Program Name/ALN Title: Health Center Cluster Federal Assistance Listing Number: 93.224/93.527 Federal Agency: U.S. Department of Health and Human Services Award Period: 6/1/2024 – 5/31/2025, 6/1/25-5/31/26 Criteria: 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: A variance was identified between the supporting documentation provided for the key line item in Table 8A, Line 17, Column C and what was reported in the final UDS report. Additionally, documentation was not available to support the amounts reported on Lines 8, Columns b and b2 and Line 10a, Columns b and b2 within Table 5. Context: Three (3) of seven (7) key line items tested. These key line items are reported in Tables 5 and 8A. Cause: Subsequent to the organization submitting its UDS report, it was requested to make a change by the initial UDS reviewer. The organization made the requested change but did not maintain documentation to support the adjusted amounts. For Table 5 the organization initially created a pivot table based on the underlying data but did not retaining this documentation and therefore couldn’t support the amounts reported. Effect: Potential for inaccurate UDS report to be filed. Recommendation: We recommend the organization enhances its current process related to the preparation of the UDS report and reinforce the requirement to maintain documentation to support the amounts reported within the various tables of the UDS report. Views of the Responsible Officials: There is no disagreement with the audit finding.
FINDING 2025-001 DOCUMENT RETENTION SIGNIFICANT DEFICIENCY Federal Program: Title I, Part A Assistance Listing Number: 84.010A Criteria Per 7 CFR 200.334, “Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient.” Condition As part of its process to determine allocations of Title I program funds, the State of Indiana uses poverty level data submitted by the schools. The report used to determine Title I funding for the 2025 fiscal year was obtained from the School. A sample of 40 students were selected from the report for testing. Of those selected, the School was unable to provide the records that were used to determine the poverty level of 7 students. Cause The School did not have procedures in place to ensure it maintained this documentation for all reported students. Effect Determination of whether reporting was correct for these students could not be made. Recommendation We recommend the School develop internal controls requiring the maintenance of documentation for poverty level determination records. Views of Responsible Officials The School’s Corrective Action Plan is included on page 22.
FINDING 2025-003 Subject: COVID-19 - Education Stabilization Fund - Special Tests and Provisions - Wage Rate Requirements Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425U Federal Award Number and Year (or Other Identifying Number): S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Special Tests and Provisions - Wage Rate Requirements Audit Findings: Material Weakness, Other Matters Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2023-003. Condition and Context Construction contracts in excess of $2,000 financed by federal assistance funds must pay wages not less than those established for the locality of the project (prevailing wage rates) by the Department of Labor (DOL) to its laborers and mechanics. Nonfederal entities are to include in their construction contracts that are subject to the wage rate requirements a provision that the contractor or subcontractor comply with these requirements and the DOL regulations. This would include a requirement to submit a copy of the payroll and statement of compliance to the entity for each week in which contract work was performed. The School Corporation had not designed nor implemented a system of internal controls to ensure that construction contracts in excess of $2,000 paid from federal grant funds included a prevailing wage rate clause and that a copy of the payroll was submitted for each week in which contract work was performed. Two construction projects were paid for from the Elementary and Secondary School Emergency Relief Fund grant funds during the audit period. Both contracts were tested. One of the two contracts contained the required prevailing wage rate clause; however, a copy of the payroll was not submitted for either of the contracts for any week in which work was performed. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." INDIANA STATE BOARD OF ACCOUNTS 17 BATESVILLE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 29 CFR 5.5 states in part: "(a) Required contract clauses. The Agency head will cause or require the contracting officer to require the contracting officer to [sic] insert in full, or (for contracts covered by the Federal Acquisition Regulation (48 CFR chapter 1)) by reference, in any contract in excess of $2,000 which is entered into for the actual construction, alteration and/or repair, including painting and decorating, of a public building or public work, or building or work financed in whole or in part from Federal funds or in accordance with guarantees of a Federal agency or financed from funds obtained by pledge of any contract of a Federal agency to make a loan, grant or annual contribution (except where a different meaning is expressly indicated), and which is subject to the labor standards provisions of any of the laws referenced by § 5.1, the following clauses . . . (1) Minimum wages — (i) Wage rates and fringe benefits. All laborers and mechanics employed or working upon the site of the work (or otherwise working in construction or development of the project under a development statute), will be paid unconditionally and not less often than once a week, and without subsequent deduction or rebate on any account (except such payroll deductions as are permitted by regulations issued by the Secretary of Labor under the Copeland Act (29 CFR part 3)), the full amount of basic hourly wages and bona fide fringe benefits (or cash equivalents thereof) due at time of payment computed at rates not less than those contained in the wage determination of the Secretary of Labor which is attached hereto and made a part hereof, regardless of any contractual relationship which may be alleged to exist between the contractor and such laborers and mechanics. . . . (3) Records and certified payrolls — . . . (ii) Certified payroll requirements — (A) Frequency and method of submission. The contractor or subcontractor must submit weekly, for each week in which any DBA- or Related Acts-covered work is performed, certified payrolls to the [write in name of appropriate Federal agency] if the agency is a party to the contract, but if the agency is not such a party, the contractor will submit the certified payrolls to the applicant, sponsor, owner, or other entity, as the case may be, that maintains such records, for transmission to the [write in name of agency]. . . ." 2 CFR 200 Appendix II states in part: "In addition to other provisions required by the Federal agency or non-Federal entity; all contracts made by the non-Federal entity under the Federal award must contain provisions covering the following, as applicable. . . . (D) Davis-Bacon Act, as amended (40 U.S.C. 3141-3148). When required by Federal program legislation, all prime construction contracts in excess of $2,000 awarded by non- Federal entities must include a provision for compliance with the Davis-Bacon Act (40 U.S.C. 3141-3144, and 3146-3148) as supplemented by Department of Labor regulations (29 CFR Part 5, 'Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction'). In accordance with the statute, contractors must be required to pay wages to laborers and mechanics at a rate not less than the prevailing wages specified in a wage determination made by the Secretary of Labor. In addition, contractors must be required to pay wages not less than once a week. . . ." INDIANA STATE BOARD OF ACCOUNTS 18 BATESVILLE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." Cause The School Corporation did not implement corrective action as planned to rectify the prior audit finding. This was partially due to the timing of the prior audit as well as an oversight by management. Upon realizing corrective action had not been taken, the grant had been fully expended, and corrective action was no longer possible. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, certified payrolls were not obtained by the School Corporation, and one out of two contractors was not notified of prevailing wage requirements. Noncompliance with the grant agreement and the compliance requirement could result in the loss of future federal funds to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that the School Corporation's management establish a system of internal controls and ensure certified payrolls are obtained and contractors are notified of prevailing wage requirements as required. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2025-004 Subject: Title I Grants to Local Educational Agencies - Eligibility Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listings Number: 84.010 Federal Award Numbers and Years (or Other Identifying Numbers): FY2024, FY2025 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Eligibility Audit Findings: Material Weakness, Other Matters Condition and Context Eligibility for Title I is determined on the Eligible School Summary of the Title I application. Enrollment and poverty numbers are automatically pulled from the Indiana Department of Education's (IDOE) Official Pupil Enrollment (PE) count for each school into the Eligible School Summary page of the Title I application. These counts that are prepopulated should be based on the School Corporation's records as of October of the prior fiscal year. There was no audit evidence that the School Corporation performed a review of the enrollment and poverty counts that were prepopulated into the School Corporation's Title I grant application. During the audit period, the School Corporation submitted two Title I applications. The School Corporation was required to use the October 2022 Real Time Report data for the 2023-2024 Title I application, and the October 2023 Real Time Report data for the 2024-2025 Title I application submitted to the IDOE. Data to be submitted included student socioeconomic status information. The school lunch software was used to verify the socioeconomic status of students reported in the Title I application. A total of 25 students were selected for testing. The socioeconomic status for 1 of the 25 students tested from the October 2022 Real Time Report data did not agree to data reported in the 2023-2024 Title I application. The lack of internal controls was a systemic issue throughout the audit period. The noncompliance was isolated to the October 2022 Real Time Report and the 2023-2024 Title I application. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." INDIANA STATE BOARD OF ACCOUNTS 20 MITCHELL COMMUNITY SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 34 CFR 200.78(a)(1) states: "After reserving funds, as applicable, under § 200.77, including funds for equitable services for private school students, their teachers, and their families, an LEA must allocate funds under this subpart to school attendance areas and schools, identified as eligible and selected to participate under section 1113(a) or (b) of the ESEA, in rank order on the basis of the total number of public school children from low-income families in each area or school." Cause Due to turnover of staff in the School Corporation's administrative office, the School Corporation's management had not established a system of internal controls that would have ensured compliance or that supporting documentation would have been maintained and made available for audit related to the eligibility compliance requirement. Effect The School Corporation did not establish an effective system of internal controls to retain and provide appropriate supporting documentation for the Real Time Reports and for the audit period which enabled noncompliance to go undetected. Noncompliance with the grant agreement and the eligibility compliance requirement could result in the loss of future federal funds to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that the School Corporation's management establish a system of internal controls to ensure Real Time Reports are reviewed for accuracy and compared to the Title I application and that adequate documentation is maintained to support the information in the Title I application. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
U.S. Department of Health and Human Services Program Name: Maternal and Child Health Services Block Grant Federal Assistance Listing Number: 93.994 Significant Deficiency, Nonmaterial Noncompliance – Reporting Finding 2025-010 – Repeat Finding Criteria or Specific Requirement: Per Section 200.303 of the Uniform Grant Guidance, a non-federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Per 2 CFR 200.334 the recipient must retain all federal award records for three years from the date of submission of their final financial report. Condition: During the audit we tested nine reports and noted the following: a) There was one instance out of nine reports tested where the submitted reports were unable to be provided, including the date of submission for the reports. b) There were four instances out of nine reports tested where the County was unable to provide evidence the report was reviewed prior to submission. c) There were two instances out of nine reports tested where the County was unable to provide the date of submission for the reports. Questioned Costs: None of the nonmaterial noncompliance items resulted in questioned costs. Effect: By not having the required documentation and underlying support, the County is not able to demonstrate compliance with the applicable requirements. Cause: The County did not have a formal policy to ensure documentation was retained to evidence review and submission of all reports. Recommendation: While the County made updates to policies and procedures surrounding reporting during the current year to address the prior year finding, the County should ensure these policies are adhered to ensure all submitted reports and underlying data are retained in accordance with the Uniform Grant Guidance requirements. Views of Responsible Officials: Management agrees with the finding and is implementing procedures to correct this which is further discussed in the Corrective Action Plan. Corrective Action Plan: See Corrective Action Plan prepared by the County.
