performed to address change management risks for the system. In addition, we recommend that evidence related to the review, as well as the testing and approval of changes is maintained. Additionally, we recommend that management maintain documentation of the completeness and accuracy of the user access review to ensure that all users are reviewed, approved, and corrective actions taken. Views of Responsible Officials Recommendation accepted. Please refer to corrective action plan.
Federal Agency: United States Department of Health and Human Services (HHS) Federal Program: Research & Development ALN Number: Various Federal Award Years: Various Criteria Internal Controls Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements of Federal Awards, (2 CFR 200) section 200.303(a) states, the non federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non federal entity is managing the federal award in compliance with federal statues, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition The Health System utilizes Workday, a cloud based system, to provide human resources and payroll applications. The Health System’s management of Workday includes maintaining the application system layer of the information technology (IT) control environment. The Health System relies on the Workday vendor to support infrastructure layers through Service Organization Control (SOC) Type-1 reporting. Processes that support compliance and administration of the R&D program rely on Workday IT application controls. The Health System also utilizes Infor, a cloud based system, as the entity’s general ledger. The Health System's management of Infor includes maintaining the application system layer of the IT control environment and relies on the Infor vendor to support infrastructure layers through SOC 1 reporting. Processes that support compliance and administration of the R&D program rely on Infor IT application control. During our testing, we observed there were no inappropriate changes to the Workday and Infor application controls directly related to specific controls over compliance related to the R&D program, however we noted the following deficiencies in operating effectiveness of the Health System’s general IT controls environment: Workday 1) The Health System performed and documented a Workday change review during the fiscal year; however, the supporting document did not include sufficient appropriate evidence demonstrating such review. Specifically, management maintained an Excel spreadsheet that noted the changes to the business process definitions were appropriate; however, there were no screenshots to document the completeness and accuracy of the report from the system, or evidence of the sign off by the reviewer. Additionally, we noted appropriate evidence of testing and/or approval was not maintained for 4 of 25 sampled changes during the period. 2) The Health System performed a Workday User Access Review (UAR) during the fiscal year and maintained certain evidence demonstrating the UAR occurred, including required access updates; however, the Health System did not maintain specific evidence that all users were reviewed, approved and updated where necessary (i.e. evidence of the completeness & accuracy for pre and post user listing was not available). 3) With respect to our access removal testing, we noted that the Health System implemented automated controls to remove terminated user access in both Workday and Infor, following processing in Workday. We also tested a sample of 25 terminated users to determine whether their access was removed timely and noted that 9 of the sampled users were not removed timely prior processing in Workday. Cause The conditions above relate to the following, respectively: 1) The condition occurred because the Health System did not formally define the procedures to establish requirements for the change review, including retaining evidence of the completeness and accuracy of the review. Additionally, management does not have a centralized process for maintaining evidence of testing and approval for changes. 2) The condition occurred because the Health System did not formally define the procedures to document a complete and accurate UAR. 3) The exception occurred due to delays in supervisors’ timely reporting of terminations. Possible Asserted Effect Failure to have a reliable general IT control environment over logical access and change management may result in unauthorized changes being made to Workday, which may result in erroneous reliance on the operating effectiveness of automated IT controls, over allowability. Failure to have effective internal controls over allowability may result in federal awards being utilized for unallowable expenditures not in accordance with the federal statues, regulations, and terms and conditions of federal awards. Questioned Costs None. Statistical Sampling The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding Yes. Recommendation We recommend that management review and emphasize the change management policies and procedures with key personnel to help ensure that the Workday change review is performed to address change management risks for the system. In addition, we recommend that evidence related to the review, as well as the testing and approval of changes is maintained. Additionally, we recommend that management maintain documentation of the completeness and accuracy of the user access review to ensure that all users are reviewed, approved, and corrective actions taken. Views of Responsible Officials Recommendation accepted. Please refer to corrective action plan.
Federal Agency: United States Department of Health and Human Services (HHS) Federal Program: Research & Development ALN Number: Various Federal Award Years: Various Criteria Internal Controls Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements of Federal Awards, (2 CFR 200) section 200.303(a) states, the non federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non federal entity is managing the federal award in compliance with federal statues, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition The Health System utilizes Workday, a cloud based system, to provide human resources and payroll applications. The Health System’s management of Workday includes maintaining the application system layer of the information technology (IT) control environment. The Health System relies on the Workday vendor to support infrastructure layers through Service Organization Control (SOC) Type-1 reporting. Processes that support compliance and administration of the R&D program rely on Workday IT application controls. The Health System also utilizes Infor, a cloud based system, as the entity’s general ledger. The Health System's management of Infor includes maintaining the application system layer of the IT control environment and relies on the Infor vendor to support infrastructure layers through SOC 1 reporting. Processes that support compliance and administration of the R&D program rely on Infor IT application control. During our testing, we observed there were no inappropriate changes to the Workday and Infor application controls directly related to specific controls over compliance related to the R&D program, however we noted the following deficiencies in operating effectiveness of the Health System’s general IT controls environment: Workday 1) The Health System performed and documented a Workday change review during the fiscal year; however, the supporting document did not include sufficient appropriate evidence demonstrating such review. Specifically, management maintained an Excel spreadsheet that noted the changes to the business process definitions were appropriate; however, there were no screenshots to document the completeness and accuracy of the report from the system, or evidence of the sign off by the reviewer. Additionally, we noted appropriate evidence of testing and/or approval was not maintained for 4 of 25 sampled changes during the period. 2) The Health System performed a Workday User Access Review (UAR) during the fiscal year and maintained certain evidence demonstrating the UAR occurred, including required access updates; however, the Health System did not maintain specific evidence that all users were reviewed, approved and updated where necessary (i.e. evidence of the completeness & accuracy for pre and post user listing was not available). 3) With respect to our access removal testing, we noted that the Health System implemented automated controls to remove terminated user access in both Workday and Infor, following processing in Workday. We also tested a sample of 25 terminated users to determine whether their access was removed timely and noted that 9 of the sampled users were not removed timely prior processing in Workday. Cause The conditions above relate to the following, respectively: 1) The condition occurred because the Health System did not formally define the procedures to establish requirements for the change review, including retaining evidence of the completeness and accuracy of the review. Additionally, management does not have a centralized process for maintaining evidence of testing and approval for changes. 2) The condition occurred because the Health System did not formally define the procedures to document a complete and accurate UAR. 3) The exception occurred due to delays in supervisors’ timely reporting of terminations. Possible Asserted Effect Failure to have a reliable general IT control environment over logical access and change management may result in unauthorized changes being made to Workday, which may result in erroneous reliance on the operating effectiveness of automated IT controls, over allowability. Failure to have effective internal controls over allowability may result in federal awards being utilized for unallowable expenditures not in accordance with the federal statues, regulations, and terms and conditions of federal awards. Questioned Costs None. Statistical Sampling The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding Yes. Recommendation We recommend that management review and emphasize the change management policies and procedures with key personnel to help ensure that the Workday change review is performed to address change management risks for the system. In addition, we recommend that evidence related to the review, as well as the testing and approval of changes is maintained. Additionally, we recommend that management maintain documentation of the completeness and accuracy of the user access review to ensure that all users are reviewed, approved, and corrective actions taken. Views of Responsible Officials Recommendation accepted. Please refer to corrective action plan.
Federal Agency: United States Department of Health and Human Services (HHS) Federal Program: Research & Development ALN Number: Various Federal Award Years: Various Criteria Internal Controls Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements of Federal Awards, (2 CFR 200) section 200.303(a) states, the non federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non federal entity is managing the federal award in compliance with federal statues, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition The Health System utilizes Workday, a cloud based system, to provide human resources and payroll applications. The Health System’s management of Workday includes maintaining the application system layer of the information technology (IT) control environment. The Health System relies on the Workday vendor to support infrastructure layers through Service Organization Control (SOC) Type-1 reporting. Processes that support compliance and administration of the R&D program rely on Workday IT application controls. The Health System also utilizes Infor, a cloud based system, as the entity’s general ledger. The Health System's management of Infor includes maintaining the application system layer of the IT control environment and relies on the Infor vendor to support infrastructure layers through SOC 1 reporting. Processes that support compliance and administration of the R&D program rely on Infor IT application control. During our testing, we observed there were no inappropriate changes to the Workday and Infor application controls directly related to specific controls over compliance related to the R&D program, however we noted the following deficiencies in operating effectiveness of the Health System’s general IT controls environment: Workday 1) The Health System performed and documented a Workday change review during the fiscal year; however, the supporting document did not include sufficient appropriate evidence demonstrating such review. Specifically, management maintained an Excel spreadsheet that noted the changes to the business process definitions were appropriate; however, there were no screenshots to document the completeness and accuracy of the report from the system, or evidence of the sign off by the reviewer. Additionally, we noted appropriate evidence of testing and/or approval was not maintained for 4 of 25 sampled changes during the period. 2) The Health System performed a Workday User Access Review (UAR) during the fiscal year and maintained certain evidence demonstrating the UAR occurred, including required access updates; however, the Health System did not maintain specific evidence that all users were reviewed, approved and updated where necessary (i.e. evidence of the completeness & accuracy for pre and post user listing was not available). 3) With respect to our access removal testing, we noted that the Health System implemented automated controls to remove terminated user access in both Workday and Infor, following processing in Workday. We also tested a sample of 25 terminated users to determine whether their access was removed timely and noted that 9 of the sampled users were not removed timely prior processing in Workday. Cause The conditions above relate to the following, respectively: 1) The condition occurred because the Health System did not formally define the procedures to establish requirements for the change review, including retaining evidence of the completeness and accuracy of the review. Additionally, management does not have a centralized process for maintaining evidence of testing and approval for changes. 2) The condition occurred because the Health System did not formally define the procedures to document a complete and accurate UAR. 3) The exception occurred due to delays in supervisors’ timely reporting of terminations. Possible Asserted Effect Failure to have a reliable general IT control environment over logical access and change management may result in unauthorized changes being made to Workday, which may result in erroneous reliance on the operating effectiveness of automated IT controls, over allowability. Failure to have effective internal controls over allowability may result in federal awards being utilized for unallowable expenditures not in accordance with the federal statues, regulations, and terms and conditions of federal awards. Questioned Costs None. Statistical Sampling The sample was not intended to be, and was not, a statistically valid sample. Repeat Finding Yes. Recommendation We recommend that management review and emphasize the change management policies and procedures with key personnel to help ensure that the Workday change review is performed to address change management risks for the system. In addition, we recommend that evidence related to the review, as well as the testing and approval of changes is maintained. Additionally, we recommend that management maintain documentation of the completeness and accuracy of the user access review to ensure that all users are reviewed, approved, and corrective actions taken. Views of Responsible Officials Recommendation accepted. Please refer to corrective action plan.
2024-001 (Repeat Finding) Retaining Sliding Scale Determination Documentation Special Tests and Provisions ALN 93.224 Health Center Program (Community Health Centers, Migrant Health Centers, Health Care for the Homeless, and Public Housing Primary Care) US Department of Health and Human Services Contract Numbers H80CS30749-06 and H80CS30749-07 Contract Periods April 1, 2022 – March 31, 2023 and April 1, 2023 – March 31, 2024 Conditions and Criteria: The requirement under 45 CFR 75.361 provides requirements for the retention of records for grantees. In addition, 2 CFR 200.303 provides requirements to establish and maintain effective internal controls over Federal awards. Specifically, it states that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Health and Human Services awarding agency of pass-through entity in the case of a subrecipient. In the 2023 audit, for 5 out of 40 samples selected for testing, it was noted that OCHS did not retain the proper documents that the patients had submitted that included their income and family size or the documents completed by OCHS showing the sliding fee discount determination for these patients. Effect: The effect is that records that are required to be retained were not retained and evidence of how the sliding fee discount was determined could not be examined. Questioned Costs: Any likely questioned costs could not be determined since compliance testing was unable to be performed due to the lack of documentation. It should be noted that there were no exceptions for 35 samples that were able to be tested, and for 5 samples with insufficient documentation, 3 had partial documentation of income (i.e., pay stubs) and 2 had no documentation of income as it was not maintained. However, the sliding scale calculation was completed for all 40 samples. Cause: Determining the sliding fee discount level for each patient is reassessed on an annual basis. During the year, there was employee turnover in the compliance department. Although OCHS has a records retention policy, there was a lack of monitoring in place to ensure that the requirement under 45 CFR 75.361 was adhered to. Auditor Recommendation: A procedure should be put in place to monitor whether the record retention policy is followed. Current Status: During the current year, fiscal 2024 audit testing, 5 of 40 samples lacked support for the sliding fee scale determination. However, for all 5 samples it was noted the sliding fee was determined during fiscal 2023. There is a three-year documentation retention requirement per 45 CFR 200.303. If asked to produce documentation for fiscal year 2023, OCHS would not be able to do so, therefore, the 2023 fiscal year finding was repeated. Planned Corrective Action: See the following Corrective Action Plan section for management’s planned corrective action.
2024-001 (Repeat Finding) Retaining Sliding Scale Determination Documentation Special Tests and Provisions ALN 93.224 Health Center Program (Community Health Centers, Migrant Health Centers, Health Care for the Homeless, and Public Housing Primary Care) US Department of Health and Human Services Contract Numbers H80CS30749-06 and H80CS30749-07 Contract Periods April 1, 2022 – March 31, 2023 and April 1, 2023 – March 31, 2024 Conditions and Criteria: The requirement under 45 CFR 75.361 provides requirements for the retention of records for grantees. In addition, 2 CFR 200.303 provides requirements to establish and maintain effective internal controls over Federal awards. Specifically, it states that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Health and Human Services awarding agency of pass-through entity in the case of a subrecipient. In the 2023 audit, for 5 out of 40 samples selected for testing, it was noted that OCHS did not retain the proper documents that the patients had submitted that included their income and family size or the documents completed by OCHS showing the sliding fee discount determination for these patients. Effect: The effect is that records that are required to be retained were not retained and evidence of how the sliding fee discount was determined could not be examined. Questioned Costs: Any likely questioned costs could not be determined since compliance testing was unable to be performed due to the lack of documentation. It should be noted that there were no exceptions for 35 samples that were able to be tested, and for 5 samples with insufficient documentation, 3 had partial documentation of income (i.e., pay stubs) and 2 had no documentation of income as it was not maintained. However, the sliding scale calculation was completed for all 40 samples. Cause: Determining the sliding fee discount level for each patient is reassessed on an annual basis. During the year, there was employee turnover in the compliance department. Although OCHS has a records retention policy, there was a lack of monitoring in place to ensure that the requirement under 45 CFR 75.361 was adhered to. Auditor Recommendation: A procedure should be put in place to monitor whether the record retention policy is followed. Current Status: During the current year, fiscal 2024 audit testing, 5 of 40 samples lacked support for the sliding fee scale determination. However, for all 5 samples it was noted the sliding fee was determined during fiscal 2023. There is a three-year documentation retention requirement per 45 CFR 200.303. If asked to produce documentation for fiscal year 2023, OCHS would not be able to do so, therefore, the 2023 fiscal year finding was repeated. Planned Corrective Action: See the following Corrective Action Plan section for management’s planned corrective action.
2024-001 (Repeat Finding) Retaining Sliding Scale Determination Documentation Special Tests and Provisions ALN 93.224 Health Center Program (Community Health Centers, Migrant Health Centers, Health Care for the Homeless, and Public Housing Primary Care) US Department of Health and Human Services Contract Numbers H80CS30749-06 and H80CS30749-07 Contract Periods April 1, 2022 – March 31, 2023 and April 1, 2023 – March 31, 2024 Conditions and Criteria: The requirement under 45 CFR 75.361 provides requirements for the retention of records for grantees. In addition, 2 CFR 200.303 provides requirements to establish and maintain effective internal controls over Federal awards. Specifically, it states that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Health and Human Services awarding agency of pass-through entity in the case of a subrecipient. In the 2023 audit, for 5 out of 40 samples selected for testing, it was noted that OCHS did not retain the proper documents that the patients had submitted that included their income and family size or the documents completed by OCHS showing the sliding fee discount determination for these patients. Effect: The effect is that records that are required to be retained were not retained and evidence of how the sliding fee discount was determined could not be examined. Questioned Costs: Any likely questioned costs could not be determined since compliance testing was unable to be performed due to the lack of documentation. It should be noted that there were no exceptions for 35 samples that were able to be tested, and for 5 samples with insufficient documentation, 3 had partial documentation of income (i.e., pay stubs) and 2 had no documentation of income as it was not maintained. However, the sliding scale calculation was completed for all 40 samples. Cause: Determining the sliding fee discount level for each patient is reassessed on an annual basis. During the year, there was employee turnover in the compliance department. Although OCHS has a records retention policy, there was a lack of monitoring in place to ensure that the requirement under 45 CFR 75.361 was adhered to. Auditor Recommendation: A procedure should be put in place to monitor whether the record retention policy is followed. Current Status: During the current year, fiscal 2024 audit testing, 5 of 40 samples lacked support for the sliding fee scale determination. However, for all 5 samples it was noted the sliding fee was determined during fiscal 2023. There is a three-year documentation retention requirement per 45 CFR 200.303. If asked to produce documentation for fiscal year 2023, OCHS would not be able to do so, therefore, the 2023 fiscal year finding was repeated. Planned Corrective Action: See the following Corrective Action Plan section for management’s planned corrective action.