Reference Number: 2025-018 Prior Year Finding: No Federal Agency: Various State Agency: Higher Education Policy Commission (HEPC) Bluefield State University Federal Program: Research and Development Cluster Assistance Listing Number: Various Award Number and Year: Various Compliance Requirement: Procurement Type of Finding: Significant Deficiency in Internal Control Over Compliance, Other Matters Criteria or Specific Requirement: Compliance: 2 CFR 200.320 (a)(1)(iv) states that a recipient or subrecipient may establish a micro-purchase threshold higher than the micro-purchase threshold identified in the FAR in accordance with the requirements of this section. The recipient or subrecipient may self-certify a threshold up to $50,000 on an annual basis and must maintain documentation to be made available to the Federal agency or pass-through entity and auditors in accordance with § 200.334. The self-certification must include a justification, clear identification of the threshold, and supporting documentation of any of the following: A. A qualification as a low-risk auditee, in accordance with the criteria in § 200.520 for the most recent audit; B. An annual internal institutional risk assessment to identify, mitigate, and manage financial risks; or, C. For public institutions, a higher threshold is consistent with State law. Control: Per 2 CFR Section 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should comply with guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control Integrated Framework”, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Condition: HEPC and Bluefield State University utilized micro‑purchase procedures for purchases charged to Federal awards at amounts exceeding the Federal micro‑purchase threshold based on thresholds established in its Board approved policies. However, the entities did not complete and retain the required annual self‑certification supporting the higher thresholds utilized. Context: HEPC applied a micro‑purchase threshold of $50,000 and Bluefield State University applied a micro‑purchase threshold of $25,000. Questioned costs: None noted. Cause: HEPC’s and Bluefield State University’s internal control processes did not include a documented control activity to ensure annual self‑certification of the micro‑purchase threshold was completed, approved by appropriate authority, and retained in accordance with Uniform Guidance requirements. Effect: By applying micro‑purchase procedures to transactions exceeding the Federal micro‑purchase threshold without maintaining required self‑certification documentation, the entities increase the risk of noncompliance with Uniform Guidance procurement standards, insufficient competition or price reasonableness documentation, and the potential for unallowable or unsupported costs charged to Federal awards. Recommendation: HEPC and Bluefield State University should formally establish and document an annual self‑certification of their micro‑purchase thresholds in accordance with 2 CFR §200.320(a)(1)(iv). The self‑certification should clearly identify the approved threshold, include a written justification, and retain supporting documentation demonstrating compliance with one of the allowable criteria. Views of responsible officials: Management concurs with the finding and has developed a plan to correct the finding.
FINDING 2025-001 Subject: Child Nutrition Cluster - Procurement and Suspension and Debarment Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Summer Food Service Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.559 Federal Award Numbers and Years (or Other Identifying Numbers): FY 2024, FY 2025 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Procurement and Suspension and Debarment Audit Findings: Material Weakness, Other Matters Condition and Context An effective internal control system, which would include segregation of duties, was not in place at the School Corporation in order to ensure compliance with requirements related to the grant agreement and the Procurement and Suspension and Debarment compliance requirement. Adequate internal controls were not in place over procurements made under the simplified acquisition threshold for one of two vendors tested during the audit period. The School Corporation made purchases with a vendor in fiscal year 2023-2024 totaling $289,127, but it did not provide audit evidence that methods and procedures performed for the selection of the vendor aligned with requirements related to vendors procured under the simplified acquisition threshold. Adequate internal controls were not in place over procurements made under the small purchase threshold for one of five vendors tested during the audit period. The School Corporation made purchases with a vendor in 2023-2024 totaling $103,519 and in 2024-2025 totaling $111,613, but it did not provide audit evidence that the procurement procedures performed in relation to the award had been reviewed or approved. The School Corporation did not provide documentation that it had entered into a contract with the vendor during either year of the audit period. The lack of internal controls was a systemic issue throughout the audit period. The noncompliance was isolated to procurement requirements. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." INDIANA STATE BOARD OF ACCOUNTS 18 METROPOLITAN SCHOOL DISTRICT OF WASHINGTON TOWNSHIP SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.318(a): "The non-Federal entity must have and use documented procurement procedures, consistent with State, local, and tribal laws and regulations and the standards of this section, for the acquisition of property or services required under a Federal award or subaward. The non- Federal entity's documented procurement procedures must conform to the procurement standards identified in §§ 200.317 through 200.327." 2 CFR 200.320 states in part: "The non-Federal entity must have and use documented procurement procedures, consistent with the standards of this section and §§ 200.317, 200.318, and 200.319 for any of the following methods of procurement used for the acquisition of property or services required under a Federal award or sub-award. (a) Informal procurement methods. When the value of the procurement for property or services under a Federal award does not exceed the simplified acquisition threshold (SAT), as defined in § 200.1, or a lower threshold established by a non-Federal entity, formal procurement methods are not required. The non-Federal entity may use informal procurement methods to expedite the completion of its transactions and minimize the associated administrative burden and cost. The informal methods used for procurement of property or services at or below the SAT include: . . . (1) . . . (iv) Non-Federal entity increase to the micro-purchase threshold up to $50,000. Non-Federal entities may establish a threshold higher than the micro-purchase threshold identified in the FAR in accordance with the requirements of this section. The non-Federal entity may self-certify a threshold up to $50,000 on an annual basis and must maintain documentation to be made available to the Federal awarding agency and auditors in accordance with § 200.334. The self-certification must include a justification, clear identification of the threshold, and supporting documentation of any of the following: (A) A qualification as a low-risk auditee, in accordance with the criteria in § 200.520 for the most recent audit; (B) An annual internal institutional risk assessment to identify, mitigate, and manage financial risks; or, (C) For public institutions, a higher threshold consistent with State law. . . . (b) Formal procurement methods. When the value of the procurement for property or services under a Federal financial assistance award exceeds the SAT, or a lower threshold established by a non-Federal entity, formal procurement methods are required. Formal procurement methods require following documented procedures. Formal procurement methods also require public advertising unless a non-competitive procurement can be used in accordance with § 200.319 or paragraph (c) of this section. The following formal methods of procurement are used for procurement of property or services above the simplified acquisition threshold or a value below the simplified acquisition threshold the non-Federal entity determines to be appropriate: INDIANA STATE BOARD OF ACCOUNTS 19 METROPOLITAN SCHOOL DISTRICT OF WASHINGTON TOWNSHIP SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (1) Sealed bids. A procurement method in which bids are publicly solicited and a firm fixed-price contract (lump sum or unit price) is awarded to the responsible bidder whose bid, conforming with all the material terms and conditions of the invitation for bids, is the lowest in price. The sealed bids method is the preferred method for procuring construction, if the conditions. (i) In order for sealed bidding to be feasible, the following conditions should be present: (A) A complete, adequate, and realistic specification or purchase description is available; (B) Two or more responsible bidders are willing and able to compete effectively for the business; and (C) The procurement lends itself to a firm fixed price contract and the selection of the successful bidder can be made principally on the basis of price. (ii) If sealed bids are used, the following requirements apply: (A) Bids must be solicited from an adequate number of qualified sources, providing them sufficient response time prior to the date set for opening the bids, for local, and tribal governments, the invitation for bids must be publicly advertised; (B) The invitation for bids, which will include any specifications and pertinent attachments, must define the items or services in order for the bidder to properly respond; (C) All bids will be opened at the time and place prescribed in the invitation for bids, and for local and tribal governments, the bids must be opened publicly; (D) A firm fixed price contract award will be made in writing to the lowest responsive and responsible bidder. Where specified in bidding documents, factors such as discounts, transportation cost, and life cycle costs must be considered in determining which bid is lowest. Payment discounts will only be used to determine the low bid when prior experience indicates that such discounts are usually taken advantage of; and (E) Any or all bids may be rejected if there is a sound documented reason. (2) Proposals. A procurement method in which either a fixed price or costreimbursement type contract is awarded. Proposals are generally used when conditions are not appropriate for the use of sealed bids. They are awarded in accordance with the following requirements: (i) Requests for proposals must be publicized and identify all evaluation factors and their relative importance. Proposals must be solicited from an adequate number of qualified offerors. Any response to publicized requests for proposals must be considered to the maximum extent practical; INDIANA STATE BOARD OF ACCOUNTS 20 METROPOLITAN SCHOOL DISTRICT OF WASHINGTON TOWNSHIP SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (ii) The non-Federal entity must have a written method for conducting technical evaluations of the proposals received and making selections; (iii) Contracts must be awarded to the responsible offeror whose proposal is most advantageous to the non-Federal entity, with price and other factors considered; and (iv) The non-Federal entity may use competitive proposal procedures for qualifications based procurement of architectural/engineering (A/E) professional services whereby offeror's qualifications are evaluated and the most qualified offeror is selected, subject to negotiation of fair and reasonable compensation. The method, where price is not used as a selection factor, can only be used in procurement of A/E professional services. It cannot be used to purchase other types of services though A/E firms that are a potential source to perform the proposed effort. . . ." Cause Staff responsible for purchasing were not adequately trained on the School Corporation's procurement policy for obtaining bids for purchases above the simplified acquisition threshold and formal contract requirements for purchases above $50,000. Effect Without the proper implementation of an effectively designed system of internal controls, the School Corporation cannot ensure that contractors paid under the small purchase and simplified acquisition methods were awarded the best price for their services. This could result in federal funding not providing as many services or projects as possible. Questioned Costs There were no questioned costs identified. Recommendation We recommended that the School Corporation strengthen its system of internal controls to ensure the proper procurement method is followed and documentation is retained. We also recommended strengthening its policies and procedures to ensure that appropriate audit evidence is retained for audit. Views of Responsible Official For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2025-002 Subject: Title I Grants to Local Educational Agencies - Special Tests and Provisions - Annual Report Card, High School Graduation Rate Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listings Number: 84.010 Federal Award Numbers and Years (or Other Identifying Numbers): S010A220014; S010A230014 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Special Tests and Provisions - Annual Report Card, High School Graduation Rate Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance to ensure that documentation regarding the reason for a student being removed from the high school graduation cohort for mobility reasons was prepared, reviewed, and retained. The Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement necessitated that for students removed from the high school graduation cohort for mobility reasons there be proper written documentation to support the identified mobility code. There were 15 students selected for testing. Of the 15 students tested, 3 students did not have the required supporting documentation to substantiate removal from the cohort for mobility reasons. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 20 USC 7801(23)(B) states: "To remove a student from a cohort, a school or local educational agency shall require documentation, or obtain documentation from the State educational agency, to confirm that the student has transferred out, emigrated to another country, or transferred to a prison or juvenile facility, or is deceased." INDIANA STATE BOARD OF ACCOUNTS 22 METROPOLITAN SCHOOL DISTRICT OF WASHINGTON TOWNSHIP SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." Cause The School Corporation did not have consistent procedures for maintaining and retaining supporting documentation related to student cohort changes. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, proper documentation was not maintained for students that were removed from the cohort for mobility reasons. Noncompliance with the grant agreement and the compliance requirement could result in the loss of future federal funds to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that the School Corporation's management establish a proper system of internal controls and develop policies and procedures to ensure proper documentation is maintained for students that are removed from the cohort. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2025-004 Subject: Title I Grants to Local Educational Agencies - Special Tests and Provisions - Annual Report Card, High School Graduation Rate Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listings Number: 84.010 Federal Award Numbers and Years (or Other Identifying Numbers): S010A220014, S010A230014, S010A240014 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Special Tests and Provisions - Annual Report Card, High School Graduation Rate Audit Findings: Material Weakness, Qualified Opinion Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance related to the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. The School Corporation must report graduation rate data for all public high schools within the School Corporation using the four-year adjusted cohort rate. To remove a student from the cohort, the School Corporation must confirm the reason for removal in writing. Additionally, required documentation for each removal type must be retained by the School Corporation. The School Corporation did not have effective internal controls in place to ensure that documentation for each removal was retained. INDIANA STATE BOARD OF ACCOUNTS 19 SALEM COMMUNITY SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Documentation of the reason for removal from the cohort was not retained for six of the eight students selected for testing. The School Corporation was unable to locate documentation for any students who exited the cohort prior to the current high school counselor taking her position. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 20 USC 7801(23)(B) states: "To remove a student from a cohort, a school or local educational agency shall require documentation, or obtain documentation from the State educational agency, to confirm that the student has transferred out, emigrated to another country, or transferred to a prison or juvenile facility, or is deceased." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." Cause A proper system of internal controls was not designed by management of the School Corporation to ensure documentation was retained for the required period of time. When turnover occurred, the required files were not retained or could not be located. Effect Without the proper design or implementation of the components of a system of internal controls, including policies and procedures that provide segregation of duties and additional oversight as needed, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, proper documentation to support students' mobility was not retained or provided for audit. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. INDIANA STATE BOARD OF ACCOUNTS 20 SALEM COMMUNITY SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure mobility documentation is collected and retained for audit. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
Name: Community Development Block Grants/State's Program and Non-Entitlement Grants in Hawaii, ASL#: 14.228; Federal Grantor: U.S. Department of Housing and Urban Development; Pass Through Entity: State Department of Housing and Community Development; Award No.: 21-CDBG-CV-TRIB; Year: 2024/2025; Compliance Requirement: Other; Criteria: 2CFR Section 200.302 (Financial Management) and 2 CFR Section 200.334 (Retention Requirements for Records) require that non-federal entities maintain documentation that adequately supports federal expenditures, including original invoices, receipts, and approvals demonstrating that costs were allowable, necessary, and reasonable. Condition: During our testing of 40 disbursements for the Community Development Block Grants/State's Program and Non-Entitlement Grants in Hawaii, we identified two instances (5% error rate) totaling $24.98 where the disbursement was not supported by an original vendor invoice or receipt. Cause: Controls were not consistently followed before processing payments. Effect: The lack of supporting documentation increases the risk that unauthorized, unallowable, or fraudulent expenditures could be charged to the federal program without detection. Questioned Cost: As a result, we are questioning costs of $24.98. Context: The sample was intended to be a systematically valid sample from a population of 556 transactions. Repeat Finding: This is not a repeat finding. Recommendation: We recommend that the management strengthen controls over disbursements by ensuring that no payment is processed wihtout a valid, itemized invoice thta has been approved by authorized personnel. Furthermore, all supporting docuemtnation should be attached to the payment voucher and retained for audit purposes. Views of Responsible Officials and Planned Corrective Action: Refer to separate Management's Corrective Action Plan for view of responsible officials and management's responses.
Significant Deficiencies Federal Program: U.S. Department of Health and Human Services Pass-Through from Maryland Department of Health and Cecil County Health Department Major Program: Opioid State Targeted Response (93.788) Finding 2025 - 004: Transactions Lacking Adequate Documentation – Allowable Costs Criteria: 2 CFR Part 200.403(g) requires that costs should be adequately documented to support the nature and amount of a transaction for such charges to be allowable under federal awards. In addition, 2 CFR Part 200.334 requires recipients to maintain financial records sufficient to show compliance with federal statues, regulations, and terms and conditions of the award. Condition: During our audit we identified certain transactions without adequate documentation. Context: A review of 40 disbursements totaling $41,262 noted two transactions without proper support. One employee reimbursement was overpaid due to an incorrect reimbursement form, and one disbursement did not have proper approval of the invoice. Cause: The employee improperly completed the reimbursement form, and the total amount did not match the original receipt. The supervisor failed to notice this difference when reviewing the form. For the other disbursement, the invoice was not properly reviewed and approved by a supervisor prior to payment. Effect: Costs could be deemed unallowable by the awarding agency if not properly substantiated and grant funding could be improperly spent. Questioned Costs: $1,434 of known costs charged to federal awards without adequate documentation. Recommendation: We recommend the Organization reiterate its policy to employees to properly calculate and document reimbursement forms. We also recommend that management adequately review and approve all invoices as they arrive. View of Responsible Officials and Planned Corrective Action: We are in agreement with the finding and will reinforce our policies on reimbursements and invoice approvals.
2025-009 – Insufficient Supporting Documentation of Disbursements Finding Type. Immaterial Noncompliance/Significant Deficiency in Internal Control over Compliance (Allowable Costs/Cost Principles). Program. Epidemiology and Laboratory Capacity for Infectious Diseases (ELC); U.S. Department of Health and Human Services; Assistance Listing Number 93.323; Award Number E20242798-00. Criteria. Under 2 CFR §200.403(g) and 2 CFR 200.334, federal award expenses must be adequately documented, and records must be retained and available for review for the required retention period. Condition. During our testing of disbursements, we noted 1 of 26 disbursements tested where the University did not have adequate documentation to support why the disbursement was charged to the grant. Cause. The lack of required supporting documentation resulted from employee turnover within the grant and accounts payable functions, which led to gaps in knowledge transfer and inconsistent adherence to established documentation procedures. Effect. As a result of this condition, there is an increased risk of unallowable expenses being charged to the grant, inaccurate financial reporting, and other potential noncompliance with federal regulations. Questioned Costs. There were questioned costs of $135. Recommendation. We recommend the University establish formal procedures to ensure all expenses charged to grants have adequate support and reviewed and approved by management. View of Responsible Officials. Management agrees with this finding and has prepared a Corrective Action Plan.