2024-001 (Repeat Finding) Retaining Sliding Scale Determination Documentation Special Tests and Provisions ALN 93.224 Health Center Program (Community Health Centers, Migrant Health Centers, Health Care for the Homeless, and Public Housing Primary Care) US Department of Health and Human Services Contract Numbers H80CS30749-06 and H80CS30749-07 Contract Periods April 1, 2022 – March 31, 2023 and April 1, 2023 – March 31, 2024 Conditions and Criteria: The requirement under 45 CFR 75.361 provides requirements for the retention of records for grantees. In addition, 2 CFR 200.303 provides requirements to establish and maintain effective internal controls over Federal awards. Specifically, it states that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Health and Human Services awarding agency of pass-through entity in the case of a subrecipient. In the 2023 audit, for 5 out of 40 samples selected for testing, it was noted that OCHS did not retain the proper documents that the patients had submitted that included their income and family size or the documents completed by OCHS showing the sliding fee discount determination for these patients. Effect: The effect is that records that are required to be retained were not retained and evidence of how the sliding fee discount was determined could not be examined. Questioned Costs: Any likely questioned costs could not be determined since compliance testing was unable to be performed due to the lack of documentation. It should be noted that there were no exceptions for 35 samples that were able to be tested, and for 5 samples with insufficient documentation, 3 had partial documentation of income (i.e., pay stubs) and 2 had no documentation of income as it was not maintained. However, the sliding scale calculation was completed for all 40 samples. Cause: Determining the sliding fee discount level for each patient is reassessed on an annual basis. During the year, there was employee turnover in the compliance department. Although OCHS has a records retention policy, there was a lack of monitoring in place to ensure that the requirement under 45 CFR 75.361 was adhered to. Auditor Recommendation: A procedure should be put in place to monitor whether the record retention policy is followed. Current Status: During the current year, fiscal 2024 audit testing, 5 of 40 samples lacked support for the sliding fee scale determination. However, for all 5 samples it was noted the sliding fee was determined during fiscal 2023. There is a three-year documentation retention requirement per 45 CFR 200.303. If asked to produce documentation for fiscal year 2023, OCHS would not be able to do so, therefore, the 2023 fiscal year finding was repeated. Planned Corrective Action: See the following Corrective Action Plan section for management’s planned corrective action.
No written procedures for advance receipt of federal award payments Assistance Listing Number: 21.027 Program Title: Coronavirus State and Local Fiscal Recovery Funds Pass-through Entity: Alabama Department of Environmental Management Contract Number and Year: FS-10269-02 and CS010896-01 2023 Finding Type: Significant Deficiency Known Questioned Costs: None Criteria – 2 CFR Section 200.303(a) requires nonfederal entities receiving federal awards to establish and maintain internal control over the federal awards that provides reasonable assurance that the nonfederal entity is managing the federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards. 2 CFR 200.305 Federal Payment requires nonfederal entities to establish written procedures to implement the requirements of cash management of federal funding. Condition – The Organization received federal funds prior to paying contractors and had no written procedures in place for appropriately handling those funds. Cause – The Organization has not developed or implemented written procedures for appropriately handling advance federal funds. Effect – Possible noncompliance with requirements of the program. Recommendation – The Organization should develop, implement and comply with written procedures to meet the requirements of 2 CFR Section 200.303(a) and 2 CFR 200.305 Federal Payment. Views of responsible officials – The Mayor has implemented policies to no longer hold contractor invoices until ARPA funding is received but will follow the reimbursement guidelines per the grant agreements.
No written procedures for advance receipt of federal award payments Assistance Listing Number: 21.027 Program Title: Coronavirus State and Local Fiscal Recovery Funds Pass-through Entity: Alabama Department of Environmental Management Contract Number and Year: FS-10269-02 and CS010896-01 2023 Finding Type: Significant Deficiency Known Questioned Costs: None Criteria – 2 CFR Section 200.303(a) requires nonfederal entities receiving federal awards to establish and maintain internal control over the federal awards that provides reasonable assurance that the nonfederal entity is managing the federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards. 2 CFR 200.305 Federal Payment requires nonfederal entities to establish written procedures to implement the requirements of cash management of federal funding. Condition – The Organization received federal funds prior to paying contractors and had no written procedures in place for appropriately handling those funds. Cause – The Organization has not developed or implemented written procedures for appropriately handling advance federal funds. Effect – Possible noncompliance with requirements of the program. Recommendation – The Organization should develop, implement and comply with written procedures to meet the requirements of 2 CFR Section 200.303(a) and 2 CFR 200.305 Federal Payment. Views of responsible officials – The Mayor has implemented policies to no longer hold contractor invoices until ARPA funding is received but will follow the reimbursement guidelines per the grant agreements.
Criteria: Per Title 2 CFR § 200.516, the auditor must report known questioned costs greater than $25,000 for a Federal program that is not audited as a major program. In addition, Title 2 CFR § 200.303 requires the recipient of federal funds establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Condition: As part of a review performed by METRO’s internal audit department (METRO IA) over the activities of the vanpool department in fiscal year 2024, METRO IA identified certain questioned costs incurred and reimbursed as part of the Highway Planning and Construction program administered by the Texas Department of Transportation (TXDOT). These questioned costs were communicated by METRO management to TXDOT and they are working with TXDOT on final resolution. The Highway Planning and Construction program was not a major program in fiscal year 2024 subject to a single audit. We did not identify any other similar costs in the major programs tested. Total questioned cost identified through the METRO IA procedures was $262,794. Total expenditures for the Highway Planning and Construction program were $744,358. Cause: The Vanpool department did not have adequate internal controls and processes in place to ensure that department personnel properly understood grant requirements and that program costs were properly calculated and allowable in accordance with the grant agreements. Effect: Certain of the costs incurred and submitted for reimbursement by METRO were unallowable. Auditor’s Recommendation: METRO should establish appropriate processes and controls to guide personnel in the determination of allowable costs in accordance with grant agreements. In particular, management should focus on the processes and controls associated with the vanpool department.
Reference Number: 2024-04 Compliance Requirement: Reporting Type of Finding: Internal control and Compliance Internal Control Impact: Material weakness Compliance Impact: Material Noncompliance . AL Number and Title: 84.425 – COVID-19 Education Stabilization Fund Federal Awarding Agency: U.S. Department of Education Federal Award Number: None Pass-through Entity: Alabama Department of Education Pass-through Award Number: None Questioned Costs: None Condition: The Board could not provide a copy, with supporting documentation, of the annual required information submission to the Alabama Department of Education for the federal program. Criteria: Per 2 CFR § 200.303, the non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Cause: Internal controls are not in place to ensure that the reports submitted to the pass-through entity are adequately supported by information derived from the accounting system. No evidence of review by someone other than the preparer is maintained. Effect: Information provided to the Alabama Department of Education may be incorrect or incomplete or not submitted timely. Recommendation: Internal controls should be developed to ensure that reports are completed and submitted timely, are supported by information derived from the accounting system, and are reviewed and approved prior to being submitted to the State of Alabama. Client Response: We agree with this finding.
United States Department of Agriculture Federal Financial Assistance Listing #10.766 Communities Facilities Loans and Grants USDA Rural Development Building Loan 97‐07 & 97‐08 Special Tests and Provisions Material Weakness in Internal Control over Compliance and Noncompliance Criteria: 2 CFR 200.303(a) establishes that the auditee must establish and maintain effective internal control over the federal award that provides assurance that the entity is managing the federal award in compliance with federal statutes, regulations, and conditions of the federal award. Section 4 of the loan resolution security agreements dated March 28, 2012 states the Hospital must set aside a reserve amount which may be established as a bookkeeping account or as a separate bank account. Funds may be deposited in institutions insured by state and federal government or invested in marketable securities backed by the full faith and credit of the United States. Condition: As a part of the audit process, a reclassification entry was made to move the funds from the cash sweep general fund to a separate bookkeeping account. Management did not track the funds in a separate bank or bookkeeping account throughout the year. The Hospital had excess cash available to cover the required reserve amount for the fiscal year. Cause: The Hospital was unaware the funds were required to be tracked throughout the year and maintained in a separate bookkeeping account or as a separate bank account. Effect: The Hospital could be in violation of the reserve amount requirements if management is not monitoring compliance. Questioned Costs: None reported. Context/Sampling: Sampling was not used. Repeat Finding from Prior Years: Yes, prior year finding 2023‐004. Recommendation: We recommend the Hospital transfer the required reserve amount to a separate bookkeeping account in the trial balance or establish a separate bank account and ensure the funds are deposited monthly in institutions insured by state and federal governments or invested in marketable securities backed by the full faith and credit of the United States. Controls should be established and documented to monitor compliance with the reserve fund provision. Views of Responsible Officials: Management agrees with the finding.
2024-003: Preparation of Schedule of Expenditures of Federal Awards (SEFA) Finding Type: Material Weakness in Internal Controls and Noncompliance (Activities Allowed or Unallowed, Allowable Costs/Cost Principles, Reporting) Federal Program: U.S. Department of Treasury – Local Assistance and Tribal Consistency Fund (AL #21.032) Criteria: The Code of Federal Regulations (CFR) Section 200.303(b) requires non-Federal entities to establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and terms and conditions of the Federal award. CFR Section 200.502(a) states that the determination of when a Federal award is expended should be based on when the activity related to the Federal award occurs. Generally, the activity pertains to events that require the non-Federal entity to comply with Federal statutes, regulations, and the terms and conditions of Federal awards, such as expenditure/expense transactions associated with grant awards. The County reports expenditures on the SEFA when the expenditure has been incurred, or on the accrual basis of accounting, in accordance with generally accepted accounting principles. CFR Section 200.510(b) requires the auditee to prepare a SEFA for the period covered by the auditee’s financial statements which must include the total Federal awards expended as determined in accordance with CFR Section 200.502(a), as stated above, and must reconcile amounts reported in the SEFA to the amounts reported in the auditee’s financial statements. Condition: The SEFA was not appropriately reconciled to federal grant revenues and expenditures recorded in the financial statements. Changes were made during the closing process and during the completion of the single audit to properly report expenditures on the SEFA. Closing procedures should be in place to reconcile grant expenditures incurred at year-end, confirm the amount as eligible with the grantor, claim the grant revenues on a timely basis, reconcile the claim to the general ledger, and ensure the expenditures that will be claimed under federal awards are properly reported on the SEFA and audited financial statements prior to the start of the single audit. If expenditures reported on the SEFA are misstated, the County could fail to have a program appropriately identified as a major program and tested as a major program during the single audit. Failure to have a program audited during the single audit would result in noncompliance with Title 2 U.S. Code of Federal Regulations Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (Uniform Guidance). Cause: Closing procedures were not in place and management did not effectively communicate with County departments responsible for administering federal awards to identify all federal grant related activity. Effect: County personnel were unable to provide a complete SEFA in the appropriate format prior to the start of the annual financial statement audit and were uncertain if a single audit was required. The SEFA required material adjustments to include all federal expenditures prior to the beginning of the single audit. Questioned Costs: No costs have been questioned as a result of this finding. Recommendation: We recommend that management meet with department heads throughout the year and during the closing process to identify all expenditures under federal awards. Training should be provided to all staff to make sure they are aware of the importance of accurately reconciling and claiming grant expenditures on a timely basis and providing the information to management for inclusion on the SEFA. Views of Responsible Officials: The County will work to improve closing processes and communications with various departments to ensure the SEFA is complete and accurate.
2024-004: Written Policies Required by the Uniform Guidance Finding Type: Material Weakness in Internal Controls and Noncompliance (Activities Allowed or Unallowed, Allowable Costs/Cost Principles, Reporting) Federal Program: U.S. Department of Treasury – Local Assistance and Tribal Consistency Fund (AL #21.032) Criteria: The County does not have written policies and procedures to implement the requirements of 2 CFR section 200 for the administration of federal awards. The Uniform Guidance requires a non-federal entity that has expended federal awards for a grant on or after December 26, 2014 to have written policies pertaining to: 1) advance payments and reimbursements (financial management); 2) determination of allowable costs; 3) compensation (personnel and benefits policies); 4) travel costs; and 5) procurement procedures. 2 CFR 200.303(a) establishes that the auditee must establish and maintain effective internal controls over the federal awards that provide assurance that the entity is managing the federal awards in compliance with federal statutes, regulations, and the conditions of the federal award. Condition: The County does not have processes or written policies in place to conform to all of the requirements in the Uniform Guidance. Cause: The County has not reviewed and updated its policies and procedures for continued changes in grants and the Uniform Guidance. Effect: As a result of this condition, the County did not fully comply with the Uniform Guidance. Questioned Costs: No costs have been questioned as a result of this finding. Recommendation: We recommend that the County adopt formal written policies covering these areas as soon as practical. Views of Responsible Officials: The County will work to update policies and procedures and to formalize responsibilities.
Criteria - Uniform Guidance (2 CFR §200.303) requires recipients of federal awards to establish and maintain effective internal controls over compliance. Specifically, 24 CFR §982.201 and related program requirements for the Housing Choice Voucher Program (HCV) (Assistance Listing Number 14.871) mandate: 1) Documentation of eligibility (including citizenship/immigration status and income verification). 2) Signed lease agreements between the tenant and owner. 3) Rent reasonableness determinations for all units. 4) Housing Quality Standards (HQS) inspections must be documented prior to lease-up and annually thereafter. 5) Recertifications (HUD-50058) and authorizations to release information (HUD-9886) must be on file. Condition - During testing of 40 participant files, we were unable to verify compliance with key program requirements due to missing documentation as detailed below: Deficiency Number of Files Affected Missing signed application 19 out of 40 Missing signed lease agreement 29 out of 40 Missing proof of citizenship/eligible immigration status 20 out of 40 Missing documentation of independent income verification 11 out of 40 Missing HUD-50058 recertification 11 out of 40 Missing HUD-9886 (Authorization for Release of Information) 14 out of 40 Missing documentation of rent reasonableness 18 out of 40 Missing HQS inspection documentation 25 out of 40 Cause - The Authority did not maintain adequate documentation in participant files, indicating a lack of effective internal controls over file management and compliance monitoring. Effect - The absence of required documentation increases the risk of non-compliance with HUD regulations, which may result in findings during HUD reviews or audits and possible loss of HUD funding or sanctions if deficiencies are not corrected. Questioned Costs - Due to missing documentation, the allowability of housing assistance payments for the impacted participants cannot be determined. Statistical Sampling - The sample was not intended to be, and was not, a statistically valid sample. Recommendation - To address the deficiencies identified in the HCV Program tenant files, we recommend that the Authority implement comprehensive measures to strengthen compliance and improve internal controls. First, the Authority should conduct a full review of all tenant files to identify and resolve missing documentation, using a standardized checklist to ensure all required documents are included in each file. Management’s Response - (a) Comments on the finding and recommendation - The Authority agrees with the finding. The Authority also agrees with the recommendations, please see below for action taken. (b) Action taken - The Authority will conduct a thorough review of all tenant files to identify and resolve missing documentation, including signed applications, lease agreements, proof of citizenship or eligible immigration status, independent income verification, HUD forms (50058 and 9886), rent reasonableness documentation, and HQS inspection records. Staff will work to obtain missing documents from tenants, landlords, or other necessary parties. A standardized checklist should be used to ensure all required items are present in each file moving forward. (c) Planned implementation date of corrective action - Completed by September 30, 2025.