FINDING 2025-002 Subject: Title I Grants to Local Educational Agencies - Eligibility Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listings Number: 84.010 Federal Award Numbers and Years (or Other Identifying Numbers): S010A230014, S010A240014 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Eligibility Audit Findings: Material Weakness, Modified Opinion Condition and Context Eligibility for Title I is determined on the Eligible School Summary of the Tile I Application. Enrollment and Poverty numbers are automatically pulled from the Indiana Department of Education's (IDOE) Official Pupil Enrollment count for each school into the Eligible School Summary page of the Tile I application. The counts that are prepopulated should be based on the School Corporation's records as of October of the prior fiscal year. During the audit period, the School Corporation submitted two Title I Applications. The School Corporation was required to use the October 2022 Real Time Report data for the fiscal year 2023-2024 Title I application and the October 2023 Real Time Report data for the 2024-2025 Title I application submitted to the IDOE. Data to be submitted included student socioeconomic status information. Of the 25 students tested, the School Corporation could not provide documentation supporting enrollment status for 1 student or the socioeconomic status for 3 students. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." INDIANA STATE BOARD OF ACCOUNTS 17 LAKELAND SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 34 CFR 200.78(a)(1) states: "After reserving funds, as applicable, under § 200.77, including funds for equitable services for private school students, their teachers, and their families, an LEA must allocate funds under this subpart to school attendance areas and schools, identified as eligible and selected to participate under section 1113(a) or (b) of the ESEA, in rank order on the basis of the total number of public school children from low-income families in each area or school." Cause The School Corporation did not have effective internal controls in place to ensure documentation was complete for all student enrollment and socioeconomic statuses. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, documentation was not complete to ensure all student enrollment and socioeconomic statuses in the Title I Application were accurate. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation design and implement a proper system of internal controls, including policies and procedures that would ensure documentation is complete for all student enrollment and socioeconomic statuses. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
Federal Agency: U.S. Department of Housing and Urban Development Federal Program Title: Home Partnership Investment Program Assistance Listing Number: 14.239 Pass-Through Agency: State Department of Housing and Urban Development Pass-Through Number(s): N/A Award Period: July 1, 2024 to June 30, 2025 Type of Finding: Significant Deficiency in Internal Control over Compliance, Other Matter Criteria: In accordance with 2 CFR § 200.334, recipients and subrecipients of federal awards are required to retain all records pertinent to a federal award for a period of three years from the date of submission of the final expenditure or financial report. These records include, but are not limited to, financial records, supporting documentation, statistical records, and all other records pertinent to the federal award. The County is expected to retain copies of all grant agreements to ensure it can identify and comply with all applicable terms, conditions, and regulatory requirements associated with the funding. Condition: CLA observed that the County did not retain copies of the grant agreements for the Home Partnership Investment Program. Questioned costs: None noted. Context: CLA was unable to obtain the grant agreements for the Home Partnership Investment Program, as the County was unable to provide copies upon request. Cause: The management was unable to retain copies of the grant agreements due to the considerable passage of time since their issuance. Effect: Due to the absence of the original grant agreements, the County may not be fully aware of, or in compliance with, all applicable grant requirements. Repeat Finding: 2024-008 Recommendation: We recommend that management establish and maintain a formal process for the retention and organization of all grant-related documentation. This process should ensure that key documents are securely stored, easily accessible, and periodically reviewed to support ongoing compliance with grant requirements. Additionally, the County should work with granting agencies to obtain copies of any missing agreements and perform a comprehensive review to identify and address any outstanding compliance requirements. Views of responsible officials: There is no disagreement with the audit finding.
FINDING 2025-004 Subject: Special Education Cluster (IDEA) - Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: Department of Education Federal Programs: Special Education Grants to States, COVID-19 - Special Education Grants to States, Special Education Preschool Grants, COVID-19 - Special Education Preschool Grants Assistance Listings Numbers: 84.027, 84.027X, 84.173, 84.173X Federal Award Numbers and Years (or Other Identifying Numbers): 22611-148-PN01, 23611-148-PN01, 24611-148-PN01, 25611-148-PN01, 22611-148-ARP, 22619-148-PN01, 23619-148-PN01, 24619-148-PN01, 25619-148-PN01, 22619-148-ARP Pass-Through Entity: Indiana Department of Education Compliance Requirements: Activities Allowed or Unallowed, Allowable Costs/Cost Principles Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation had not properly designed or implemented a system of internal controls to ensure that proper documentation was retained for audit. A sample of 40 expenditures from the School Corporation's special education funds during the audit period was selected for testing. Of the sample, there were 5 transactions for which the School Corporation was unable to provide supporting documentation. As a result, 5 expenditures totaling $11,683 could not be verified as allowable activities or costs for the program. The lack of effective internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." INDIANA STATE BOARD OF ACCOUNTS 26 GRIFFITH PUBLIC SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 34 CFR 300.202(a) states: "General. Amounts provided to the LEA under Part B of the Act— (1) Must be expended in accordance with the applicable provisions of this part; (2) Must be used only to pay the excess costs of providing special education and related services to children with disabilities, consistent with paragraph (b) of this section; and (3) Must be used to supplement State, local, and other Federal funds and not to supplant those funds." 34 CFR 300.208 states: "(a) Uses. Notwithstanding §§ 300.202, 300.203(b), and 300.162(b), funds provided to an LEA under Part B of the Act may be used for the following activities: (1) Services and aids that also benefit nondisabled children. For the costs of special education and related services, and supplementary aids and services, provided in a regular class or other education-related setting to a child with a disability in accordance with the IEP of the child, even if one or more nondisabled children benefit from these services. (2) Early intervening services. To develop and implement coordinated, early intervening educational services in accordance with § 300.226. (3) High cost special education and related services. To establish and implement cost or risk sharing funds, consortia, or cooperatives for the LEA itself, or for LEAs working in a consortium of which the LEA is a part, to pay for high cost special education and related services. (b) Administrative case management. An LEA may use funds received under Part B of the Act to purchase appropriate technology for recordkeeping, data collection, and related case management activities of teachers and related services personnel providing services described in the IEP of children with disabilities, that is needed for the implementation of those case management activities." 34 CFR 300.800 states: "The Secretary provides grants under section 619 of the Act to assist States to provide special education and related services in accordance with Part B of the Act— (a) To children with disabilities aged three through five years; and (b) At a State's discretion, to two-year-old children with disabilities who will turn three during the school year." 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: INDIANA STATE BOARD OF ACCOUNTS 27 GRIFFITH PUBLIC SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." Cause Due to turnover of staffing in the School Corporation's administrative office, an effective system of internal controls was not established that would have ensured compliance, or that supporting documentation would have been maintained and made available for audit, with the grant agreement and the Activities Allowed or Unallowed and the Allowable Costs/Cost Principles compliance requirements. Effect Without a proper system of internal controls in place that operated effectively, the School Corporation did not retain and provide appropriate supporting documentation. This prevented the determination of the School Corporation's compliance with the compliance requirements listed above. Questioned Costs We identified $11,683 in known questioned costs as noted above in the Condition and Context. Recommendation We recommended that the School Corporation's management establish an effective system of internal controls to ensure documentation to support all grant expenditures will be maintained and made available for audit as related to the grant agreement and the Activities Allowed or Unallowed and the Allowable Costs/Cost Principles compliance requirements. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2025-005 Subject: Special Education Cluster (IDEA)- Procurement and Suspension and Debarment Federal Agency: Department of Education Federal Programs: Special Education Grants to States, COVID-19 - Special Education Grants to States, Special Education Preschool Grants, COVID-19 - Special Education Preschool Grants Assistance Listings Numbers: 84.027, 84.027X, 84.173, 84.173X Federal Award Numbers and Years (or Other Identifying Numbers): 22611-148-PN01, 23611-148-PN01, 24611-148-PN01, 25611-148-PN01, 22611-148-ARP, 22619-148-PN01, 23619-148-PN01, 24619-148-PN01, 25619-148-PN01, 22619-148-ARP Pass-Through Entity: Indiana Department of Education Compliance Requirement: Procurement and Suspension and Debarment Audit Findings: Material Weakness, Other Matters INDIANA STATE BOARD OF ACCOUNTS 28 GRIFFITH PUBLIC SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance related to the Procurement and Suspension and Debarment compliance requirement. Procurement - Micro-Purchases Federal regulations allow for informal procurement methods when the value of the procurement for property or services does not exceed the micro-purchase threshold, which is set at $10,000. Micro-purchases may be awarded without soliciting competitive price rate quotations. Three vendors determined to fall under the micro-purchase threshold were selected for testing. One claim from one of the vendors selected for testing did not have proper supporting documentation maintained by the School Corporation to determine if the proper procurement method was followed. Suspension and Debarment Prior to entering into subawards and covered transactions with federal award funds, recipients are required to verify that such contractors and subrecipients are not suspended, debarred, or otherwise excluded. "Covered transactions" include, but are not limited to, contracts for goods and services awarded under a nonprocurement transaction (i.e., grant agreement) that are expected to equal or exceed $25,000. The verification is to be done by checking the SAM exclusions, collecting a certification from that vendor, or adding a clause or condition to the covered transaction with that vendor. One vendor provided contracted services paid with special education grant funds during the audit period totaling $269,948. Upon inquiry of the School Corporation, it was determined that the School Corporation did not verify that the contractor was not suspended or debarred or otherwise excluded. The lack of effective internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." INDIANA STATE BOARD OF ACCOUNTS 29 GRIFFITH PUBLIC SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.318 states in part: "(a) The non-Federal entity must have and use documented procurement procedures, consistent with State, local, and tribal laws and regulations and the standards of this section, for the acquisition of property or services required under a Federal award or subaward. The non-Federal entity's documented procurement procedures must conform to the procurement standards identified in §§ 200.317 through 200.327. . . . (i) The non-Federal entity must maintain records sufficient to detail the history of procurement. These records will include, but are not necessarily limited to, the following: Rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the contract price. . . ." 2 CFR 200.320 states in part: "The non-Federal entity must have and use documented procurement procedures, consistent with the standards of this section and §§ 200.317, 200.318, and 200.319 for any of the following methods of procurement used for the acquisition of property or services required under a Federal award or sub-award. (a) Informal procurement methods. When the value of the procurement for property or services under a Federal award does not exceed the simplified acquisition threshold (SAT), as defined in § 200.1, or a lower threshold established by a non-Federal entity, formal procurement methods are not required. The non-Federal entity may use informal procurement methods to expedite the completion of its transactions and minimize the associated administrative burden and cost. The informal methods used for procurement of property or services at or below the SAT include: . . . (1) Micro-purchases — (i) Distribution. The acquisition of supplies or services, the aggregate dollar amount of which does not exceed the micro-purchase threshold (See the definition of micro-purchase in § 200.1). To the maximum extent practicable, the non-Federal entity should distribute micro-purchases equitably among qualified suppliers. (ii) Micro-purchase awards. Micro-purchases may be awarded without soliciting competitive price or rate quotations if the non-Federal entity considers the price to be reasonable based on research, experience, purchase history or other information and documents it files accordingly. Purchase cards can be used for micropurchases if procedures are documented and approved by the non-Federal entity. (iii) Micro-purchase thresholds. The non-Federal entity is responsible for determining and documenting an appropriate micro-purchase threshold based on internal controls, an evaluation of risk, and its documented procurement procedures. The micropurchase threshold used by the non-Federal entity must be authorized or not prohibited under State, local, or tribal laws or regulations. Non-Federal entities may establish a threshold higher than the Federal threshold established in the Federal Acquisition Regulations (FAR) in accordance with paragraphs (a)(1)(iv) and (v) of this section. INDIANA STATE BOARD OF ACCOUNTS 30 GRIFFITH PUBLIC SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (iv) Non-Federal entity increase to the micro-purchase threshold up to $50,000. Non-Federal entities may establish a threshold higher than the micro-purchase threshold identified in the FAR in accordance with the requirements of this section. The non-Federal entity may self-certify a threshold up to $50,000 on an annual basis and must maintain documentation to be made available to the Federal awarding agency and auditors in accordance with § 200.334. The self-certification must include a justification, clear identification of the threshold, and supporting documentation of any of the following: (A) A qualification as a low-risk auditee, in accordance with the criteria in § 200.520 for the most recent audit; (B) An annual internal institutional risk assessment to identify, mitigate, and manage financial risks; or, (C) For public institutions, a higher threshold consistent with State law. . . ." 2 CFR 180.300 states: "When you enter into a covered transaction with another person at the next lower tier, you must verify that the person with whom you intend to do business is not excluded or disqualified. You do this by: (a) Checking SAM Exclusions; or (b) Collecting a certification from that person; or (c) Adding a clause or condition to the covered transaction with that person." Cause A proper system of internal controls was not designed by management of the School Corporation, which would include segregation of key functions. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to affect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, procurement procedures for goods and services were not adhered to, and vendors to whom payments equal to, or in excess of $25,000, were not verified to not be suspended, debarred, or otherwise excluded. Questioned Costs There were no questioned costs identified. INDIANA STATE BOARD OF ACCOUNTS 31 GRIFFITH PUBLIC SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure there are appropriate procurement procedures for goods and services and contractors and subrecipients, as appropriate, are not suspended, debarred, or otherwise excluded prior to entering into any contracts or subawards. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2025-007 Subject: Title I Grants to Local Educational Agencies - Eligibility Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listings Number: 84.010 Federal Award Numbers and Years (or Other Identifying Numbers): S010A220014, S010A230014, S010A240014 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Eligibility Audit Findings: Material Weakness, Modified Opinion Condition and Context Eligibility for Title I is determined on the Eligible School Summary of the Title I application. Enrollment and poverty numbers for the public school district are automatically pulled from Indiana Department of Education's Official Pupil Enrollment count for each school into the Eligible School Summary page of the Title I application. Enrollment and poverty numbers for any nonpublic schools are manually entered into the Title I application by the School Corporation. The School Corporation was to obtain a list of students and their poverty status from the non-public schools to enter into the Title I application. INDIANA STATE BOARD OF ACCOUNTS 31 SCHOOL CITY OF EAST CHICAGO SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) However, supporting documentation was not provided to verify the nonpublic schools' enrollment and poverty numbers included in the fiscal year 2023-2024 Title I application. In addition, supporting documentation was not provided to verify the nonpublic schools' poverty numbers and the total enrollment number was 42 students greater than the support provided for the 2024-2025 Title I application. The lack of internal controls and supporting documentation was systemic throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 34 CFR 200.78(a)(1) states: "After reserving funds, as applicable, under § 200.77, including funds for equitable services for private school students, their teachers, and their families, an LEA must allocate funds under this subpart to school attendance areas and schools, identified as eligible and selected to participate under section 1113(a) or (b) of the ESEA, in rank order on the basis of the total number of public school children from low-income families in each area or school." Cause Due to a turnover in Title I Directors, supporting documentation for the enrollment and poverty numbers included in the Title I applications could not be located. Effect Noncompliance with the grant agreement and the compliance requirement could result in the repayment of federal funds. Questioned Costs There were no questioned costs identified. INDIANA STATE BOARD OF ACCOUNTS 32 SCHOOL CITY OF EAST CHICAGO SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Recommendation We recommended that the School Corporation's management develop policies and procedures over the retention of the Title I application enrollment and poverty information for nonpublic schools. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2025-008 Subject: COVID-19 - Education Stabilization Fund - Condition of Records Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Numbers: 84.425D, 84.425U, 84.425W Federal Award Numbers and Years (or Other Identifying Numbers): S425D210013, S425U210013, S425W210015 Pass-Through Entity: Indiana Department of Education Compliance Requirements: Activities Allowed or Unallowed; Allowable Costs/Cost Principles; Equipment and Real Property Management; Matching, Level of Effort, Earmarking; Special Tests and Provisions - Wage Rate Requirements Audit Findings: Material Weakness, Modified Opinion Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding numbers were 2023-007 and 2023-009 over the compliance requirements Equipment and Real Property Management and Special Tests and Provisions - Wage Rate Requirements, respectively. Condition and Context The School Corporation received reimbursements totaling $30,316,384 from the COVID-19 - Education Stabilization Fund (ESF) federal awards during the audit period. The reimbursements were associated with three separate federal awards, each of which was required to be accounted for in a separate fund within the School Corporation's financial management system. Expenditures were to be made in accordance with the approved grant applications and budgets, with reimbursement requests subsequently submitted to the Indiana Department of Education (IDOE). The School Corporation was responsible for maintaining detailed disbursement ledgers for each grant fund to support the amounts claimed for reimbursement. As is typical with reimbursement-based grants, the ending cash and investment balances of each grant fund were expected to reflect overdrawn balances until the subsequent reimbursements were received from the IDOE. The $30,316,384 received in ESF funds during the audit period was based on 28 reimbursement requests for expenditures incurred between June 1, 2023 through December 13, 2024. Based on our review of grant fund records and inquiry with management, we identified the following deficiencies: The detailed disbursement ledger for the period of June 1, 2023 through December 13, 2024, excluding June 2024 for Grant #S425U210013 as no reimbursement request was submitted, reflected total expenditures of $23,051,334. This resulted in $7,265,050 in reimbursements that were not adequately supported by detailed records. INDIANA STATE BOARD OF ACCOUNTS 33 SCHOOL CITY OF EAST CHICAGO SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) A review of the submitted reimbursement requests indicated that $1,069,865 was reimbursed for indirect costs; however, a disbursement from the grant funds to other operating funds was not recorded within the School Corporations records. Of the 28 reimbursement requests submitted, only 5 were supported by detailed disbursement ledgers that agreed with the dates and amounts claimed. The remaining 23 reimbursement requests could not be directly reconciled to the supporting documentation provided. Upon further inquiry with management, additional records were provided; however, these records lacked sufficient detail, such as fund number, fund name, check numbers, dates, and vendor names to be useable. Reimbursements received were not posted to each grant fund properly. This resulted in the ARP EESER III fund receipts to be understated by $4,297,935 and the ESSER II and GEER PD funds receipts to be overstated by $4,174,376 and $123,560, respectively. Since this is a reimbursement-based grant, the ending cash and investment balances of each grant fund should either be zero or overdrawn while awaiting reimbursement. However, as of June 30, 2025, the ESSER II and Geer PD funds reported positive cash and investment balances of $5,047,932 and $404,653, respectively. Due to the deficiencies noted above, the School Corporation was unable to provide sufficient appropriate evidence for us to determine populations, and, therefore, audit and base an opinion on the compliance requirements subject to audit that were determined to have a direct and material effect on the program. As a result, the $30,316,384 in reimbursements received during the audit period were considered questioned costs. The lack of internal controls and noncompliance were material and systemic throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.302 states in part: "(a) . . . the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. See also § 200.450. INDIANA STATE BOARD OF ACCOUNTS 34 SCHOOL CITY OF EAST CHICAGO SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (b) The financial management system of each non-Federal entity must provide for the following (see §§ 200.334, 200.335, 200.336, and 200.337): (1) Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, Federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any. (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements in §§ 200.328 and 200.329. . . . (3) Records that identify adequately the source and application of funds for federallyfunded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. (4) Effective control over, and accountability, for all funds, property, and assets. The non- Federal entity must adequately safeguard all assets and ensure that they are used solely for authorized purposes. See § 200.303. (5) Comparison of expenditures with budget amounts for each Federal award. (6) Written procedures to implement the requirements of § 200.305. (7) Written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award." 