Finding Number: 2024-001 Prior Year Finding Number: 2023-002 Compliance Requirement: Matching, Level of Effort, Earmarking Program: U.S. Department of Agriculture Supplemental Nutrition Assistance Program (SNAP) Cluster ALN: 10.551, 10.561 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS)/ Economic Security Administration (ESA) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Per 2 CFR Section 277.4(b), Federal reimbursement rate, states that the base percentage for Federal payment shall be 50 percent of State agencies’ allowable SNAP administrative costs. Per review of the Settlement Agreement from the U.S. Department of Health and Human Services Departmental Appeals Board dated September 13, 1999, the District of Columbia is required to spend an additional $1,620,000 in local funds for the SNAP grant match each year by making an adjustment of $1,620,000 to the expenditures charged to the federal grant. Condition – During the testing of the SNAP Matching, Level of Effort, Earmarking compliance requirement, we noted that two (2) out of four (4) quarterly SF-425 reports tested, which were for quarters ended March 30, 2024 and June 30, 2024, had the issues that resulted in this finding. The SF-425 reports tested were approved and certified, and DHS/ESA exceeded the required SNAP Matching amount of $41,509,067. However, the Office of the Chief Financial Officer (OCFO) for DHS/ESA was unable to provide supporting documentation that would allow us to agree specific amounts reported for (1) Quality Control, (2) Fraud Control, (3) ADP Operations, and (4) Outreach. The total calculated amount by OCFO for DHS/ESA reported as the actual match on the SF-425 report, excluding New Investment, was $43,129,064. However, the total recalculated amount by auditors to be reported as the actual match was $43,199,416. Variance between these two amounts was $70,352. In addition, during the testing of the SNAP Matching, Level of Effort, Earmarking compliance requirement, we noted that the OCFO team for Human Support Services Cluster inadvertently failed to deduct the $1,620,000 adjustment from the Federal Share of Administrative Expenditures on the SEFA to comply with the Settlement Agreement with the U.S. Department of Health and Human Services Departmental Appeals Board dated September 13, 1999. The Settlement Agreement requires the District of Columbia to spend $1,620,000 in local funds for the SNAP grant each year, which the Agency decided to reflect as a deduction from the Federal Share of Administrative Expenditures on the SEFA. Furthermore, as a result of the Random Movement Time Study, the Agency needed to move expenses from the SNAP bucket in the DIFS System and the Agency inadvertently moved $158,834 less expenses. Consequently, the Federal Share of Administrative Expenditures on the SEFA is higher compared to the Federal Share of Administrative Expenditures reported on SF-425 report. Questioned Costs – None. Context – This is a condition identified per review of DHS/ESA’s compliance through the OCFO team with specified requirements using a statistically valid sample. Effect – OCFO for DHS/ESA is not in compliance with the stated provisions. Without adequate internal controls to ensure reconciliation of the amounts reported for the matching requirements and other pertinent information, there is an increased risk that matching and other pertinent information will not be properly reported. Cause – OCFO for DHS/ESA does not appear to have adequate policies and procedures in place to ensure that the amounts reported for the matching requirement and other pertinent information are accurate and supported. Recommendation – We recommend that OCFO for DHS/ESA strengthen its policies and procedures to ensure that amounts for SNAP matching requirements and other pertinent information are properly reported and that related reports are reviewed for compliance with program requirements as well as completeness and accuracy prior to submission. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – DHS concurs with the finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-002 Prior Year Finding Number: 2023-003 Compliance Requirement: Special Tests and Provisions – ADP System for SNAP Program: U.S. Department of Agriculture Supplemental Nutrition Assistance Program (SNAP) Cluster ALN: 10.551, 10.561 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS)/ Department of Health Care Finance (DHCF) DC Access System (DCAS) Program Management Administration Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Per 7 CFR Section 272.10(a), “All State agencies are required to sufficiently automate their SNAP operations and computerize their systems for obtaining, maintaining, utilizing, and transmitting information concerning SNAP.” Per 7 CFR Section 272.10(b), “In order to meet the requirements of the Act and ensure the efficient and effective administration of the program, a SNAP system, at a minimum, shall be automated in each of the following program areas (1) Certification and (2) Issuance Reconciliation and Reporting. Under Certification – States agencies must determine eligibility and calculate benefits or validate the eligibility worker’s calculations by processing and storing all casefile information necessary for the eligibility determination and benefit computation (including but not limited to all household members’ names, addresses, dates of birth, social security numbers, individual household members’ earned and unearned income by source, deductions, resources and household size). Also, State agencies must redetermine or revalidate eligibility and benefits based on notices of change in households’ circumstances.” Condition – The District is self-reporting findings it noted from its ongoing efforts to resolve issues with the ADP system for SNAP. The issues identified and the estimated impact follows: 1. Failure to Send Correct and Timely Notices to SNAP Households - Notices pertaining to SNAP eligibility contain incorrect information, and/or SNAP applicants and recipients fail to receive proper notices. For example, in the Federal Fiscal Year (FFY) 2018 Local Program Access Review (PAR), Food and Nutrition Service (FNS) cited that SNAP applicants did not receive a Notice of Eligibility or notice contained incorrect information, no notice of required verification, and the notice of adverse action was incorrect. 2. Untimely Processing of SNAP Applications and Periodic Reports - On October 23, 2017, FNS advised DHS that its application processing timeliness (APT) rate between October 2016 and March 2017 was 88.45%, which triggered corrective action per FNS policy. Moreover, between that last APT report and now, DHS has disclosed that it has experienced processing backlogs of varying severity and persistence to FNS via ongoing communications and as part of waiver requests. DHS also provided a report to FNS in August 2022 that indicated significant application processing backlogs. 3. Establishment of Duplicate Accounts - DHS discovered that duplicate Product Delivery Cases (PDC) were being created in DCAS. One PDC was active and the other closed, but the closed PDC was still receiving benefits. 4. Issuance of Duplicate Payment - As a result of duplicate accounts in Deficiency 3, duplicate payments may have been issued to the same household when a caseworker reactivated a closed case. There is also a possibility that customers who received duplicate electronic benefits transfer (EBT) cards from different EBT vendors may have received duplicate payments. 5. Failure to Implement Computer Matching System - Based on the FFY18 Program Integrity Management Evaluation (ME) review, DHS failed to process Prisoner Verification System (PVS) matches, deceased matches, and National Directory of New Hires (NDNH) matches in accordance with federal requirements. 6. Failure to Produce System Computations to Support Recipient Claims - DCAS does not have the ability to calculate overpayments or send a demand letter. FNS correspondence letters dated October 18, 2017, and September 20, 2018, advised DHS to suspend the establishment of DCAS claims but allowed DHS to continue servicing ACEDS claims. 7. Treasury Offset Program (TOP) Reporting and Maintenance Decertified - FNS conducted a TOP Technical Review in June 2021 and DHS was decertified from TOP due to the following: • Referral of customers to TOP that are undergoing recoupment. • Incorrect determination of the date of delinquency. • Incorrect debt balance and debt status in TOP. 8. Failure to Initiate Recoupment on Active Households - When DCAS launched in October 2016, more than 3,000 claim cases with outstanding balances originating from SNAP overpayments were converted from ACEDS to DCAS. Some claims were not properly converted or activated in DCAS. As a result, DHS failed to take the required recovery actions, including TOP recovery or activation of the recoupment process through EBT cards. 9. Recipient and Benefit Integrity Report Update Required - DHS must provide an update on the target completion dates for system generation of all SNAP-related reports currently being created through manual intervention. The plan must include the procedures for reviewing and ensuring the accuracy of the data being submitted to Food Programs Reporting System (FPRS) with particular emphasis on the FNS-209 and the FNS-366B reports. DHS experienced some technical challenges in processing and retrieving claim and recoupment information accurately since the launch of DCAS in October 2016, which affected the FNS-209 quarterly reports. The Payment and Collections Division (PCD) and the DCAS report development team have made concerted efforts to improve the ability to generate data for the reports but continue to have difficulties in verifying the accuracy of data due in part to the laborious manual processes involved. Based on the FFY 2018 Program Integrity ME review, lines 3b, 10, and 14 of the FNS-209 failed to reconcile with the detailed documentation. 10. Work Requirements Have Not Been Properly Implemented - DHS is not in compliance with the requirement to accurately report on the FNS 583. DHS is unprepared to implement the work requirement and time limit for able-bodied adults without dependents when the current suspension mandated by the Families First Coronavirus Response Act ends and/or its waiver ends. Additionally, the District is not prepared to apply the Able-Bodied Adults Without Dependents (ABAWD) time limits when their ABAWD waiver expires. 11. Failure to Analyze Client Complaints and Include in the State’s Corrective Action Plans (CAP) Where Appropriate - DHS is failing to analyze client complaints and include in the State’s CAP where appropriate, per 7 CFR 271.6(a)(3) and 275.16. 12. The SNAP Application Does Not Clearly Explain Which Questions Are Required for SNAP - FNS reviewers found that the District’s SNAP application does not provide clear directions about which questions are required for SNAP, versus Cash or Medical Assistance. For example, Step 5 of the application asks “Does anyone in your household (including non-applicants) have any income? Yes – complete below; No – skip to step 6 (Complete if you are applying for Food, Medical, or Cash Assistance).” The directions are confusing and may be difficult to understand. Questioned Costs – Not determinable. Context – This is a condition identified per review of DHS’ compliance with specified requirements resulting from a system implementation. Effect – Without an effectively designed and operated system in place, ineligible beneficiaries may receive benefits under the SNAP grant and DHS may make payments on behalf of those beneficiaries resulting in noncompliance with the eligibility requirements. Inaccurate beneficiary allotment payments could result in participants receiving benefits that they are not entitled to receive under the program. Cause – DHS did not effectively design and operate the ADP system for SNAP which resulted to inaccurate benefit payments. Recommendation – We recommend that DHS continue to evaluate and improve the new ADP system for SNAP to ensure that it addresses all the administration requirements of the SNAP program. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – The DHS and DHCF DCAS team agree with the findings noted in this report. DHS self-reported these findings as part of the agency’s ongoing effort to maintain integrity with all eligibility determinations. The root cause of each of the twelve (12) case issues with the ADP system for SNAP varied. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-003 Prior Year Finding Number: 2023-004 Compliance Requirement: Special Tests and Provisions – EBT Card Security Program: U.S. Department of Agriculture Supplemental Nutrition Assistance Program (SNAP) Cluster ALN: 10.551, 10.561 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS)/ Office of the Chief Financial Officer/Office of Finance and Treasury (OCFO/OFT) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Per 7 CFR Section 274.8(b)(3), As an addition to or component of the Security Program required of Automated Data Processing (ADP) systems, the State agency shall ensure that the following electronic benefits transfer (EBT) security requirements are established: (i) Storage and control measures to control blank unissued EBT cards and PINs, and unused or spare POS devices; (ii) Measures to ensure communication access control. Communication controls shall include the transmission of transaction data and issuance information from POS terminals to work-stations and terminals at the data processing center; (iii) Message validation; (iv) Administrative and operational procedures; (v) A separate EBT security component shall be incorporated into the State agency Security Program for ADP systems. The periodic risk analyses required by the Security Program shall address the following items specific to an EBT system – (B) Completeness and timeliness of the reconciliation system; and (vi) The State agency shall incorporate the contingency plan approved by FNS into the Security Program. Condition – OCFO/OFT for DHS are required to maintain adequate security over, and documentation/records for EBT cards, to prevent their theft, embezzlement, loss damage, destruction, unauthorized transfer, negotiation, or use. OCFO/OFT have contracted with Fidelity National Information Service (FIS) for the issuance and security of the EBT cards; however, it is OCFO/OFT’s ultimate responsibility to ensure the contractor has controls in place to maintain adequate security over, and documentation/records of EBT cards in accordance with 7 CFR Section 274.8(b)(3). During our tests of the design and implementation of internal controls and compliance requirements in accordance with 7 CFR Section 274.8(b)(3), we noted the following issues: • For seventeen (17) out of the 60 samples, out of a population of 496 days from two EBT card centers, although both EBT Balance Sheets reconciled with the EBT Card Issuance Logs included in the package, we noted the following deficiencies: o For fourteen (14) out of the samples, we noted various issues including (a) the ID type for identification purposes was missing, (b) the customer case number was missing, (c) the Photo ID Program Referral Form was missing, (d) the identification type was noted as referral on the EBT Intake Form, but no referral form was attached, (e) the UPO EBT Center Intake Form was not signed by staff who created the card, and (f) the EBT Card Destruction log was missing. o For two (2) out of the samples, we noted that the required authorizations by a DHS Supervisor and eligibility staff was missing. o For one (1) out of the samples, we noted that the EBT Card Issuance Log had a wrong date. • In addition, for one (1) out of the 60 samples, we noted that the information on the summary reconciliation sheet did not agree to the Card Issuance Log. The summary reconciliation sheet shows 40 cards issued while the Card Issuance Log shows a total of 39 cards issued. These exceptions resulted in the Agency not being in compliance with 7 CFR Section 274.8(b)(3). Questioned Costs – None. Context – This is a condition identified per review of DHS’ compliance with specified requirements using a statistically valid sample. Effect – Without adequate internal controls to ensure compliance with EBT Card Security requirements, there is an increased risk that the inventory of EBT cards will not be properly maintained and accounted for, or that the program will not be in compliance with program requirements. Cause – OCFO/OFT for DHS does not have adequate policies and procedures in place to ensure adequate safeguarding, documentation over issuance and monitoring of EBT cards. Recommendation - We recommend that OCFO/OFT for DHS strengthen formal policies and procedures to maintain adequate security over, and documentation/records for EBT Cards. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – The OCFO/OFT for DHS concurs with this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-001 Prior Year Finding Number: 2023-002 Compliance Requirement: Matching, Level of Effort, Earmarking Program: U.S. Department of Agriculture Supplemental Nutrition Assistance Program (SNAP) Cluster ALN: 10.551, 10.561 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS)/ Economic Security Administration (ESA) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Per 2 CFR Section 277.4(b), Federal reimbursement rate, states that the base percentage for Federal payment shall be 50 percent of State agencies’ allowable SNAP administrative costs. Per review of the Settlement Agreement from the U.S. Department of Health and Human Services Departmental Appeals Board dated September 13, 1999, the District of Columbia is required to spend an additional $1,620,000 in local funds for the SNAP grant match each year by making an adjustment of $1,620,000 to the expenditures charged to the federal grant. Condition – During the testing of the SNAP Matching, Level of Effort, Earmarking compliance requirement, we noted that two (2) out of four (4) quarterly SF-425 reports tested, which were for quarters ended March 30, 2024 and June 30, 2024, had the issues that resulted in this finding. The SF-425 reports tested were approved and certified, and DHS/ESA exceeded the required SNAP Matching amount of $41,509,067. However, the Office of the Chief Financial Officer (OCFO) for DHS/ESA was unable to provide supporting documentation that would allow us to agree specific amounts reported for (1) Quality Control, (2) Fraud Control, (3) ADP Operations, and (4) Outreach. The total calculated amount by OCFO for DHS/ESA reported as the actual match on the SF-425 report, excluding New Investment, was $43,129,064. However, the total recalculated amount by auditors to be reported as the actual match was $43,199,416. Variance between these two amounts was $70,352. In addition, during the testing of the SNAP Matching, Level of Effort, Earmarking compliance requirement, we noted that the OCFO team for Human Support Services Cluster inadvertently failed to deduct the $1,620,000 adjustment from the Federal Share of Administrative Expenditures on the SEFA to comply with the Settlement Agreement with the U.S. Department of Health and Human Services Departmental Appeals Board dated September 13, 1999. The Settlement Agreement requires the District of Columbia to spend $1,620,000 in local funds for the SNAP grant each year, which the Agency decided to reflect as a deduction from the Federal Share of Administrative Expenditures on the SEFA. Furthermore, as a result of the Random Movement Time Study, the Agency needed to move expenses from the SNAP bucket in the DIFS System and the Agency inadvertently moved $158,834 less expenses. Consequently, the Federal Share of Administrative Expenditures on the SEFA is higher compared to the Federal Share of Administrative Expenditures reported on SF-425 report. Questioned Costs – None. Context – This is a condition identified per review of DHS/ESA’s compliance through the OCFO team with specified requirements using a statistically valid sample. Effect – OCFO for DHS/ESA is not in compliance with the stated provisions. Without adequate internal controls to ensure reconciliation of the amounts reported for the matching requirements and other pertinent information, there is an increased risk that matching and other pertinent information will not be properly reported. Cause – OCFO for DHS/ESA does not appear to have adequate policies and procedures in place to ensure that the amounts reported for the matching requirement and other pertinent information are accurate and supported. Recommendation – We recommend that OCFO for DHS/ESA strengthen its policies and procedures to ensure that amounts for SNAP matching requirements and other pertinent information are properly reported and that related reports are reviewed for compliance with program requirements as well as completeness and accuracy prior to submission. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – DHS concurs with the finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-002 Prior Year Finding Number: 2023-003 Compliance Requirement: Special Tests and Provisions – ADP System for SNAP Program: U.S. Department of Agriculture Supplemental Nutrition Assistance Program (SNAP) Cluster ALN: 10.551, 10.561 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS)/ Department of Health Care Finance (DHCF) DC Access System (DCAS) Program Management Administration Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Per 7 CFR Section 272.10(a), “All State agencies are required to sufficiently automate their SNAP operations and computerize their systems for obtaining, maintaining, utilizing, and transmitting information concerning SNAP.” Per 7 CFR Section 272.10(b), “In order to meet the requirements of the Act and ensure the efficient and effective administration of the program, a SNAP system, at a minimum, shall be automated in each of the following program areas (1) Certification and (2) Issuance Reconciliation and Reporting. Under Certification – States agencies must determine eligibility and calculate benefits or validate the eligibility worker’s calculations by processing and storing all casefile information necessary for the eligibility determination and benefit computation (including but not limited to all household members’ names, addresses, dates of birth, social security numbers, individual household members’ earned and unearned income by source, deductions, resources and household size). Also, State agencies must redetermine or revalidate eligibility and benefits based on notices of change in households’ circumstances.” Condition – The District is self-reporting findings it noted from its ongoing efforts to resolve issues with the ADP system for SNAP. The issues identified and the estimated impact follows: 1. Failure to Send Correct and Timely Notices to SNAP Households - Notices pertaining to SNAP eligibility contain incorrect information, and/or SNAP applicants and recipients fail to receive proper notices. For example, in the Federal Fiscal Year (FFY) 2018 Local Program Access Review (PAR), Food and Nutrition Service (FNS) cited that SNAP applicants did not receive a Notice of Eligibility or notice contained incorrect information, no notice of required verification, and the notice of adverse action was incorrect. 2. Untimely Processing of SNAP Applications and Periodic Reports - On October 23, 2017, FNS advised DHS that its application processing timeliness (APT) rate between October 2016 and March 2017 was 88.45%, which triggered corrective action per FNS policy. Moreover, between that last APT report and now, DHS has disclosed that it has experienced processing backlogs of varying severity and persistence to FNS via ongoing communications and as part of waiver requests. DHS also provided a report to FNS in August 2022 that indicated significant application processing backlogs. 3. Establishment of Duplicate Accounts - DHS discovered that duplicate Product Delivery Cases (PDC) were being created in DCAS. One PDC was active and the other closed, but the closed PDC was still receiving benefits. 4. Issuance of Duplicate Payment - As a result of duplicate accounts in Deficiency 3, duplicate payments may have been issued to the same household when a caseworker reactivated a closed case. There is also a possibility that customers who received duplicate electronic benefits transfer (EBT) cards from different EBT vendors may have received duplicate payments. 5. Failure to Implement Computer Matching System - Based on the FFY18 Program Integrity Management Evaluation (ME) review, DHS failed to process Prisoner Verification System (PVS) matches, deceased matches, and National Directory of New Hires (NDNH) matches in accordance with federal requirements. 6. Failure to Produce System Computations to Support Recipient Claims - DCAS does not have the ability to calculate overpayments or send a demand letter. FNS correspondence letters dated October 18, 2017, and September 20, 2018, advised DHS to suspend the establishment of DCAS claims but allowed DHS to continue servicing ACEDS claims. 7. Treasury Offset Program (TOP) Reporting and Maintenance Decertified - FNS conducted a TOP Technical Review in June 2021 and DHS was decertified from TOP due to the following: • Referral of customers to TOP that are undergoing recoupment. • Incorrect determination of the date of delinquency. • Incorrect debt balance and debt status in TOP. 8. Failure to Initiate Recoupment on Active Households - When DCAS launched in October 2016, more than 3,000 claim cases with outstanding balances originating from SNAP overpayments were converted from ACEDS to DCAS. Some claims were not properly converted or activated in DCAS. As a result, DHS failed to take the required recovery actions, including TOP recovery or activation of the recoupment process through EBT cards. 9. Recipient and Benefit Integrity Report Update Required - DHS must provide an update on the target completion dates for system generation of all SNAP-related reports currently being created through manual intervention. The plan must include the procedures for reviewing and ensuring the accuracy of the data being submitted to Food Programs Reporting System (FPRS) with particular emphasis on the FNS-209 and the FNS-366B reports. DHS experienced some technical challenges in processing and retrieving claim and recoupment information accurately since the launch of DCAS in October 2016, which affected the FNS-209 quarterly reports. The Payment and Collections Division (PCD) and the DCAS report development team have made concerted efforts to improve the ability to generate data for the reports but continue to have difficulties in verifying the accuracy of data due in part to the laborious manual processes involved. Based on the FFY 2018 Program Integrity ME review, lines 3b, 10, and 14 of the FNS-209 failed to reconcile with the detailed documentation. 10. Work Requirements Have Not Been Properly Implemented - DHS is not in compliance with the requirement to accurately report on the FNS 583. DHS is unprepared to implement the work requirement and time limit for able-bodied adults without dependents when the current suspension mandated by the Families First Coronavirus Response Act ends and/or its waiver ends. Additionally, the District is not prepared to apply the Able-Bodied Adults Without Dependents (ABAWD) time limits when their ABAWD waiver expires. 11. Failure to Analyze Client Complaints and Include in the State’s Corrective Action Plans (CAP) Where Appropriate - DHS is failing to analyze client complaints and include in the State’s CAP where appropriate, per 7 CFR 271.6(a)(3) and 275.16. 12. The SNAP Application Does Not Clearly Explain Which Questions Are Required for SNAP - FNS reviewers found that the District’s SNAP application does not provide clear directions about which questions are required for SNAP, versus Cash or Medical Assistance. For example, Step 5 of the application asks “Does anyone in your household (including non-applicants) have any income? Yes – complete below; No – skip to step 6 (Complete if you are applying for Food, Medical, or Cash Assistance).” The directions are confusing and may be difficult to understand. Questioned Costs – Not determinable. Context – This is a condition identified per review of DHS’ compliance with specified requirements resulting from a system implementation. Effect – Without an effectively designed and operated system in place, ineligible beneficiaries may receive benefits under the SNAP grant and DHS may make payments on behalf of those beneficiaries resulting in noncompliance with the eligibility requirements. Inaccurate beneficiary allotment payments could result in participants receiving benefits that they are not entitled to receive under the program. Cause – DHS did not effectively design and operate the ADP system for SNAP which resulted to inaccurate benefit payments. Recommendation – We recommend that DHS continue to evaluate and improve the new ADP system for SNAP to ensure that it addresses all the administration requirements of the SNAP program. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – The DHS and DHCF DCAS team agree with the findings noted in this report. DHS self-reported these findings as part of the agency’s ongoing effort to maintain integrity with all eligibility determinations. The root cause of each of the twelve (12) case issues with the ADP system for SNAP varied. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-003 Prior Year Finding Number: 2023-004 Compliance Requirement: Special Tests and Provisions – EBT Card Security Program: U.S. Department of Agriculture Supplemental Nutrition Assistance Program (SNAP) Cluster ALN: 10.551, 10.561 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS)/ Office of the Chief Financial Officer/Office of Finance and Treasury (OCFO/OFT) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Per 7 CFR Section 274.8(b)(3), As an addition to or component of the Security Program required of Automated Data Processing (ADP) systems, the State agency shall ensure that the following electronic benefits transfer (EBT) security requirements are established: (i) Storage and control measures to control blank unissued EBT cards and PINs, and unused or spare POS devices; (ii) Measures to ensure communication access control. Communication controls shall include the transmission of transaction data and issuance information from POS terminals to work-stations and terminals at the data processing center; (iii) Message validation; (iv) Administrative and operational procedures; (v) A separate EBT security component shall be incorporated into the State agency Security Program for ADP systems. The periodic risk analyses required by the Security Program shall address the following items specific to an EBT system – (B) Completeness and timeliness of the reconciliation system; and (vi) The State agency shall incorporate the contingency plan approved by FNS into the Security Program. Condition – OCFO/OFT for DHS are required to maintain adequate security over, and documentation/records for EBT cards, to prevent their theft, embezzlement, loss damage, destruction, unauthorized transfer, negotiation, or use. OCFO/OFT have contracted with Fidelity National Information Service (FIS) for the issuance and security of the EBT cards; however, it is OCFO/OFT’s ultimate responsibility to ensure the contractor has controls in place to maintain adequate security over, and documentation/records of EBT cards in accordance with 7 CFR Section 274.8(b)(3). During our tests of the design and implementation of internal controls and compliance requirements in accordance with 7 CFR Section 274.8(b)(3), we noted the following issues: • For seventeen (17) out of the 60 samples, out of a population of 496 days from two EBT card centers, although both EBT Balance Sheets reconciled with the EBT Card Issuance Logs included in the package, we noted the following deficiencies: o For fourteen (14) out of the samples, we noted various issues including (a) the ID type for identification purposes was missing, (b) the customer case number was missing, (c) the Photo ID Program Referral Form was missing, (d) the identification type was noted as referral on the EBT Intake Form, but no referral form was attached, (e) the UPO EBT Center Intake Form was not signed by staff who created the card, and (f) the EBT Card Destruction log was missing. o For two (2) out of the samples, we noted that the required authorizations by a DHS Supervisor and eligibility staff was missing. o For one (1) out of the samples, we noted that the EBT Card Issuance Log had a wrong date. • In addition, for one (1) out of the 60 samples, we noted that the information on the summary reconciliation sheet did not agree to the Card Issuance Log. The summary reconciliation sheet shows 40 cards issued while the Card Issuance Log shows a total of 39 cards issued. These exceptions resulted in the Agency not being in compliance with 7 CFR Section 274.8(b)(3). Questioned Costs – None. Context – This is a condition identified per review of DHS’ compliance with specified requirements using a statistically valid sample. Effect – Without adequate internal controls to ensure compliance with EBT Card Security requirements, there is an increased risk that the inventory of EBT cards will not be properly maintained and accounted for, or that the program will not be in compliance with program requirements. Cause – OCFO/OFT for DHS does not have adequate policies and procedures in place to ensure adequate safeguarding, documentation over issuance and monitoring of EBT cards. Recommendation - We recommend that OCFO/OFT for DHS strengthen formal policies and procedures to maintain adequate security over, and documentation/records for EBT Cards. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – The OCFO/OFT for DHS concurs with this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-001 Prior Year Finding Number: 2023-002 Compliance Requirement: Matching, Level of Effort, Earmarking Program: U.S. Department of Agriculture Supplemental Nutrition Assistance Program (SNAP) Cluster ALN: 10.551, 10.561 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS)/ Economic Security Administration (ESA) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Per 2 CFR Section 277.4(b), Federal reimbursement rate, states that the base percentage for Federal payment shall be 50 percent of State agencies’ allowable SNAP administrative costs. Per review of the Settlement Agreement from the U.S. Department of Health and Human Services Departmental Appeals Board dated September 13, 1999, the District of Columbia is required to spend an additional $1,620,000 in local funds for the SNAP grant match each year by making an adjustment of $1,620,000 to the expenditures charged to the federal grant. Condition – During the testing of the SNAP Matching, Level of Effort, Earmarking compliance requirement, we noted that two (2) out of four (4) quarterly SF-425 reports tested, which were for quarters ended March 30, 2024 and June 30, 2024, had the issues that resulted in this finding. The SF-425 reports tested were approved and certified, and DHS/ESA exceeded the required SNAP Matching amount of $41,509,067. However, the Office of the Chief Financial Officer (OCFO) for DHS/ESA was unable to provide supporting documentation that would allow us to agree specific amounts reported for (1) Quality Control, (2) Fraud Control, (3) ADP Operations, and (4) Outreach. The total calculated amount by OCFO for DHS/ESA reported as the actual match on the SF-425 report, excluding New Investment, was $43,129,064. However, the total recalculated amount by auditors to be reported as the actual match was $43,199,416. Variance between these two amounts was $70,352. In addition, during the testing of the SNAP Matching, Level of Effort, Earmarking compliance requirement, we noted that the OCFO team for Human Support Services Cluster inadvertently failed to deduct the $1,620,000 adjustment from the Federal Share of Administrative Expenditures on the SEFA to comply with the Settlement Agreement with the U.S. Department of Health and Human Services Departmental Appeals Board dated September 13, 1999. The Settlement Agreement requires the District of Columbia to spend $1,620,000 in local funds for the SNAP grant each year, which the Agency decided to reflect as a deduction from the Federal Share of Administrative Expenditures on the SEFA. Furthermore, as a result of the Random Movement Time Study, the Agency needed to move expenses from the SNAP bucket in the DIFS System and the Agency inadvertently moved $158,834 less expenses. Consequently, the Federal Share of Administrative Expenditures on the SEFA is higher compared to the Federal Share of Administrative Expenditures reported on SF-425 report. Questioned Costs – None. Context – This is a condition identified per review of DHS/ESA’s compliance through the OCFO team with specified requirements using a statistically valid sample. Effect – OCFO for DHS/ESA is not in compliance with the stated provisions. Without adequate internal controls to ensure reconciliation of the amounts reported for the matching requirements and other pertinent information, there is an increased risk that matching and other pertinent information will not be properly reported. Cause – OCFO for DHS/ESA does not appear to have adequate policies and procedures in place to ensure that the amounts reported for the matching requirement and other pertinent information are accurate and supported. Recommendation – We recommend that OCFO for DHS/ESA strengthen its policies and procedures to ensure that amounts for SNAP matching requirements and other pertinent information are properly reported and that related reports are reviewed for compliance with program requirements as well as completeness and accuracy prior to submission. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – DHS concurs with the finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-002 Prior Year Finding Number: 2023-003 Compliance Requirement: Special Tests and Provisions – ADP System for SNAP Program: U.S. Department of Agriculture Supplemental Nutrition Assistance Program (SNAP) Cluster ALN: 10.551, 10.561 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS)/ Department of Health Care Finance (DHCF) DC Access System (DCAS) Program Management Administration Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Per 7 CFR Section 272.10(a), “All State agencies are required to sufficiently automate their SNAP operations and computerize their systems for obtaining, maintaining, utilizing, and transmitting information concerning SNAP.” Per 7 CFR Section 272.10(b), “In order to meet the requirements of the Act and ensure the efficient and effective administration of the program, a SNAP system, at a minimum, shall be automated in each of the following program areas (1) Certification and (2) Issuance Reconciliation and Reporting. Under Certification – States agencies must determine eligibility and calculate benefits or validate the eligibility worker’s calculations by processing and storing all casefile information necessary for the eligibility determination and benefit computation (including but not limited to all household members’ names, addresses, dates of birth, social security numbers, individual household members’ earned and unearned income by source, deductions, resources and household size). Also, State agencies must redetermine or revalidate eligibility and benefits based on notices of change in households’ circumstances.” Condition – The District is self-reporting findings it noted from its ongoing efforts to resolve issues with the ADP system for SNAP. The issues identified and the estimated impact follows: 1. Failure to Send Correct and Timely Notices to SNAP Households - Notices pertaining to SNAP eligibility contain incorrect information, and/or SNAP applicants and recipients fail to receive proper notices. For example, in the Federal Fiscal Year (FFY) 2018 Local Program Access Review (PAR), Food and Nutrition Service (FNS) cited that SNAP applicants did not receive a Notice of Eligibility or notice contained incorrect information, no notice of required verification, and the notice of adverse action was incorrect. 2. Untimely Processing of SNAP Applications and Periodic Reports - On October 23, 2017, FNS advised DHS that its application processing timeliness (APT) rate between October 2016 and March 2017 was 88.45%, which triggered corrective action per FNS policy. Moreover, between that last APT report and now, DHS has disclosed that it has experienced processing backlogs of varying severity and persistence to FNS via ongoing communications and as part of waiver requests. DHS also provided a report to FNS in August 2022 that indicated significant application processing backlogs. 3. Establishment of Duplicate Accounts - DHS discovered that duplicate Product Delivery Cases (PDC) were being created in DCAS. One PDC was active and the other closed, but the closed PDC was still receiving benefits. 4. Issuance of Duplicate Payment - As a result of duplicate accounts in Deficiency 3, duplicate payments may have been issued to the same household when a caseworker reactivated a closed case. There is also a possibility that customers who received duplicate electronic benefits transfer (EBT) cards from different EBT vendors may have received duplicate payments. 5. Failure to Implement Computer Matching System - Based on the FFY18 Program Integrity Management Evaluation (ME) review, DHS failed to process Prisoner Verification System (PVS) matches, deceased matches, and National Directory of New Hires (NDNH) matches in accordance with federal requirements. 6. Failure to Produce System Computations to Support Recipient Claims - DCAS does not have the ability to calculate overpayments or send a demand letter. FNS correspondence letters dated October 18, 2017, and September 20, 2018, advised DHS to suspend the establishment of DCAS claims but allowed DHS to continue servicing ACEDS claims. 7. Treasury Offset Program (TOP) Reporting and Maintenance Decertified - FNS conducted a TOP Technical Review in June 2021 and DHS was decertified from TOP due to the following: • Referral of customers to TOP that are undergoing recoupment. • Incorrect determination of the date of delinquency. • Incorrect debt balance and debt status in TOP. 8. Failure to Initiate Recoupment on Active Households - When DCAS launched in October 2016, more than 3,000 claim cases with outstanding balances originating from SNAP overpayments were converted from ACEDS to DCAS. Some claims were not properly converted or activated in DCAS. As a result, DHS failed to take the required recovery actions, including TOP recovery or activation of the recoupment process through EBT cards. 9. Recipient and Benefit Integrity Report Update Required - DHS must provide an update on the target completion dates for system generation of all SNAP-related reports currently being created through manual intervention. The plan must include the procedures for reviewing and ensuring the accuracy of the data being submitted to Food Programs Reporting System (FPRS) with particular emphasis on the FNS-209 and the FNS-366B reports. DHS experienced some technical challenges in processing and retrieving claim and recoupment information accurately since the launch of DCAS in October 2016, which affected the FNS-209 quarterly reports. The Payment and Collections Division (PCD) and the DCAS report development team have made concerted efforts to improve the ability to generate data for the reports but continue to have difficulties in verifying the accuracy of data due in part to the laborious manual processes involved. Based on the FFY 2018 Program Integrity ME review, lines 3b, 10, and 14 of the FNS-209 failed to reconcile with the detailed documentation. 