2 CFR 200.1 states in part: ". . . Questioned cost means a cost that is questioned by the auditor because of an audit finding: (1) Which resulted from a violation or possible violation of a statute, regulation, or the terms and conditions of a Federal award, including for funds used to match Federal funds; (2) Where the costs, at the time of the audit, are not supported by adequate documentation; or (3) Where the costs incurred appear unreasonable and do not reflect the actions a prudent person would take in the circumstances. (4) Questioned costs are not an improper payment until reviewed and confirmed to be improper as defined in OMB Circular A-123 appendix C. (See also the definition of Improper payment in this section)." 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. INDIANA STATE BOARD OF ACCOUNTS 35 SCHOOL CITY OF EAST CHICAGO SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 2 CFR 200.313(d) states in part: ". . . (1) Property records must be maintained that include a description of the property, a serial number or other identification number, the source of funding for the property (including the FAIN), who holds title, the acquisition date, and cost of the property, percentage of Federal participation in the project costs for the Federal award under which the property was acquired, the location, use and condition of the property, and any ultimate disposition data including the date of disposal and sale price of the property. (2) A physical inventory of the property must be taken and the results reconciled with the property records at least once every two years. (3) A control system must be developed to ensure adequate safeguards to prevent loss, damage, or theft of the property. Any loss, damage, or theft must be investigated. (4) Adequate maintenance procedures must be developed to keep the property in good condition. . . ." 29 CFR 5.5 states in part: "(a) Required contract clauses. The Agency head will cause or require the contracting officer to require the contracting officer to [sic] insert in full, or (for contracts covered by the Federal Acquisition Regulation (48 CFR chapter 1)) by reference, in any contract in excess of $2,000 which is entered into for the actual construction, alteration and/or repair, including painting and decorating, of a public building or public work, or building or work financed in whole or in part from Federal funds or in accordance with guarantees of a Federal agency or financed from funds obtained by pledge of any contract of a Federal agency to make a loan, grant or annual contribution (except where a different meaning is expressly indicated), and which is subject to the labor standards provisions of any of the laws referenced by § 5.1, the following clauses . . . (1) Minimum wages— (i) Wage rates and fringe benefits. All laborers and mechanics employed or working upon the site of the work (or otherwise working in construction or development of the project under a development statute), will be paid unconditionally and not less often than once a week, and without subsequent deduction or rebate on any account (except such payroll deductions as are permitted by regulations issued by the Secretary of Labor under the Copeland Act (29 CFR part 3)), the full amount of basic hourly wages and bona fide fringe benefits (or cash equivalents thereof) due at time of payment computed at rates not less than those contained in the wage determination of the Secretary of Labor which is attached hereto and made a part hereof, regardless of any contractual relationship which may be alleged to exist between the contractor and such laborers and mechanics. . . . (3) Records and certified payrolls— (ii) Certified payroll requirements— INDIANA STATE BOARD OF ACCOUNTS 36 SCHOOL CITY OF EAST CHICAGO SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (A) Frequency and method of submission. The contractor or subcontractor must submit weekly, for each week in which any DBA- or Related Acts-covered work is performed, certified payrolls to the [write in name of appropriate Federal agency] if the agency is a party to the contract, but if the agency is not such a party, the contractor will submit the certified payrolls to the applicant, sponsor, owner, or other entity, as the case may be, that maintains such records, for transmission to the [write in name of agency]. . . ." 2 CFR 200 Appendix II to Part 200 states in part: "In addition to other provisions required by the Federal agency or non-Federal entity; all contracts made by the non-Federal entity under the Federal award must contain provisions covering the following, as applicable. . . . (D) Davis-Bacon Act, as amended (40 U.S.C. 3141-3148). When required by Federal program legislation, all prime construction contracts in excess of $2,000 awarded by non- Federal entities must include a provision for compliance with the Davis-Bacon Act (40 U.S.C. 3141-3144, and 3146-3148) as supplemented by Department of Labor regulations (29 CFR Part 5, 'Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction'). In accordance with the statute, contractors must be required to pay wages to laborers and mechanics at a rate not less than the prevailing wages specified in a wage determination made by the Secretary of Labor. In addition, contractors must be required to pay wages not less than once a week. . . ." Cause The School Corporation experienced turnover in key personnel over the federal program, which contributed to the lack of appropriate supporting records. A proper system of internal controls was not designed to ensure continuity of policies, procedures, and records when personnel transitions occurred. Effect Noncompliance with the grant agreement and the compliance requirements could result in the repayment of federal funds. Questioned Costs We identified $30,316,384 in known questioned costs as noted in the Condition and Context. Recommendation We recommended that the School Corporation's management develop policies and procedures to ensure continuity of school records during a personnel change and that all reimbursement requests are properly supported by detail records. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
4. MEDICAID CLUSTER/CHIP – THIRD PARTY LIABILITY Finding Number: 2025-016 State Agency Number: MCD-04 Assistance Listing Numbers and Titles: 93.767 – Children’s Health Insurance Program (CHIP) 93.767 COVID 19 – CHIP 93.775/93.777/93.778 – Medicaid Cluster 93.775/93.777/93.778 COVID-19 – Medicaid Cluster Federal Award Identification Numbers / Years: 2305OH5023 / 2023 (CHIP) 2405OH5024 / 2024 (CHIP) 2505OH5025 / 2025 (CHIP) 2305OH5MAP / 2023 (Medicaid Cluster) 2405OH5MAP / 2024 (Medicaid Cluster) 2505OH5MAP / 2025 (Medicaid Cluster) Federal Agency: Department of Health and Human Services Compliance Requirements: Allowable Costs / Cost Principles – Third Party Liability Repeat Finding from Prior Audit? No NONCOMPLIANCE AND SIGNIFICANT DEFICIENCY 42 C.F.R. § 433.136, Definitions states, in part: Third Party means any individual, entity or program that is or may be liable to pay all or part of the expenditures for medical assistance furnished under a State plan. 42 C.F.R. § 433.138(b)(1), Identifying liable third parties states, in part: If the Medicaid agency determines eligibility for Medicaid, it must, during the initial application and each redetermination process, obtain from the applicant or beneficiary such health insurance information as would be useful in identifying legally liable third party resources so that the agency may process claims under the third party liability payment procedures specified in § 433.139(b) through (f). Health insurance information may include, but not limited to, the name of the policy holder, his or her relationship to the applicant or beneficiary, the social security number of the policy holder, and the name and address of insurance company and policy number. 42 C.F.R. § 433.139(b), Payment of claims states, in part: (1) If the agency has established the probable existence of third party liability at the time the claim is filed, the agency must reject the claim and return it to the provider for a determination of the amount of liability. The establishment of third party liability takes place when the agency receives confirmation from the provider or a third party resource indicating the extent of third party liability. When the amount of liability is determined, the agency must then pay the claim to the extent that payment allowed under the agency’s payment schedule exceeds the amount of the third party’s payment. (3) The agency must pay the full amount allowed under the agency's payment schedule for the claim and seek reimbursement from any liable third party to the limit of legal liability [in certain circumstances] . . . 2 C.F.R. § 200.334, Record retention requirements states, in part: The recipient . . . must retain all Federal award records for three years from the date of submission of their final financial report. . . . Records to be retained include but are not limited to financial records, supporting documentation and statistical records. . . The Department is the lead agency responsible for administering the Medicaid Cluster and CHIP federal grant programs for the State of Ohio. It is the Department’s responsibility to design and implement a system of internal controls to ensure legally liable third parties are identified, maintain verification documentation, and the claim is paid correctly. The Department is responsible for overall program compliance and must have appropriate oversight and monitoring procedures in place to ensure its third party liability process is operating effectively and as intended. During state fiscal year (SFY) 2025, the Department verified 10,600 third party insurance records within the Medicaid Information Technology System (MITS) which generated a document control number (DCN) record and stored the associated verification documentation received as a response to the verification letters sent to the third party providers within the DCN Panel. Additionally, monthly the Department reviewed a sample of verifications to ensure the third party liability insurance information was properly verified and information within MITS was accurate. As of July 7, 2025, MITS was decommissioned and the third party liability process was moved to the Ohio Medicaid Enterprise System (OMES) Fiscal Intermediary (FI) module. However, no historical evidence such as the DCN or supporting third party insurance documentation was available for review within FI. As such, the Department was unable to provide any of the third party verifications and compliance with federal requirements could not be verified during the audit period. By not maintaining historical third party insurance verifications within FI, the Department cannot be reasonably assured the third party insurance information was verified to ensure accurate payment of the fee-for-service claims and compliance with federal regulations during the audit period. Based on discussions with the Department, the issue was caused by the system change from MITS to FI, as a result, access to MITS was revoked and therefore no record of verifications could be provided for audit. We recommend the Department re-evaluate its policies and procedures over third party insurance verifications to ensure the liability insurance verification information is documented and maintained to be compliant with federal requirements and be available upon request. We recommend the Department continues to review the third party liability DCNs (or equivalent parameter within FI) monthly to ensure the information was properly verified, coverage types were properly identified, and all information in FI and other systems is correct. We further recommend the Department take necessary steps to ensure the proper conversion of all relevant data elements and related documentation is completed by ensuring historical data is maintained and available when a major system upgrade and/or replacement is performed.
Performance Reporting – Semi-Annual Progress Report and Special Reporting – MFP Work Plan Program Name: Money Follows the Person Rebalancing Demonstration (MFP) (Assistance Listing 93.791) Federal Award Agency: United States Department of Health and Human Services Award Years: Federal Fiscal Years 2024 and 2025 Federal Award Number: 1LICMS300142 Criteria The Money Follows the Person (MFP) Rebalancing Demonstration federal award requires the state to provide programmatic reports in accordance with Title 2 U.S. Code of Federal Regulations (CFR) Part 200.301. Title 2 CFR Part 200.301 requires the state to correlate financial data to performance accomplishments of the federal award. The state should also measure performance in a way that will help the United States Department of Health and Human Services (DHHS) and other non-federal entities to improve program outcomes, share lessons learned, and spread the adoption of promising practices. Title 2 CFR Part 200.303 requires the non-federal entity to establish and maintain effective internal controls over the federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the award. MFP terms and conditions require the state to submit a work plan that documents its progress on the use of initiatives designed to increase the use of home and community-based services rather than institutional long-term services and supports. MFP terms and conditions require the state to submit semi-annual progress reports that present the state’s analysis and the status of various operational areas in reaching the objectives of the demonstration. The semi-annual progress report documents the state’s progress in meeting MFP operational procedures and processes, transition benchmarks, and program goals for expanding and enhancing home and community-based services. Title 2 CFR Part 200.334 requires the state to retain financial and programmatic records to support reported information for three years from the date of submission. Condition Our review of the MFP work plan and semi-annual progress report for July 1 to December 31, 2024, disclosed that the Department of Social Services (DSS) did not maintain MFP program data to support figures reported for seven performance objectives in the work plan and 11 performance measures in the semi-annual progress report. Context DSS submitted two semi-annual progress reports and two work plans to DHHS during fiscal year 2025. The sample was not statistically valid. Questioned Costs $0 Effect DSS may have submitted an inaccurate work plan and progress report. DHHS may be using unreliable data to identify promising practices and make future federal program decisions. Cause DSS lacked adequate controls to document and retain MFP data. Prior Audit Finding We have not previously reported this finding. Recommendation The Department of Social Services should strengthen internal controls over performance and special reporting for the Money Follows the Person Rebalancing Demonstration to ensure it maintains data to support figures reported to the Department of Health and Human Services. Views of Responsible Officials “The Department agrees with this finding and is taking steps to strengthen internal controls over performance monitoring and special reporting for the Money Follows the Person (MFP) Rebalancing Demonstration. DSS is implementing a secure SharePoint repository to centrally maintain, organize, and track all documentation supporting the MFP Work Plan and the MFP Semi-Annual Report.”
FEDERAL AWARD FINDING: 2025-101 The County did not develop internal control procedures over program reporting and cash management requirements, increasing risk of report errors to awarding agencies and wrongly receiving monies Cluster name: Workforce Innovation and Opportunity Act (WIOA) Cluster Assistance Listings number(s) and name(s): 17.258 WIOA Adult Program 17.259 WIOA Youth Activities 17.278 WIOA Dislocated Worker Formula Grants Award number(s) and year(s): IGA DI23-002389 July 1, 2023 through June 28, 2028 IGA DI21-002286 July 1, 2024 through June 30, 2025 Federal agency: U.S. Department of Labor Pass-through grantor(s): Arizona Department of Economic Security Compliance requirement(s): Reporting Questioned costs: Not applicable Assistance Listings number(s) and name(s): 21.027 COVID-19—Coronavirus State and Local Fiscal Recovery Funds Award number(s) and year(s): 1505-0271 March 3, 2021 through December 31, 2024 CT-FM-22-149 October 1, 2024 through September 30, 2025 SLFRFP1962 January 5, 2023 through December 31, 2026 CTR069300 January 1, 2024 through December 30, 2026 GTAW-FM-23*123 October 3, 2022 through July 3, 2026 ACJC-VC-25-001A July 1, 2024 through December 31, 2024 Federal agency: U.S. Department of the Treasury Pass-through grantor(s): Stratford Art Works; Arizona Supreme Court; Arizona Housing Coalition, Inc.; Arizona Criminal Justice Commission Compliance requirement(s): Reporting Questioned costs: Not applicable Assistance Listings number(s) and name(s): 93.268 Immunization Cooperative Agreements Award number(s) and year(s): CTR062571 July 1, 2022 through June 30, 2025 CTR059891 July 1, 2022 through June 30, 2027 Federal agency: U.S. Department of Health & Human Services Pass-through grantor(s): Arizona Department of Health Services Compliance requirement(s): Cash management and reporting Questioned costs: Not applicable Condition Contrary to federal regulation, the County’s Grants Management and Innovation Department (Department) did not develop, document, or implement internal control procedures to monitor compliance with the programs’ reporting and/or cash management requirements for the Workforce Innovation and Opportunity Act (WIOA) Cluster, Coronavirus State and Local Fiscal Recovery Funds (SLFRF) program, and Immunization Cooperative Agreements (ICA) programs. Specifically, for 13 of 17 reports we tested, we found the Department did not perform an independent review and approval of reports prior to submitting them to the federal agency or pass-through grantor to ensure the reported expenditures were accurate, agreed to the County’s records, and contained only allowable expenditures for: • 9 of 9 WIOA monthly reconciliation reports we tested. • 3 of 4 SLFRF quarterly project and expenditure reports we tested. • 1 of 4 ICA quarterly contract expenditure reports (CER) we tested. These reports are also used to request reimbursement from the federal agency. For the same 3 SLFRF reports identified above and submitted during fiscal year 2025, we found the Department did not retain documentation, such as system reports, screenshots, or queries, to support the information it reported. Despite lacking internal control procedures, we did not identify inaccurate program information for WIOA and ICA reported to the federal agency or pass-through grantor, and we did not identify any ICA costs incurred prior to requesting reimbursement. In addition, the Department did not prepare and submit timely ICA program information to the federal agency for monitoring. Specifically, for award CTR062571—the Immunization Bridge Access program, the Department failed to submit 3 quarterly CERs by their required due dates in fiscal year 2025 and instead, on August 2, 2025, submitted 1 report that contained information covering all quarterly information for fiscal year 2025. Effect Without effective internal control procedures in place, there is an increased risk that the Department may not prevent or detect and correct errors on reports it submits to federal agency and pass-through agencies, which rely on them to effectively monitor the program administration, including its compliance with program requirements, ability to prevent and detect fraud, and to evaluate the programs’ success. There is also an increased risk that the Department could receive federal monies to which it is not entitled. Further, the Department is at risk that this finding applies to other federal programs it administers. Cause The Department’s management reported that it had sometimes performed independent reviews and approvals of reports but did not maintain documentation of these independent reviews because the Department did not have a formal policy requiring a documented review and approval of its reports. In addition, the Department’s management reported that policies and procedures were not followed to retain documentation for the SLFRF reports. Further, the Department’s management reported it did not have a process to track when each ICA report was required to be completed and did not verify that reports were submitted by the designated due dates. Criteria Federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). This would include developing, documenting, and implementing internal control procedures to monitor compliance with federal agency guidelines requiring the Department to report accurate and complete information for the WIOA monthly reconciliation reports, SLFRF quarterly financial reports, and ICA quarterly contract expenditure reports. Also, federal regulation and Department retention policies require the Department to retain all records relating to a federal award for a period of 3 years from the date of its submission of the final expenditure report (2 CFR §200.334). Further, federal regulation requires the Department to submit financial reports as required by the federal award. Reports submitted quarterly are due no later than 30 calendar days after the reporting period (2 CFR §200.328). Recommendations to the Department 1. Perform and document an independent review and approval of federal program reports before submitting the reports to the federal agency to ensure the reported expenditures were accurate, agreed to the County’s records, and contained only allowable expenditures. 2. Retain detailed documentation, such as system reports, screenshots, or queries related to submitted reports to ensure accurate and complete program information is reported to the federal agency or pass-through grantor for each federal program. 3. Submit ICA reports by their quarterly due dates. 4. Follow its retention policies and procedures and federal regulation requirements to retain all records relating to a federal award for a period of 3 years from the date of its submission of the reports. Develop, document, and implement policies and procedures to monitor compliance with the programs’ reporting requirements to: 5. Perform and document an independent review and approval of federal program reports before submitting the reports to the federal agency or pass-through grantor to ensure reports are accurate, agree to County records, and contain only allowable expenditures for the applicable fiscal year. 6. Create a tracking mechanism to ensure reports are completed and submitted by their due dates. This finding is similar to prior-year finding 2024-104 that was initially reported in fiscal year 2024. Views of responsible officials County management concurs with this finding. The County’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials regarding these recommendations. We are not required to audit and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy.
Significant Deficiencies Federal Program: U.S. Department of Treasury Pass-Through from Maryland Department of Labor Major Program: Coronavirus State and Local Fiscal Recovery Funds (21.027) Finding 2025 - 002: Transactions Improperly Recorded - Allowable Costs Criteria: 2 CFR Part 200.403(e) requires that costs should be determined in accordance with generally accepted accounting principles for such charges to be allowable under federal awards. Generally accepted accounting principles require expenses to be recognized when incurred. Prepaid annual services should be recognized ratably over the contract period. In addition, 2 CFR Part 200.334 requires recipients to maintain financial records sufficient to show compliance with federal statues, regulations, and terms and conditions of the award. Condition: During our audit we identified certain transactions that were improperly expensed in their entirety in the fiscal year. Context: A review of 40 disbursements totaling $570,943 noted three transactions totaling $4,291 that were improperly expensed entirely in the current year. A portion of these transactions should have been accrued as prepaid expenses. Cause: The three invoices were not properly reviewed for the effective term of the contract. Management therefore did not consider the portion of the contract that extended into the next fiscal year to determine which amounts should have been deferred into the upcoming year. Effect: Costs could be deemed unallowable by the awarding agency if not recorded in the proper period in accordance with generally accepted accounting principles. Questioned Costs: $2,182 of known costs charged to federal awards outside of the proper period. Recommendation: We recommend that management adequately review service contracts paying particular attention to the service period. When the contract extends into the subsequent fiscal year an adjustment should be made to reclassify as a prepaid any portion of the contract that falls outside the current fiscal year end. View of Responsible Officials and Planned Corrective Action: We are in agreement with the finding and will extra care to review service invoices to ensure expenses are allocated between periods properly.