10. Work Requirements Have Not Been Properly Implemented - DHS is not in compliance with the requirement to accurately report on the FNS 583. DHS is unprepared to implement the work requirement and time limit for able-bodied adults without dependents when the current suspension mandated by the Families First Coronavirus Response Act ends and/or its waiver ends. Additionally, the District is not prepared to apply the Able-Bodied Adults Without Dependents (ABAWD) time limits when their ABAWD waiver expires. 11. Failure to Analyze Client Complaints and Include in the State’s Corrective Action Plans (CAP) Where Appropriate - DHS is failing to analyze client complaints and include in the State’s CAP where appropriate, per 7 CFR 271.6(a)(3) and 275.16. 12. The SNAP Application Does Not Clearly Explain Which Questions Are Required for SNAP - FNS reviewers found that the District’s SNAP application does not provide clear directions about which questions are required for SNAP, versus Cash or Medical Assistance. For example, Step 5 of the application asks “Does anyone in your household (including non-applicants) have any income? Yes – complete below; No – skip to step 6 (Complete if you are applying for Food, Medical, or Cash Assistance).” The directions are confusing and may be difficult to understand. Questioned Costs – Not determinable. Context – This is a condition identified per review of DHS’ compliance with specified requirements resulting from a system implementation. Effect – Without an effectively designed and operated system in place, ineligible beneficiaries may receive benefits under the SNAP grant and DHS may make payments on behalf of those beneficiaries resulting in noncompliance with the eligibility requirements. Inaccurate beneficiary allotment payments could result in participants receiving benefits that they are not entitled to receive under the program. Cause – DHS did not effectively design and operate the ADP system for SNAP which resulted to inaccurate benefit payments. Recommendation – We recommend that DHS continue to evaluate and improve the new ADP system for SNAP to ensure that it addresses all the administration requirements of the SNAP program. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – The DHS and DHCF DCAS team agree with the findings noted in this report. DHS self-reported these findings as part of the agency’s ongoing effort to maintain integrity with all eligibility determinations. The root cause of each of the twelve (12) case issues with the ADP system for SNAP varied. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-003 Prior Year Finding Number: 2023-004 Compliance Requirement: Special Tests and Provisions – EBT Card Security Program: U.S. Department of Agriculture Supplemental Nutrition Assistance Program (SNAP) Cluster ALN: 10.551, 10.561 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS)/ Office of the Chief Financial Officer/Office of Finance and Treasury (OCFO/OFT) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Per 7 CFR Section 274.8(b)(3), As an addition to or component of the Security Program required of Automated Data Processing (ADP) systems, the State agency shall ensure that the following electronic benefits transfer (EBT) security requirements are established: (i) Storage and control measures to control blank unissued EBT cards and PINs, and unused or spare POS devices; (ii) Measures to ensure communication access control. Communication controls shall include the transmission of transaction data and issuance information from POS terminals to work-stations and terminals at the data processing center; (iii) Message validation; (iv) Administrative and operational procedures; (v) A separate EBT security component shall be incorporated into the State agency Security Program for ADP systems. The periodic risk analyses required by the Security Program shall address the following items specific to an EBT system – (B) Completeness and timeliness of the reconciliation system; and (vi) The State agency shall incorporate the contingency plan approved by FNS into the Security Program. Condition – OCFO/OFT for DHS are required to maintain adequate security over, and documentation/records for EBT cards, to prevent their theft, embezzlement, loss damage, destruction, unauthorized transfer, negotiation, or use. OCFO/OFT have contracted with Fidelity National Information Service (FIS) for the issuance and security of the EBT cards; however, it is OCFO/OFT’s ultimate responsibility to ensure the contractor has controls in place to maintain adequate security over, and documentation/records of EBT cards in accordance with 7 CFR Section 274.8(b)(3). During our tests of the design and implementation of internal controls and compliance requirements in accordance with 7 CFR Section 274.8(b)(3), we noted the following issues: • For seventeen (17) out of the 60 samples, out of a population of 496 days from two EBT card centers, although both EBT Balance Sheets reconciled with the EBT Card Issuance Logs included in the package, we noted the following deficiencies: o For fourteen (14) out of the samples, we noted various issues including (a) the ID type for identification purposes was missing, (b) the customer case number was missing, (c) the Photo ID Program Referral Form was missing, (d) the identification type was noted as referral on the EBT Intake Form, but no referral form was attached, (e) the UPO EBT Center Intake Form was not signed by staff who created the card, and (f) the EBT Card Destruction log was missing. o For two (2) out of the samples, we noted that the required authorizations by a DHS Supervisor and eligibility staff was missing. o For one (1) out of the samples, we noted that the EBT Card Issuance Log had a wrong date. • In addition, for one (1) out of the 60 samples, we noted that the information on the summary reconciliation sheet did not agree to the Card Issuance Log. The summary reconciliation sheet shows 40 cards issued while the Card Issuance Log shows a total of 39 cards issued. These exceptions resulted in the Agency not being in compliance with 7 CFR Section 274.8(b)(3). Questioned Costs – None. Context – This is a condition identified per review of DHS’ compliance with specified requirements using a statistically valid sample. Effect – Without adequate internal controls to ensure compliance with EBT Card Security requirements, there is an increased risk that the inventory of EBT cards will not be properly maintained and accounted for, or that the program will not be in compliance with program requirements. Cause – OCFO/OFT for DHS does not have adequate policies and procedures in place to ensure adequate safeguarding, documentation over issuance and monitoring of EBT cards. Recommendation - We recommend that OCFO/OFT for DHS strengthen formal policies and procedures to maintain adequate security over, and documentation/records for EBT Cards. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – The OCFO/OFT for DHS concurs with this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-004 Prior Year Finding Number: 2023-011 Compliance Requirement: Reporting Program: U.S. Department of the Treasury COVID-19 – Emergency Rental Assistance (ERA) Program ALN: 21.023 Award #: N/A Award Year: 12/27/2020 – 09/30/2025 Government Department/Agency: Department of Human Services (DHS) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. 2 CFR Section 200.302(a), Financial Management, states that each state must expend and account for the federal award in accordance with state laws and procedures for expending and accounting for the state’s own funds. In addition, the state’s and the other non-federal entity’s financial management systems, including records documenting compliance with federal statutes, regulations, and the terms and conditions of the federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the federal statutes, regulations, and the terms and conditions of the federal award. Condition – Subrecipient expenditures, totaling approximately $29.8 million, which are required to be presented in the Schedule of Expenditures of Federal Awards (SEFA), were improperly excluded from the initial SEFA prepared by management. Subsequently, the SEFA was adjusted by DHS to reflect the subrecipient expenditures incurred for the program. Questioned Costs – None. Context – This is a condition identified per review of DHS’ compliance with reporting requirements. Effect – Failure to properly review and present expenditures can result in noncompliance with reporting requirements. Cause – DHS did not comply with their policies and procedures to ensure accuracy of the SEFA. Recommendation – We recommend that DHS adhere to instituted policies and procedures to ensure the accuracy of the SEFA. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – The DHS Office of the Chief Financial Officer (OCFO) concurs with the finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-005 Prior Year Finding Number: N/A Compliance Requirement: Activities Allowed or Unallowed and Allowable Costs/Cost Principles Program: U.S. Department of the Treasury COVID-19 - Homeowner Assistance Fund ALN: 21.026 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Housing and Community Development (DHCD) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. 2 CFR Section 200.406(a) defines credits as transactions that offset or reduce direct or indirect costs allocable to a Federal award. Examples of such transactions are purchase discounts, rebates or allowances, recoveries or indemnities on losses, insurance refunds or rebates, and adjustments of overpayments or erroneous charges. To the extent that such credits accruing to or received by the recipient or subrecipient relate to allowable costs, they must be credited to the Federal award either as a cost reduction or cash refund, as appropriate. Condition – During the review of benefit payments for the sixty (60) eligibility samples, we noted the following: • One payment made to the utility company where it was later determined that the homeowner was not eligible when additional information became available. • One instance where a duplicate payment was issued to the mortgage loan servicer. • One instance where the mortgage loan servicer noted the payment was no longer needed. For the conditions noted above, refunds are due to DHCD. Questioned Costs – Known amount is $42,289. Context – This is a condition identified per review of DHCD’s compliance with specified requirements using a statistically valid sample. Effect – Without adequate internal controls in place to ensure overpayments are identified and tracked by program and accounting personnel, DHCD could be noncompliant with the requirement to refund the agency for credits. Cause – DHCD did not have a process in place to identify and track credits. Recommendation – We recommend that DHCD implement a control to identify and track credits, such as refunds and duplicate payments, so that these amounts can be refunded to the agency. This includes strengthening communication between the program and accounting teams to ensure an awareness of possible refunds so adjustments can be made if necessary. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – DHCD concurs with the findings. DHCD will review and pursue repayment from these expenditures. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-006 Prior Year Finding Number: 2023-013 Compliance Requirement: Subrecipient Monitoring Program: U.S. Department of the Treasury COVID-19 - Homeowner Assistance Fund ALN: 21.026 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Housing and Community Development (DHCD) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Additionally, 2 CFR Section 200.332 specifies that pass-through entities must evaluate each subrecipient's risk of noncompliance with Federal statutes, regulations, and the terms and conditions of the subaward for purposes of determining the appropriate subrecipient monitoring. Based upon the pass-through entity's assessment of risk posed by the subrecipient, auditee management determined that onsite reviews of the subrecipient’s program operations were appropriate and designed the following control: DHCD performs desk audits, scheduled site visits and unscheduled site visits during the fiscal year. Reports are prepared at the site visits and properly documented. The reports include deficiencies, recommendations, and proposed corrective action and are reviewed and approved by the Project Managers, Program Managers, and Supervisory Program Managers. Condition – During our review of four (4) subrecipient samples from a total population of seven (7) subrecipients, we noted the following: • For one (1) subrecipient, DHCD provided plans to perform a review, but was unable to provide evidence of the review or a finalized report. • For three (3) subrecipients, DHCD neither performed an onsite review nor a desk audit. Questioned Costs – Not determinable. Context – This is a condition identified per review of DHCD’s compliance with the subrecipient monitoring requirements using a statistically valid sample. Effect – DHCD did not comply with the subrecipient monitoring requirements of the Homeowner Assistance Fund program. Cause – DHCD does not have fully effective internal controls over compliance with respect to the onsite review process. Recommendation – We recommend that DHCD strictly adhere to its policies and procedures to ensure that onsite reviews are properly performed and documented for subrecipients. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – DHCD concurs with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-007 Prior Year Finding Number: N/A Compliance Requirement: Reporting Program: U.S. Department of the Treasury COVID-19 – Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Award #: N/A Award Year: 10/01/2021 – 09/20/2024 Government Department/Agency: Office of the Deputy Mayor for Planning and Economic Development (DMPED); Office of the State Superintendent of Education (OSSE); Department of Employment Services (DOES); Department of Energy and Environment (DOEE); Department of Behavioral Health (DBH); Office of Neighborhood Safety and Engagement (ONSE) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. The Uniform Guidance in 2 CFR Section 200.302(a), Financial Management, states that each state must expend and account for the federal award in accordance with state laws and procedures for expending and accounting for the state’s own funds. In addition, the state’s and the other non-federal entity’s financial management systems, including records documenting compliance with federal statutes, regulations, and the terms and conditions of the federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the federal statutes, regulations, and the terms and conditions of the federal award. Condition – During the audit, of the total amounts passed through to subrecipients of $69.6 million, we noted that certain grant expenditures totaling approximately $14.8 million were erroneously reflected as amounts passed through to subrecipients on the initial Schedule of Expenditures Federal Awards (SEFA) under ALN 21.027, COVID-19 - Coronavirus State and Local Fiscal Recovery Funds. Total amounts passed through to subrecipients should have been $54.8 million. OCFO subsequently adjusted the SEFA to reflect the correct amounts passed through to subrecipients for the major program. Questioned Costs – None. Context – This is a condition identified per review of various agencies’ compliance with specified requirements. Effect – Failure to properly review and present expenditures can result in noncompliance with reporting requirements. Cause – The District agencies did not comply with their policies and procedures to ensure accuracy of the SEFA. Recommendation – We recommend that the District agencies adhere to instituted policies and procedures to ensure accuracy of the SEFA. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – The District agencies agree with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-008 Prior Year Finding Number: 2023-015 Compliance Requirement: Subrecipient Monitoring Program: U.S. Department of the Treasury COVID-19 – Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Award #: N/A Award Year: 10/01/2021 – 09/20/2024 Government Department/Agency: Office of the Deputy Mayor for Public Safety and Justice (DMPSJ); Office of Neighborhood Safety and Engagement (ONSE) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with the Uniform Guidance in 2 CFR Section 200.331(a) Requirements for Pass-Through Entities requires that pass-through entities must: Ensure that every subaward is clearly identified to the subrecipient as a subaward and includes certain information outlined in the section noted above, pre-award assessment, indirect cost rated for the award, assistance listing number, finding and award follow-up and other pertinent actions. In accordance with the Uniform Guidance in 2 CFR Section 200.332 Requirements for Pass-Through Entities requires that pass-through entities Verify that the subrecipient is not excluded or disqualified in accordance with Section 180.300. Verification methods are provided in Section 180.300, which include confirming in SAM.gov that a potential subrecipient is not suspended, debarred, or otherwise excluded from receiving Federal funds. In accordance with the Uniform Guidance in 2 CFR Section 200.332(e) Requirements for Pass-Through Entities requires that pass-through entities must: Monitor the activities of a subrecipient as necessary to ensure that the subrecipient complies with Federal statutes, regulations, and the terms and conditions of the subaward. The pass-through entity is responsible for monitoring the overall performance of a subrecipient to ensure that the goals and objectives of the subaward are achieved. In monitoring a subrecipient, a pass-through entity must: • Review financial and performance reports • Ensure that the subrecipient takes corrective action on all significant developments that negatively affect the subaward. Significant developments include Single Audit findings related to the subaward, other audit findings, site visits, and written notifications from a subrecipient of adverse conditions which will impact their ability to meet the milestones or the objectives of a subaward. When significant developments negatively impact the subaward, a subrecipient must provide the pass-through entity with information on their plan for corrective action and any assistance needed to resolve the situation. • Issue a management decision for audit findings pertaining only to the Federal award provided to the subrecipient from the pass-through entity as required by Section 200.521. • Resolve audit findings specifically related to the subaward. However, the pass-through entity is not responsible for resolving cross-cutting audit findings that apply to the subaward and other Federal awards or subawards. If a subrecipient has a current Single Audit report and has not been excluded from receiving Federal funding (meaning, has not been debarred or suspended), the pass-through entity may rely on the subrecipient's cognizant agency for audit or oversight agency for audit to perform audit follow-up and make management decisions related to cross-cutting audit findings in accordance with section Section 200.513(a)(4)(viii). Such reliance does not eliminate the responsibility of the pass-through entity to issue subawards that conform to agency and award-specific requirements, to manage risk through ongoing subaward monitoring, and to monitor the status of the findings that are specifically related to the subaward. Condition – The program’s documented subrecipient monitoring requirements includes risk assessments, monitoring of subrecipients and the submission and review of monthly financial and performance reports. During our testing of the subrecipient’s compliance requirements, we noted the following issues: • Our testing of the program’s subrecipient monitoring requirements includes submission and review of monthly financial and performance reports. We noted for one (1) out of 17 samples, the subrecipient failed to submit their monthly financial and performance reports. • For one (1) out of 17 samples, the agency had no evidence to support it had performed the mandatory follow up on reported audit findings in the subrecipient’s audit report for the Corrective Action taken by the subrecipient to remediate the finding. • For one (1) out of 17 samples, the agency had no evidence that a debarment check was performed before the contract was entered into. The agency’s documented policies and the procurement procedures mandate a debarment check before entering into new contracts. Questioned Costs – Not determinable. Context – This is a condition identified per review of various District agencies’ compliance with specified monitoring requirements on the program’s subrecipients using a statistically valid sample. Effect – Subrecipients may not be properly monitored, which may result in subawards being used for unauthorized purposes in violation of the terms and conditions of the subawards or that the subaward performance goals were not achieved. Cause – There is lack of sufficient documentary evidence to support that the controls are operating as designed related to subrecipient monitoring compliance. Recommendation – We recommend that the agencies maintain sufficient documentation to evidence its internal controls over the risk assessment and monitoring of subrecipients. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – While DMPSJ doesn’t agree that it is out of compliance, DMPSJ will ensure documentation is maintained regarding its oversight of grant management. ONSE acknowledges and accepts the finding that the subrecipient failed to submit their monthly and performance reports. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section. BDO’s Response – We have reviewed management’s response and our finding remains as indicated.
Finding Number: 2024-009 Prior Year Finding Number: N/A Compliance Requirement: Activities Allowed or Unallowed and Allowable Costs/Cost Principles Program: U.S. Department of the Treasury COVID-19 – Coronavirus Capital Projects Fund ALN: 21.029 Award #: CPFFN0167 Award Year: 02/09/2022 – 12/31/2026 Government Department/Agency: Office of the Deputy Mayor for Planning and Economic Development (DMPED) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Per 2 CFR Section 200.403, “Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. (c) Be consistent with policies and procedures that apply uniformly to both federally-financed and other activities of the non-Federal entity. (d) Be accorded consistent treatment. A cost may not be assigned to a Federal award as a direct cost if any other cost incurred for the same purpose in like circumstances has been allocated to the Federal award as an indirect cost. (e) Be determined in accordance with generally accepted accounting principles (GAAP), except, for state and local governments and Indian tribes only, as otherwise provided for in this part. (f) Not be included as a cost or used to meet cost sharing or matching requirements of any other federally-financed program in either the current or a prior period. (g) Be adequately documented.” In addition, the U.S. Department of Treasury, Guidance for the Coronavirus Capital Projects Fund For States, Territories & Freely Associated States (CPF), Section D. Eligible and Ineligible Cost: states that “Allowable costs are determined in accordance with the cost principles identified in 2 CFR Part 200, Subpart E. Federal funds committed to an award may only be used to cover allowable costs incurred during the period of performance and for allowable closeout costs incurred during the grant closeout process. Cost sharing is not a requirement for the use of these funds” Section C. Project Eligibility: also states the following, “Capital Project or Project means the construction, purchase, and installation of, and/or improvements to capital assets where the costs of such assets are capitalized or depreciated, including ancillary costs necessary to put the capital asset to use. Examples of capital assets include buildings, towers, digital devices and equipment, fiber-optic lines, and broadband networks. Examples of ancillary costs include project costs related to project planning and feasibility, broadband installation, and community engagement, broadband adoption, digital literacy, and training associated with a planned or completed Project funded by the Capital Projects Fund program.” Condition – During our examination of Activities Allowed or Unallowed and Allowable Costs/Cost Principles, we observed that the agency used federal funds to reimburse their subrecipient for lease rent of $3,242,953 invoiced from August 2023 through May 2024. This amount was reported to the Federal agency as ancillary costs. However, upon reviewing the supporting documentation, it was found that the rent charged to the grant pertained to the period following the substantial completion of the capital project's construction. Additionally, the leased rent does not appear to align with the definition of ancillary costs as outlined by the CFP guidance mentioned earlier. Furthermore, the agency was unable to provide documentation from the U.S. Treasury approving the leased rent or indicating its knowledge that it was included as part of ancillary costs. Based on the procedures performed and the review of relevant guidance, BDO notes that these costs do not meet the requirements to be considered allowable under the program. Questioned Costs – Known amount $3,242,953. Context – This is a condition identified per review of DMPED’s compliance with specified requirements using a statistically valid sample. Total subrecipient expenditures reported as allowable costs were $14,400,000. Effect – DMPED was unable to demonstrate that the rent charged was approved by the Department of Treasury and was an allowable cost under the guidance. Cause – DMPED did not have proper internal controls and policies and procedures in place to identify allowable costs and activities. Recommendation – We recommend that DMPED evaluate its procedures to ensure only allowable expenses are charged to the program as required under 2 CFR Section 200.403. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – DMPED does not concur with the auditor’s finding regarding the allowability of rent per the CPF guidance. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section. BDO’s Response – We have reviewed management’s response and our finding remains as indicated.
Finding Number: 2024-010 Prior Year Finding Number: N/A Compliance Requirement: Procurement and Suspension and Debarment Program: U.S. Department of the Treasury COVID-19 – Coronavirus Capital Projects Fund ALN: 21.029 Award #: CPFFN0167 Award Year: 02/09/2022 – 12/31/2026 Government Department/Agency: District of Columbia Public Library (DCPL) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR Section 200.318(a), General Procurement Standards, the non-federal entity must use its own documented procurement procedures which reflect applicable State, local, and tribal laws and regulations, provided that the procurements conform to applicable federal law and the standards identified in General Procurement Standards. Additionally, 2 CFR Section 200.318(i) states that the non-federal entity must maintain records sufficient to detail the history of the procurement. These records are required to include but are not necessarily limited to the following: rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the contract price. All procurement transactions must be conducted in a manner providing full and open competition consistent in accordance with 2 CFR Section 200.319 and must be performed using the appropriate procurement method as outlined in 2 CFR Section 200.320. In accordance with 2 CFR Section 200.320(c), Noncompetitive procurement. There are specific circumstances in which the recipient or subrecipient may use a noncompetitive procurement method. The noncompetitive procurement method may only be used if one of the following circumstances applies: (1) The aggregate amount of the procurement transaction does not exceed the micro-purchase threshold (see paragraph (a)(1) of this section); (2) The procurement transaction can only be fulfilled by a single source; (3) The public exigency or emergency for the requirement will not permit a delay resulting from providing public notice of a competitive solicitation; (4) The recipient or subrecipient requests in writing to use a noncompetitive procurement method, and the Federal agency or pass-through entity provides written approval; or (5) After soliciting several sources, competition is determined inadequate. Condition – During our testing of procurement and suspension and debarment requirements, we examined the two (2) procurement contracts that comprised the entire procurement population. Based on the procedures performed, we identified one (1) contract, valued at $278,259, out of the two (2) contracts totaling $8,185,708, in which DCPL used a single source or sole source justification for the selection rationale. However, this justification did not comply with the requirements set forth in 2 CFR Section 200.320(c). Questioned Costs – Not determinable. Context – This is a condition identified per review of DCPL’s compliance with the specified requirements using a statistically valid sample. Effect – Failure to adhere to the procurement procedures specified in the Uniform Administrative Requirements may lead to the Federal agency disallowing the procurement and associated costs. Cause – While DCPL adhered to their policies and procedures for private expenditures, the agency did not adhere to federal procurement requirements (2 CFR Section 200.320(c)) listed above to support noncompetitive procurement on the requirements to use sole source. Recommendation – We recommend that management establish the requisite internal control policies and procedures to ensure that all procurements reported under the federal program are in compliance. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – DCPL concurs with the auditor’s findings and recommendations. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-011 Prior Year Finding Number: N/A Compliance Requirement: Reporting Program: U.S. Department of the Treasury COVID-19 – Coronavirus Capital Projects Fund ALN: 21.029 Award #: CPFFN0167 Award Year: 02/09/2022 – 12/31/2026 Government Department/Agency: Office of the Deputy Mayor for Planning and Economic Development (DMPED) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. In accordance with 2 CFR Part 170, Appendix A, under the Federal Funding Accountability and Transparency Act (FFATA), the department is required to collect and report information on each subaward or amendment of $30,000 or more in federal funds in the FFATA Subaward Reporting System (FSRS) or System for Award Management (sam.gov) website from March 8, 2025 onwards. In accordance with the requirements of 2 CFR Section 1402.300(b), the non-Federal entity is responsible for complying with all requirements of the Federal award. For all Federal awards, this includes the provisions of FFATA, which includes requirements on executive compensation, and also requirements implementing the Act for the non-Federal entity at 2 CFR Part 25 Financial Assistance Use of Universal Identifier and System for Award Management and 2 CFR Part 170 Reporting Subaward and Executive Compensation Information. Condition – DMPED had a single subrecipient through which $14.4 million in grant funds was expended. During our audit, we noted that DMPED did not submit the required FFATA report for its subrecipient through the FSRS or the sam.gov website for the one subaward issued in fiscal year 2024. Questioned Costs – None. Context – This is a condition identified per review of DMPED’s compliance with reporting requirements. Effect – Failure to properly submit the FFATA report results in noncompliance for the Coronavirus Capital Projects Fund program. Cause – DMPED did not have proper internal controls and policies and procedures in place to fulfill the FFATA reporting requirements. Recommendation – We recommend that DMPED evaluate its Transparency Act reporting control procedures and update them as necessary to ensure they promote compliance with the Federal regulations. These procedures should include a supervisory review of the report information before it is submitted to the System for Award Management (sam.gov) website. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – DMPED concurs with the auditor’s findings and recommendations related to Grant Reporting. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-012 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Disbursements to or on Behalf of Students (Credit Balances) Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. 34 CFR Section 668.164(h) outlines the following compliance requirements for Title IV credit balances: (6) Title IV, HEA credit balances. (1) A title IV, HEA credit balance occurs whenever the amount of title IV, HEA program funds credited to a student's ledger account for a payment period exceeds the amount assessed the student for allowable charges associated with that payment period as provided under paragraph (c) of this section. (2) A title IV, HEA credit balance must be paid directly to the student or parent as soon as possible, but no later than— (i) Fourteen (14) days after the balance occurred if the credit balance occurred after the first day of class of a payment period; or (ii) Fourteen (14) days after the first day of class of a payment period if the credit balance occurred on or before the first day of class of that payment period. Condition – During our testing, we noted the following issues: • For eight (8) of twenty-five (25) credit balances selected for testing, the credit balance created by the disbursement of Title IV awards was not refunded to the student within the required 14-day timeframe. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified requirements using a statistically valid sample. Effect – UDC was not in compliance with the required federal guidelines over credit balances from student financial assistance. Cause – Insufficient internal control and administrative oversight with respect to the disbursement of federal awards. Recommendation – We recommend that UDC enhance its internal controls, policies and procedures to ensure that Title IV credit balances are paid timely to students. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-013 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Return of Title IV Funds Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. 34 CFR Section 668.173(b)(1) outlines the following compliance requirements for Title IV refunds. (b) Timely return of title IV, HEA program funds. In accordance with procedures established by the Secretary or FFEL Program lender, an institution returns unearned title IV, HEA program funds timely if— (1) The institution deposits or transfers the funds into the bank account it maintains under Section 668.163 no later than 45 days after the date it determines that the student withdrew. Condition – During our testing, we noted the following exception: • For one (1) of nineteen (19) students selected for Title IV refund calculation testing, the required Title IV refund was not adjusted in the U.S. Department of Education's Common Origination and Disbursement (COD) system within the required timeframe. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified requirements using a statistically valid sample. Effect – UDC was not compliant with the Return of Title IV Funds compliance requirements. Cause – Insufficient administrative oversight with respect to Return of Title IV Funds requirements. Recommendation – We recommend that UDC enhance its process surrounding the disbursement of federal student aid to ensure compliance with the Return of Title IV Funds requirements. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-014 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Enrollment Reporting Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Institutions are required to report enrollment information under the Pell grant and the Direct and Federal Family Education Loan (“FFEL”) loan programs via the National Student Loan Data System (“NSLDS”) (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the Student Financial Assistance Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (“NSLDSFAP”) website which the financial aid administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process. Institutions are responsible for accurately reporting all Campus-Level Record data elements. ED considers the following data elements to be high risk: • OPEID Number – This is the OPEID for the location that the student is actually attending. • Enrollment Effective Date – The date that the current enrollment status reported for a student was first effective. (See 4.4.2 of the NSLDS Enrollment Reporting Guide for the specific requirements for reporting the Enrollment Effective Date. Also see 4.4.3 of the NSLDS Enrollment Reporting Guide for additional guidance on effective dates for Withdrawal versus Graduation and Electronic Announcement titled – NSLDS Enrollment Reporting – Submission Dates, Effective Dates and Certification Dates, dated April 20, 2017, for additional information and examples at https://fsapartners.ed.gov/knowledge¬center/library/electronic-announcements/2017-04-20/general-subject-nslds¬enrollment-reporting-submission-dates-effective-dates-and-certification-dates.) • Enrollment Status – The student’s enrollment status as of the reporting date; full-time (F), three-quarter time (Q), half-time (H), less than half-time (L), leave of absence (A), graduated (G), withdrawn (W), deceased (D), never attended (X) and record not found (Z). (See 4.4.4 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting graduated and withdrawn for the Campus-Level Record versus the Program Level Record and 4.4.10 for further guidance on Enrollment Status reporting at the Campus-Level Record and the Program-Level Record.) • Certification Date – The Date enrollment certified by institution. At a minimum, institutions are required to certify enrollment every 60 days or every other month. Institutions are responsible for accurately reporting all Program-Level Record data elements. ED considers the following data elements to be high risk: • OPEID Number – This is the OPEID for the location that the student is actually attending. • CIP Code – The Classification of Instructional Programs (CIP) is a set of codes that define fields of study. CIP Codes are maintained by ED's National Center for Education Statistics (NCES). They were most recently updated in 2020 and are usually updated every ten years. A listing of current CIP codes is available at: https://nces.ed.gov/ipeds/cipcode/resources.aspx?y=56. • CIP Year – Year for the corresponding CIP code. The CIP Year for the codes currently used by NSLDS is 2020. • Credential Level – Indicates the level of a credential the student will receive for the program the student is attending, for example undergraduate certificate, associate degree, or bachelor’s degree. (See 4.4.7 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting the Credential Level.) • Published Program Length Measurement – The institution identifies whether the Published Program Length is in days, weeks, or years. • Published Program Length - Published Program Length should be reported based on the definition of “normal time” to completion in the regulations at 34 CFR 668.41(a), • Program Begin Date – The Program Begin Date is the date the student first began attending the program being reported. Typically, this would be the first day of the term in which the student began enrollment in the program, unless the student enrolled in the program on an earlier date. (See 4.4.8 of the NSLDS Enrollment Reporting Guide for additional guidance.) • Program Enrollment Status – The student’s enrollment status as of the reporting date; full-time (F), three-quarter time (Q), half-time (H), less than half-time (L), leave of absence (A), graduated (G), withdrawn (W), deceased (D), never attended (X) and record not found (Z). (See 4.4.4 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting graduated and withdrawn for the Campus-Level Record versus the Program Level Record and 4.4.10 for further guidance on Enrollment Status reporting at the Campus-Level Record and the Program-Level Record.) • Program Enrollment Effective Date – The date when the student's current program status first took effect. Condition – UDC did not submit an accurate status change notification or failed to submit timely notification to the NSLDS website for certain students who graduated, withdrew or had a change in their enrollment status (full time, half time or less than half time) during the year. BDO selected a random sample of twenty-five (25) students used to evaluate both campus and program level enrollment reporting compliance requirements. For campus level enrollment, we noted the following exceptions: • For five (5) of twenty-five (25) campus level records tested, UDC did not certify the students’ enrollment data within 60 days. • For ten (10) of twenty-five (25) campus level records tested, UDC did not accurately report the students’ enrollment effective date. • For two (2) of twenty-five (25) campus level records tested, UDC did not correctly report the students’ enrollment status. For program level enrollment, we noted the following exceptions: • For one (1) of twenty-five (25) program level records tested, UDC did not accurately report the Published Program Length. • For ten (10) of twenty-five (25) program level records tested, UDC did not accurately report the students’ enrollment effective date. • For two (2) of twenty-five (25) program level records tested, UDC did not accurately report the students’ enrollment Status. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified enrollment requirements using a statistically valid sample. Effect – UDC is not in compliance with enrollment reporting requirements. Failure to promptly report accurate and timely changes in enrollment status may adversely impact the repayment status for student loan borrowers. Cause – Insufficient internal controls and administrative oversight with respect to enrollment reporting requirements. Recommendation – We recommend that UDC enhance its procedures and internal controls over enrollment reporting to ensure that significant data elements under both campus-level and program-level records are reported accurately and timely to NSLDS. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-012 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Disbursements to or on Behalf of Students (Credit Balances) Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. 34 CFR Section 668.164(h) outlines the following compliance requirements for Title IV credit balances: (6) Title IV, HEA credit balances. (1) A title IV, HEA credit balance occurs whenever the amount of title IV, HEA program funds credited to a student's ledger account for a payment period exceeds the amount assessed the student for allowable charges associated with that payment period as provided under paragraph (c) of this section. (2) A title IV, HEA credit balance must be paid directly to the student or parent as soon as possible, but no later than— (i) Fourteen (14) days after the balance occurred if the credit balance occurred after the first day of class of a payment period; or (ii) Fourteen (14) days after the first day of class of a payment period if the credit balance occurred on or before the first day of class of that payment period. Condition – During our testing, we noted the following issues: • For eight (8) of twenty-five (25) credit balances selected for testing, the credit balance created by the disbursement of Title IV awards was not refunded to the student within the required 14-day timeframe. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified requirements using a statistically valid sample. Effect – UDC was not in compliance with the required federal guidelines over credit balances from student financial assistance. Cause – Insufficient internal control and administrative oversight with respect to the disbursement of federal awards. Recommendation – We recommend that UDC enhance its internal controls, policies and procedures to ensure that Title IV credit balances are paid timely to students. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-013 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Return of Title IV Funds Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. 34 CFR Section 668.173(b)(1) outlines the following compliance requirements for Title IV refunds. (b) Timely return of title IV, HEA program funds. In accordance with procedures established by the Secretary or FFEL Program lender, an institution returns unearned title IV, HEA program funds timely if— (1) The institution deposits or transfers the funds into the bank account it maintains under Section 668.163 no later than 45 days after the date it determines that the student withdrew. Condition – During our testing, we noted the following exception: • For one (1) of nineteen (19) students selected for Title IV refund calculation testing, the required Title IV refund was not adjusted in the U.S. Department of Education's Common Origination and Disbursement (COD) system within the required timeframe. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified requirements using a statistically valid sample. Effect – UDC was not compliant with the Return of Title IV Funds compliance requirements. Cause – Insufficient administrative oversight with respect to Return of Title IV Funds requirements. Recommendation – We recommend that UDC enhance its process surrounding the disbursement of federal student aid to ensure compliance with the Return of Title IV Funds requirements. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-014 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Enrollment Reporting Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Institutions are required to report enrollment information under the Pell grant and the Direct and Federal Family Education Loan (“FFEL”) loan programs via the National Student Loan Data System (“NSLDS”) (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the Student Financial Assistance Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (“NSLDSFAP”) website which the financial aid administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process. Institutions are responsible for accurately reporting all Campus-Level Record data elements. ED considers the following data elements to be high risk: • OPEID Number – This is the OPEID for the location that the student is actually attending. • Enrollment Effective Date – The date that the current enrollment status reported for a student was first effective. (See 4.4.2 of the NSLDS Enrollment Reporting Guide for the specific requirements for reporting the Enrollment Effective Date. Also see 4.4.3 of the NSLDS Enrollment Reporting Guide for additional guidance on effective dates for Withdrawal versus Graduation and Electronic Announcement titled – NSLDS Enrollment Reporting – Submission Dates, Effective Dates and Certification Dates, dated April 20, 2017, for additional information and examples at https://fsapartners.ed.gov/knowledge¬center/library/electronic-announcements/2017-04-20/general-subject-nslds¬enrollment-reporting-submission-dates-effective-dates-and-certification-dates.) • Enrollment Status – The student’s enrollment status as of the reporting date; full-time (F), three-quarter time (Q), half-time (H), less than half-time (L), leave of absence (A), graduated (G), withdrawn (W), deceased (D), never attended (X) and record not found (Z). (See 4.4.4 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting graduated and withdrawn for the Campus-Level Record versus the Program Level Record and 4.4.10 for further guidance on Enrollment Status reporting at the Campus-Level Record and the Program-Level Record.) • Certification Date – The Date enrollment certified by institution. At a minimum, institutions are required to certify enrollment every 60 days or every other month. Institutions are responsible for accurately reporting all Program-Level Record data elements. ED considers the following data elements to be high risk: • OPEID Number – This is the OPEID for the location that the student is actually attending. • CIP Code – The Classification of Instructional Programs (CIP) is a set of codes that define fields of study. CIP Codes are maintained by ED's National Center for Education Statistics (NCES). They were most recently updated in 2020 and are usually updated every ten years. A listing of current CIP codes is available at: https://nces.ed.gov/ipeds/cipcode/resources.aspx?y=56. • CIP Year – Year for the corresponding CIP code. The CIP Year for the codes currently used by NSLDS is 2020. • Credential Level – Indicates the level of a credential the student will receive for the program the student is attending, for example undergraduate certificate, associate degree, or bachelor’s degree. (See 4.4.7 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting the Credential Level.) • Published Program Length Measurement – The institution identifies whether the Published Program Length is in days, weeks, or years. • Published Program Length - Published Program Length should be reported based on the definition of “normal time” to completion in the regulations at 34 CFR 668.41(a), • Program Begin Date – The Program Begin Date is the date the student first began attending the program being reported. Typically, this would be the first day of the term in which the student began enrollment in the program, unless the student enrolled in the program on an earlier date. (See 4.4.8 of the NSLDS Enrollment Reporting Guide for additional guidance.) • Program Enrollment Status – The student’s enrollment status as of the reporting date; full-time (F), three-quarter time (Q), half-time (H), less than half-time (L), leave of absence (A), graduated (G), withdrawn (W), deceased (D), never attended (X) and record not found (Z). (See 4.4.4 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting graduated and withdrawn for the Campus-Level Record versus the Program Level Record and 4.4.10 for further guidance on Enrollment Status reporting at the Campus-Level Record and the Program-Level Record.) • Program Enrollment Effective Date – The date when the student's current program status first took effect. Condition – UDC did not submit an accurate status change notification or failed to submit timely notification to the NSLDS website for certain students who graduated, withdrew or had a change in their enrollment status (full time, half time or less than half time) during the year. BDO selected a random sample of twenty-five (25) students used to evaluate both campus and program level enrollment reporting compliance requirements. For campus level enrollment, we noted the following exceptions: • For five (5) of twenty-five (25) campus level records tested, UDC did not certify the students’ enrollment data within 60 days. • For ten (10) of twenty-five (25) campus level records tested, UDC did not accurately report the students’ enrollment effective date. • For two (2) of twenty-five (25) campus level records tested, UDC did not correctly report the students’ enrollment status. For program level enrollment, we noted the following exceptions: • For one (1) of twenty-five (25) program level records tested, UDC did not accurately report the Published Program Length. • For ten (10) of twenty-five (25) program level records tested, UDC did not accurately report the students’ enrollment effective date. • For two (2) of twenty-five (25) program level records tested, UDC did not accurately report the students’ enrollment Status. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified enrollment requirements using a statistically valid sample. Effect – UDC is not in compliance with enrollment reporting requirements. Failure to promptly report accurate and timely changes in enrollment status may adversely impact the repayment status for student loan borrowers. Cause – Insufficient internal controls and administrative oversight with respect to enrollment reporting requirements. Recommendation – We recommend that UDC enhance its procedures and internal controls over enrollment reporting to ensure that significant data elements under both campus-level and program-level records are reported accurately and timely to NSLDS. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-012 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Disbursements to or on Behalf of Students (Credit Balances) Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. 34 CFR Section 668.164(h) outlines the following compliance requirements for Title IV credit balances: (6) Title IV, HEA credit balances. (1) A title IV, HEA credit balance occurs whenever the amount of title IV, HEA program funds credited to a student's ledger account for a payment period exceeds the amount assessed the student for allowable charges associated with that payment period as provided under paragraph (c) of this section. (2) A title IV, HEA credit balance must be paid directly to the student or parent as soon as possible, but no later than— (i) Fourteen (14) days after the balance occurred if the credit balance occurred after the first day of class of a payment period; or (ii) Fourteen (14) days after the first day of class of a payment period if the credit balance occurred on or before the first day of class of that payment period. Condition – During our testing, we noted the following issues: • For eight (8) of twenty-five (25) credit balances selected for testing, the credit balance created by the disbursement of Title IV awards was not refunded to the student within the required 14-day timeframe. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified requirements using a statistically valid sample. Effect – UDC was not in compliance with the required federal guidelines over credit balances from student financial assistance. Cause – Insufficient internal control and administrative oversight with respect to the disbursement of federal awards. Recommendation – We recommend that UDC enhance its internal controls, policies and procedures to ensure that Title IV credit balances are paid timely to students. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-013 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Return of Title IV Funds Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. 34 CFR Section 668.173(b)(1) outlines the following compliance requirements for Title IV refunds. (b) Timely return of title IV, HEA program funds. In accordance with procedures established by the Secretary or FFEL Program lender, an institution returns unearned title IV, HEA program funds timely if— (1) The institution deposits or transfers the funds into the bank account it maintains under Section 668.163 no later than 45 days after the date it determines that the student withdrew. Condition – During our testing, we noted the following exception: • For one (1) of nineteen (19) students selected for Title IV refund calculation testing, the required Title IV refund was not adjusted in the U.S. Department of Education's Common Origination and Disbursement (COD) system within the required timeframe. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified requirements using a statistically valid sample. Effect – UDC was not compliant with the Return of Title IV Funds compliance requirements. Cause – Insufficient administrative oversight with respect to Return of Title IV Funds requirements. Recommendation – We recommend that UDC enhance its process surrounding the disbursement of federal student aid to ensure compliance with the Return of Title IV Funds requirements. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-014 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Enrollment Reporting Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Institutions are required to report enrollment information under the Pell grant and the Direct and Federal Family Education Loan (“FFEL”) loan programs via the National Student Loan Data System (“NSLDS”) (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the Student Financial Assistance Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (“NSLDSFAP”) website which the financial aid administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process. Institutions are responsible for accurately reporting all Campus-Level Record data elements. ED considers the following data elements to be high risk: • OPEID Number – This is the OPEID for the location that the student is actually attending. • Enrollment Effective Date – The date that the current enrollment status reported for a student was first effective. (See 4.4.2 of the NSLDS Enrollment Reporting Guide for the specific requirements for reporting the Enrollment Effective Date. Also see 4.4.3 of the NSLDS Enrollment Reporting Guide for additional guidance on effective dates for Withdrawal versus Graduation and Electronic Announcement titled – NSLDS Enrollment Reporting – Submission Dates, Effective Dates and Certification Dates, dated April 20, 2017, for additional information and examples at https://fsapartners.ed.gov/knowledge¬center/library/electronic-announcements/2017-04-20/general-subject-nslds¬enrollment-reporting-submission-dates-effective-dates-and-certification-dates.) • Enrollment Status – The student’s enrollment status as of the reporting date; full-time (F), three-quarter time (Q), half-time (H), less than half-time (L), leave of absence (A), graduated (G), withdrawn (W), deceased (D), never attended (X) and record not found (Z). (See 4.4.4 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting graduated and withdrawn for the Campus-Level Record versus the Program Level Record and 4.4.10 for further guidance on Enrollment Status reporting at the Campus-Level Record and the Program-Level Record.) • Certification Date – The Date enrollment certified by institution. At a minimum, institutions are required to certify enrollment every 60 days or every other month. Institutions are responsible for accurately reporting all Program-Level Record data elements. ED considers the following data elements to be high risk: • OPEID Number – This is the OPEID for the location that the student is actually attending. • CIP Code – The Classification of Instructional Programs (CIP) is a set of codes that define fields of study. CIP Codes are maintained by ED's National Center for Education Statistics (NCES). They were most recently updated in 2020 and are usually updated every ten years. A listing of current CIP codes is available at: https://nces.ed.gov/ipeds/cipcode/resources.aspx?y=56. • CIP Year – Year for the corresponding CIP code. The CIP Year for the codes currently used by NSLDS is 2020. • Credential Level – Indicates the level of a credential the student will receive for the program the student is attending, for example undergraduate certificate, associate degree, or bachelor’s degree. (See 4.4.7 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting the Credential Level.) • Published Program Length Measurement – The institution identifies whether the Published Program Length is in days, weeks, or years. • Published Program Length - Published Program Length should be reported based on the definition of “normal time” to completion in the regulations at 34 CFR 668.41(a), • Program Begin Date – The Program Begin Date is the date the student first began attending the program being reported. Typically, this would be the first day of the term in which the student began enrollment in the program, unless the student enrolled in the program on an earlier date. (See 4.4.8 of the NSLDS Enrollment Reporting Guide for additional guidance.) • Program Enrollment Status – The student’s enrollment status as of the reporting date; full-time (F), three-quarter time (Q), half-time (H), less than half-time (L), leave of absence (A), graduated (G), withdrawn (W), deceased (D), never attended (X) and record not found (Z). (See 4.4.4 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting graduated and withdrawn for the Campus-Level Record versus the Program Level Record and 4.4.10 for further guidance on Enrollment Status reporting at the Campus-Level Record and the Program-Level Record.) • Program Enrollment Effective Date – The date when the student's current program status first took effect. Condition – UDC did not submit an accurate status change notification or failed to submit timely notification to the NSLDS website for certain students who graduated, withdrew or had a change in their enrollment status (full time, half time or less than half time) during the year. BDO selected a random sample of twenty-five (25) students used to evaluate both campus and program level enrollment reporting compliance requirements. For campus level enrollment, we noted the following exceptions: • For five (5) of twenty-five (25) campus level records tested, UDC did not certify the students’ enrollment data within 60 days. • For ten (10) of twenty-five (25) campus level records tested, UDC did not accurately report the students’ enrollment effective date. • For two (2) of twenty-five (25) campus level records tested, UDC did not correctly report the students’ enrollment status. For program level enrollment, we noted the following exceptions: • For one (1) of twenty-five (25) program level records tested, UDC did not accurately report the Published Program Length. • For ten (10) of twenty-five (25) program level records tested, UDC did not accurately report the students’ enrollment effective date. • For two (2) of twenty-five (25) program level records tested, UDC did not accurately report the students’ enrollment Status. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified enrollment requirements using a statistically valid sample. Effect – UDC is not in compliance with enrollment reporting requirements. Failure to promptly report accurate and timely changes in enrollment status may adversely impact the repayment status for student loan borrowers. Cause – Insufficient internal controls and administrative oversight with respect to enrollment reporting requirements. Recommendation – We recommend that UDC enhance its procedures and internal controls over enrollment reporting to ensure that significant data elements under both campus-level and program-level records are reported accurately and timely to NSLDS. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-012 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Disbursements to or on Behalf of Students (Credit Balances) Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. 34 CFR Section 668.164(h) outlines the following compliance requirements for Title IV credit balances: (6) Title IV, HEA credit balances. (1) A title IV, HEA credit balance occurs whenever the amount of title IV, HEA program funds credited to a student's ledger account for a payment period exceeds the amount assessed the student for allowable charges associated with that payment period as provided under paragraph (c) of this section. (2) A title IV, HEA credit balance must be paid directly to the student or parent as soon as possible, but no later than— (i) Fourteen (14) days after the balance occurred if the credit balance occurred after the first day of class of a payment period; or (ii) Fourteen (14) days after the first day of class of a payment period if the credit balance occurred on or before the first day of class of that payment period. Condition – During our testing, we noted the following issues: • For eight (8) of twenty-five (25) credit balances selected for testing, the credit balance created by the disbursement of Title IV awards was not refunded to the student within the required 14-day timeframe. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified requirements using a statistically valid sample. Effect – UDC was not in compliance with the required federal guidelines over credit balances from student financial assistance. Cause – Insufficient internal control and administrative oversight with respect to the disbursement of federal awards. Recommendation – We recommend that UDC enhance its internal controls, policies and procedures to ensure that Title IV credit balances are paid timely to students. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-013 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Return of Title IV Funds Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. 34 CFR Section 668.173(b)(1) outlines the following compliance requirements for Title IV refunds. (b) Timely return of title IV, HEA program funds. In accordance with procedures established by the Secretary or FFEL Program lender, an institution returns unearned title IV, HEA program funds timely if— (1) The institution deposits or transfers the funds into the bank account it maintains under Section 668.163 no later than 45 days after the date it determines that the student withdrew. Condition – During our testing, we noted the following exception: • For one (1) of nineteen (19) students selected for Title IV refund calculation testing, the required Title IV refund was not adjusted in the U.S. Department of Education's Common Origination and Disbursement (COD) system within the required timeframe. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified requirements using a statistically valid sample. Effect – UDC was not compliant with the Return of Title IV Funds compliance requirements. Cause – Insufficient administrative oversight with respect to Return of Title IV Funds requirements. Recommendation – We recommend that UDC enhance its process surrounding the disbursement of federal student aid to ensure compliance with the Return of Title IV Funds requirements. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-014 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Enrollment Reporting Program: U.S. Department of Education Student Financial Assistance Cluster ALN: 84.007, 84.033, 84.063, 84.268 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: University of the District of Columbia (UDC) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. Institutions are required to report enrollment information under the Pell grant and the Direct and Federal Family Education Loan (“FFEL”) loan programs via the National Student Loan Data System (“NSLDS”) (OMB No. 1845-0035), although FFEL loans are no longer made or a part of the Student Financial Assistance Cluster, a student may have a FFEL loan from previous years that would require enrollment reporting for that student (Pell, 34 CFR 690.83(b)(2); FFEL, 34 CFR 682.610; Direct Loan, 34 CFR 685.309). The administration of the Title IV programs depends heavily on the accuracy and timeliness of the enrollment information reported by institutions. Institutions must review, update, and verify student enrollment statuses, program information, and effective dates that appear on the Enrollment Reporting Roster file or on the Enrollment Maintenance page of the NSLDS Professional Access (“NSLDSFAP”) website which the financial aid administrator can access for the auditor. The data on the institution’s Enrollment Reporting Roster, or Enrollment Maintenance page, is what NSLDS has as the most recently certified enrollment information. There are two categories of enrollment information, “Campus Level” and “Program Level,” both of which need to be reported accurately and have separate record types. The NSLDS Enrollment Reporting Guide provides the requirements and guidance for reporting enrollment details using the NSLDS Enrollment Reporting Process. Institutions are responsible for accurately reporting all Campus-Level Record data elements. ED considers the following data elements to be high risk: • OPEID Number – This is the OPEID for the location that the student is actually attending. • Enrollment Effective Date – The date that the current enrollment status reported for a student was first effective. (See 4.4.2 of the NSLDS Enrollment Reporting Guide for the specific requirements for reporting the Enrollment Effective Date. Also see 4.4.3 of the NSLDS Enrollment Reporting Guide for additional guidance on effective dates for Withdrawal versus Graduation and Electronic Announcement titled – NSLDS Enrollment Reporting – Submission Dates, Effective Dates and Certification Dates, dated April 20, 2017, for additional information and examples at https://fsapartners.ed.gov/knowledge¬center/library/electronic-announcements/2017-04-20/general-subject-nslds¬enrollment-reporting-submission-dates-effective-dates-and-certification-dates.) • Enrollment Status – The student’s enrollment status as of the reporting date; full-time (F), three-quarter time (Q), half-time (H), less than half-time (L), leave of absence (A), graduated (G), withdrawn (W), deceased (D), never attended (X) and record not found (Z). (See 4.4.4 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting graduated and withdrawn for the Campus-Level Record versus the Program Level Record and 4.4.10 for further guidance on Enrollment Status reporting at the Campus-Level Record and the Program-Level Record.) • Certification Date – The Date enrollment certified by institution. At a minimum, institutions are required to certify enrollment every 60 days or every other month. Institutions are responsible for accurately reporting all Program-Level Record data elements. ED considers the following data elements to be high risk: • OPEID Number – This is the OPEID for the location that the student is actually attending. • CIP Code – The Classification of Instructional Programs (CIP) is a set of codes that define fields of study. CIP Codes are maintained by ED's National Center for Education Statistics (NCES). They were most recently updated in 2020 and are usually updated every ten years. A listing of current CIP codes is available at: https://nces.ed.gov/ipeds/cipcode/resources.aspx?y=56. • CIP Year – Year for the corresponding CIP code. The CIP Year for the codes currently used by NSLDS is 2020. • Credential Level – Indicates the level of a credential the student will receive for the program the student is attending, for example undergraduate certificate, associate degree, or bachelor’s degree. (See 4.4.7 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting the Credential Level.) • Published Program Length Measurement – The institution identifies whether the Published Program Length is in days, weeks, or years. • Published Program Length - Published Program Length should be reported based on the definition of “normal time” to completion in the regulations at 34 CFR 668.41(a), • Program Begin Date – The Program Begin Date is the date the student first began attending the program being reported. Typically, this would be the first day of the term in which the student began enrollment in the program, unless the student enrolled in the program on an earlier date. (See 4.4.8 of the NSLDS Enrollment Reporting Guide for additional guidance.) • Program Enrollment Status – The student’s enrollment status as of the reporting date; full-time (F), three-quarter time (Q), half-time (H), less than half-time (L), leave of absence (A), graduated (G), withdrawn (W), deceased (D), never attended (X) and record not found (Z). (See 4.4.4 of the NSLDS Enrollment Reporting Guide for additional guidance on reporting graduated and withdrawn for the Campus-Level Record versus the Program Level Record and 4.4.10 for further guidance on Enrollment Status reporting at the Campus-Level Record and the Program-Level Record.) • Program Enrollment Effective Date – The date when the student's current program status first took effect. Condition – UDC did not submit an accurate status change notification or failed to submit timely notification to the NSLDS website for certain students who graduated, withdrew or had a change in their enrollment status (full time, half time or less than half time) during the year. BDO selected a random sample of twenty-five (25) students used to evaluate both campus and program level enrollment reporting compliance requirements. For campus level enrollment, we noted the following exceptions: • For five (5) of twenty-five (25) campus level records tested, UDC did not certify the students’ enrollment data within 60 days. • For ten (10) of twenty-five (25) campus level records tested, UDC did not accurately report the students’ enrollment effective date. • For two (2) of twenty-five (25) campus level records tested, UDC did not correctly report the students’ enrollment status. For program level enrollment, we noted the following exceptions: • For one (1) of twenty-five (25) program level records tested, UDC did not accurately report the Published Program Length. • For ten (10) of twenty-five (25) program level records tested, UDC did not accurately report the students’ enrollment effective date. • For two (2) of twenty-five (25) program level records tested, UDC did not accurately report the students’ enrollment Status. Questioned Costs – None. Context – This is a condition identified per review of UDC’s compliance with the specified enrollment requirements using a statistically valid sample. Effect – UDC is not in compliance with enrollment reporting requirements. Failure to promptly report accurate and timely changes in enrollment status may adversely impact the repayment status for student loan borrowers. Cause – Insufficient internal controls and administrative oversight with respect to enrollment reporting requirements. Recommendation – We recommend that UDC enhance its procedures and internal controls over enrollment reporting to ensure that significant data elements under both campus-level and program-level records are reported accurately and timely to NSLDS. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – UDC agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-015 Prior Year Finding Number: N/A Compliance Requirement: Special Tests and Provisions – Annual Report Card, High School Graduation Rate Program: U.S. Department of Education Title I Grants to Local Educational Agencies ALN: 84.010 Award #: S010A230051; S010A220051-22A Award Year: 07/01/2023 – 09/30/2024 Government Department/Agency: District of Columbia Public Schools (DCPS) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. A State Educational Agency (SEA) and its Local Educational Agencies (LEAs) must report graduation rate data for all public high schools at the school, LEA, and state levels using the four-year adjusted cohort rate and, at an SEA’s or LEA’s discretion, one or more extended-year adjusted cohort rates. Graduation rate data must be reported both in the aggregate and disaggregated by the subgroups in Section 1111(c)(2) of the Elementary and Secondary Act of 1965 (ESEA), homeless status, status as a child in foster care using a four-year adjusted cohort graduation rate (and any extended-year adjusted cohort rates) (ESEA sections 1111(h)(1)(C)(iii)(II) and 8101(23), (25) (20 USC 6311(h)(1)(C)(iii)(II) and 7801(23), (25))). To remove a student from the cohort, a school or LEA must confirm, in writing, that the student transferred out, emigrated to another country, transferred to a prison or juvenile facility, or is deceased. To confirm that a student transferred out, the school or LEA must have official written documentation that the student enrolled in another school or in an educational program that culminates in the award of a regular high school diploma. A student who is retained in grade, enrolls in a General Education Development program, or leaves school for any other reason may not be counted as having transferred out for the purpose of calculating graduation rate and must remain in the adjusted cohort (ESEA sections 1111(h)(1)(C)(iii)(II) and 8101(23), (25) (20 USC 6311(h)(1)(C)(iii)(II) and 7801(23), (25))). Condition – During the audit, we noted the following out of forty (40) samples tested: • For two (2) samples, there were no supporting documentation for the removal from the cohort of students who voluntarily dropped their enrollment. • For two (2) samples, students who graduated under DCPS school were incorrectly removed from the cohort. • For ten (10) samples, there were no evidence of review and approval on the documentation maintained for the removal of the student from the cohort. Questioned Costs – Not determinable. Context – This is a condition identified per review of DCPS’ compliance with specified requirements using a statistically valid sample. Effect – Failure to maintain appropriate documentation supporting the approval and removal of a student from the cohort report results in noncompliance for the Title I Part A Grants to LEA program. Cause – DCPS is unable to consistently apply existing policy on documenting review and approval of written documentation supporting the removal of students from the cohort due to lack of consistent communication, coordination and oversight over this process. Recommendation – We recommend that DCPS strengthen its policies, procedures and controls to ensure review and approval are documented and maintained with regards to removal of students from the cohort. We also recommend that training is conducted for employees to ensure that the process is implemented and consistently applied across all DCPS schools. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – DCPS agrees with the conditions and recommendations of this finding. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-016 Prior Year Finding Number: 2023-020 Compliance Requirement: Eligibility Program: U.S. Department of Health and Human Services Temporary Assistance for Needy Families (TANF) ALN: 93.558 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS)/Economic Security Administration (ESA) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. For TANF, per 45 CFR Section 205.60 (a), “The State agency will maintain or supervise the maintenance of records necessary for the proper and efficient operation of the plan, including records regarding applications, determination of eligibility, the provision of financial assistance, and the use of any information obtained under Section 205.55, with respect to individual applications denied, recipients whose benefits have been terminated, recipients whose benefits have been modified, and the dollar value of these denials, terminations and modifications. Under this requirement, the agency will keep individual records which contain pertinent facts about each applicant and recipient. The records will include information concerning the date of application and the date and basis of its disposition; facts essential to the determination of initial and continuing eligibility (including the individual's social security number, need for, and provision of financial assistance); and the basis for discontinuing assistance.” Condition – During our testing over beneficiary eligibility compliance requirements of the Temporary Assistance for Needy Families (TANF) program, we selected a sample of 60 beneficiaries in fiscal year 2024 to test DHS’ compliance with TANF eligibility requirements. Total number of payments in the population is 46,856, and total dollar amount from which we selected the samples is $34,639,375. We noted the following: • For ten (10) out of 60 samples, DHS was unable to provide support that would allow us to test that cash assistance was not provided to an individual during the 10-year period that began on the date the individual was convicted in Federal or State court of having made a fraudulent statement or representation with respect to place of residence. In addition, one (1) of these ten (10) samples, DHS was unable to include the individual’s Social Security Number (SSN) in DCAS. Consequently, we were unable to verify the following information in DCAS: household composition, income, proof of residency, and SSNs for all individuals included in the application. Further, one (1) of these ten (10) samples, DHS was unable to provide support that would allow us to test that assistance was not provided to any individual who was fleeing to avoid prosecution, or custody or confinement after conviction, for a felony or attempt to commit a felony, or who is violating a condition of probation or parole imposed under Federal or State law. These exceptions happened due to inadequate review of application for cash assistance by the Social Service Representatives. The questioned costs for the above issues amounted to $107,137, which represents 26.22% of the total eligibility amounts tested related to the 60 sampled items of $408,555. Questioned Costs – Known amount is $107,137. Context – This is a condition identified per review of DHS’ compliance with specified requirements using a statistically valid sample. Effect – Without properly maintaining documentation to support eligibility determinations, ineligible beneficiaries may receive benefits under the TANF grant and DHS may make payments on behalf of those beneficiaries resulting in noncompliance with the eligibility requirements. Cause – DHS did not consistently adhere to its established policies and procedures requiring it to maintain documentation supporting participant eligibility. Recommendation - We recommend that DHS strengthen its existing policies and procedures over the review and maintenance of appropriate documentation to ensure compliance with eligibility requirements. Related Noncompliance – Material noncompliance. Views of Responsible Officials and Planned Corrective Actions – DHS/ESA concur with the findings. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.
Finding Number: 2024-017 Prior Year Finding Number: 2023-021 Compliance Requirement: Reporting Program: U.S. Department of Health and Human Services Temporary Assistance for Needy Families (TANF) ALN: 93.558 Award #: Various Award Year: 10/01/2023 – 09/30/2024 Government Department/Agency: Department of Human Services (DHS) Criteria - The Uniform Guidance in 2 CFR Section 200.303 requires that non-Federal entities receiving Federal awards (i.e., auditee management) establish and maintain internal control designed to reasonably ensure compliance with Federal statues, regulations, and the terms and conditions of the Federal award. According to Title IV-A, Section 411 of the Social Security Act (the Act), 45 CFR 265.3, and the American Recovery and Reinvestment Act (ARRA) of 2009, (Public Law 111-5), each State must file an annual report containing information on the TANF program and the State’s maintenance-of-effort (MOE) program(s) for that year, including strategies to implement the Family Violence Option, State diversion programs, and other program characteristics. States are required to submit the ACF-196R report quarterly, beginning in Federal Fiscal Year (FFY) 2015, in lieu of the SF-425, Federal Financial Report (financial status). Each State files quarterly expenditure data on the State’s use of Federal TANF funds, State TANF MOE expenditures, and State expenditures of MOE funds in separate State programs. If a State is expending Federal TANF funds received in prior fiscal years, it must file a separate quarterly TANF Financial Report for each fiscal year that provides information on the expenditures of that year’s TANF funds. This form must be used for reporting regular TANF grant funds, Contingency Funds, and ARRA-Emergency Fund for TANF State Programs funds. See TANF-ACF-PI-2014-02, available at http://www.acf.hhs.gov/programs/ofa/resource/tanf-acf-pi-2014-02, for more information. Condition – During our test work over the quarterly ACF-196R report, we noted that for Grant Identifying numbers G-2101DCTANF, G-2201DCTANF and G-2301DCTANF, the ACF-196R filed for 4th quarter in fiscal year 2024 showed a variance of $86,958, $375,033 and $2,648,441, respectively, between the amounts reported on the ACF-196R and the amounts included in DIFS. In addition, for Grant Identifying number G-2401DCTANF, we noted that there was a variance of ($4,637,270) between the amount included in the SEFA detail including Indirect Costs ($64,708,667) and the cumulative amount reported on the ACF-196R for the fiscal year 2024 grant for the sum of federal and contingency funds ($60,071,397). DHS was unable to provide support for the variance. Questioned Costs – Not determinable. Context – This is a condition identified per review of DHS’ compliance with specified requirements using a statistically valid sample. Effect – Without proper internal controls and policies and procedures in place to ensure that correct amounts were reported and were properly reviewed, DHS may report incorrect amounts on the quarterly ACF-196R reports. Cause – Management did not have proper internal controls and policies and procedures in place to ensure that the amounts on the ACF-196R were properly reported and the reports were properly reviewed and approved. Recommendation - We recommend that DHS implement policies, procedures and controls that will enable an accurate reconciliation between the data sources used in the preparation of the ACF-196R reports to ensure proper reporting of TANF expenditures. Related Noncompliance – Noncompliance. Views of Responsible Officials and Planned Corrective Actions – DHS OCFO concurs with the finding. The variances identified specifically relate to administrative costs incurred on the fiscal year 2024 grant that were moved to prior year grants. The fiscal year 2024 TANF administrative expenditure exceeded the TANF administrative cap for fiscal year 2024 and to correct the issue, the excess administrative cost was reallocated to prior open fiscal years (fiscal years 2021, 2022 and 2023). The administrative cap limit for fiscal years 2021, 2022 and 2023 were not fully utilized and so the Agency decided to charge the excess fiscal year 2024 administrative expenses to those grants. The District’s corrective action is described in the Management’s Corrective Action Plan included as Appendix B of the attached Management’s Section.