FINDING 2025-005 Subject: COVID-19 - Education Stabilization Fund - Allowable Costs/Cost Principles Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Numbers: 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Allowable Costs/Cost Principles Audit Findings: Material Weakness, Other Matters Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2023-005. INDIANA STATE BOARD OF ACCOUNTS 22 MICHIGAN CITY AREA SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Condition and Context The COVID-19 - Education Stabilization Fund (ESF) grant was established by the Coronavirus Aid, Relief and Economic Security (CARES) Act to respond to the Coronavirus outbreak and assist schools in creating healthy learning environments, return students to classrooms, and address local needs. The ESF grant was further funded by the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Act and the American Rescue Plan (ARP) Act. The School Corporation did not have effective internal controls in place over the Allowable Costs/Cost Principles compliance requirement. A sample of 13 payroll claims paid from the School Corporation's ESF grant were selected for testing. Of the sample, 6 employee pay rates could not be verified to a School Board-approved, allowable hourly pay rate for a high dosage tutor position. High dosage tutors were paid anywhere from $20 to $77 an hour. The School Corporation was unable to provide documentation that the School Board approved a pay rate for the high dosage tutor positions during the audit period. The total amount paid to high dosage tutors during the audit period was $472,354, which were considered questioned costs. In addition, the School Corporation paid a consulting firm to provide general support to the finance department. The expenditures were deemed unallowable as there was no documentation available that the consultants were assisting the School Corporation in preventing, preparing for, and responding to COVID-19. The total amount expended to the consultant during the audit period was $514,156, which were considered questioned costs. The lack of internal controls and noncompliance were isolated to the costs noted above for the ESSER II and ESSER III grants. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." INDIANA STATE BOARD OF ACCOUNTS 23 MICHIGAN CITY AREA SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. (c) Be consistent with policies and procedures that apply uniformly to both federally financed and other activities of the recipient or subrecipient. (d) Be accorded consistent treatment. For example, a cost must not be assigned to a Federal award as a direct cost if any other cost incurred for the same purpose in like circumstances has been allocated to the Federal award as an indirect cost. (e) Be determined in accordance with generally accepted accounting principles (GAAP), except, for State and local governments and Indian Tribes only, as otherwise provided for in this part. (f) Not be included as a cost or used to meet cost sharing requirements of any other federally-financed program in either the current or a prior period. See § 200.306(b). (g) Be adequately documented. See §§ 200.300 through 200.309. (h) Administrative closeout costs may be incurred until the due date of the final report(s). If incurred, these costs must be liquidated prior to the due date of the final report(s) and charged to the final budget period of the award unless otherwise specified by the Federal agency. All other costs must be incurred during the approved budget period. At its discretion, the Federal agency is authorized to waive prior written approvals to carry forward unobligated balances to subsequent budget periods. See § 200.308(g)(3). 2 CFR 200.430(i)(1) states in part: "Charges to Federal awards for salaries and wages must be based on records that accurately reflect the work performed. These records must: (i) Be supported by a system of internal control which provides reasonable assurance that the charges are accurate, allowable, and properly allocated; (ii) Be incorporated into the official records of the non-Federal entity; (iii) Reasonably reflect the total activity for which the employee is compensated by the non-Federal entity, not exceeding 100% of compensated activities (for IHE, this per the IHE's definition of IBS); . . . (vii) Support the distribution of the employee's salary or wages among specific activities or cost objectives if the employee works on more than one Federal award; a Federal award and non-Federal award; an indirect cost activity and a direct cost activity; two or more indirect activities which are allocated using different allocation bases; or an unallowable activity and a direct or indirect cost activity. . . ." INDIANA STATE BOARD OF ACCOUNTS 24 MICHIGAN CITY AREA SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) 2 CFR 200.404 states: "A cost is reasonable if, in its nature and amount, it does not exceed that which would be incurred by a prudent person under the circumstances prevailing at the time the decision was made to incur the cost. The question of reasonableness is particularly important when the non- Federal entity is predominantly federally-funded. In determining reasonableness of a given cost, consideration must be given to: (a) Whether the cost is of a type generally recognized as ordinary and necessary for the operation of the non-Federal entity or the proper and efficient performance of the Federal award. (b) The restraints or requirements imposed by such factors as: sound business practices; arm's-length bargaining; Federal, state, local, tribal, and other laws and regulations; and terms and conditions of the Federal award. (c) Market prices for comparable goods or services for the geographic area. (d) Whether the individuals concerned acted with prudence in the circumstances considering their responsibilities to the non-Federal entity, its employees, where applicable its students or membership, the public at large, and the Federal Government. (e) Whether the non-Federal entity significantly deviates from its established practices and policies regarding the incurrence of costs, which may unjustifiably increase the Federal award's cost." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Consolidated Appropriations Act, 2021, Pub. L. No. 116-260, 134 Stat. 1924 (2020) states in part: "For an additional amount for "Education Stabilization Fund".to remain available through September 30, 2022, to prevent, prepare for, and respond to coronavirus, domestically, or internationally . . ." Cause Payroll records were incomplete as the School Corporation was unable to provide documentation that all rates of pay were approved by the School Board. The School Corporation did not include the consultants above in the budget submitted as part of the grant application, and so the School Corporation did not get the required prior approval for the purchases. Effect Without proper documentation, the allowability of the ESF grant expenditures cannot be substantiated, creating a risk that unallowable costs may be charged to the federal grant. Additionally, we could not determine how the expenditures met the purpose of the program. Questioned Costs We identified $986,510 in known questioned costs as described above in the Condition and Context. INDIANA STATE BOARD OF ACCOUNTS 25 MICHIGAN CITY AREA SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Recommendation We recommend that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure rates of pay are approved by the School Board and adequately documented and that costs are allowable. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2025-001: Department of Health and Human Services - Temporary Assistance for Needy Families (TANF), Federal Assistance Listing #93.558; Pass Through Virginia Department of Social Services, Pass Through Entity Identifying Number BEN-21-054. Criteria: The Organization should have processes and procedures in place to keep and maintain client eligibility records, per 2 CFR 200.303 and 2 CFR 200.334. Condition: During our audit, we noted that the Organization was unable to locate records substantiating the eligibility of clients served. Context: During testing, the Organization was unable to find supporting eligibility records for 35 out of the 53 samples that received services as part of a federal program. The sample was not intended to be, and was not, a statistically valid sample. Cause/Effect: Internal control processes over proper maintenance of clients’ records were not operating effectively, causing documentation to not be located. Questioned Costs: $40,400 calculated based on the dollar amount submitted for reimbursement for each item tested without proper eligibility records. Identification of Repeat Finding: Repeat Finding 2024-001. Recommendation: We recommend procedures are implemented to ensure proper maintenance of client records. Views of Responsible Officials: Management agrees with the recommendation and has implemented corrective action as outlined in the corrective action plan.
2025-002: Department of Health and Human Services - Temporary Assistance for Needy Families (TANF), Federal Assistance Listing # 93.558; Pass Through Virginia Department of Social Services, Pass Through Entity Identifying Number BEN-21-054. Criteria: The Organization should have effective policies and procedures in place to ensure there is proper documentation supporting funds were used in compliance with the federal award, per 2 CFR 200.303 and 2 CFR 200.334. Condition: During our audit, it was noted that there was not an effective process in place to keep and maintain the required records to support pay-for-performance outputs and outcomes. Context: The Organization was unable to provide documentation supporting the allowability of 7 of the 52 samples selected for testing. Cause/Effect: Internal control processes over maintenance of records supporting pay-for-performance outcomes and outputs were not operating effectively from July 2024 through June 2025. Questioned Costs: $7,200 calculated based on the dollar amount submitted for reimbursement for each item tested without proper records supporting the required outcome or output was met. Identification of Repeat Finding: 2024-002 Recommendation: We recommend that the Organization implements a review process to ensure that documentation is retained to support pay-for-performance outputs and outcomes submitted to the grantor. Views of Responsible Officials: Management agrees with the recommendation and has implemented corrective action as outlined in the corrective action plan.
2025-003: Department of Health and Human Services - Temporary Assistance for Needy Families (TANF), Federal Assistance Listing #93.558; Pass Through Fairfax County, Pass Through Entity Identifying Number 4400012652. Criteria: The Organization should have processes and procedures in place to keep and maintain client eligibility records, per 2 CFR 200.303 and 2 CFR 200.334. Condition: During our audit, we noted that the Organization was not performing procedures to ensure eligibility of clients participating in the program and thus were unable to locate records substantiating the eligibility of clients served. Context: During testing, the Organization was unable to support eligibility for 7 out of the 7 samples that received services as part of a federal program. The sample was not intended to be, and was not, a statistically valid sample. Cause/Effect: Internal control processes over proper processes for eligibility and maintenance of clients’ records were not operating effectively, causing documentation to not be located. Questioned Costs: Unknown. Identification of Repeat Finding: N/A Recommendation: We recommend procedures are implemented to ensure only eligible clients participate in the federal program and client records are maintained. Views of Responsible Officials: Management agrees with the recommendation and has implemented corrective action as outlined in the corrective action plan.
FINDING 2024-002 Subject: Economic Development Cluster - Reporting Federal Agency: Department of Commerce Federal Program: Economic Adjustment Assistance Assistance Listings Number: 11.307 Federal Award Number and Year (or Other Identifying Number): 06-79-06420 Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Condition and Context An effective system of internal controls was not in place at the City in order to ensure compliance with the grant agreement and the reporting compliance requirement. The grant agreement for the City's construction project states that the City is to submit a Federal Financial Report (SF-425) on a semi-annual basis. The SF-425 report includes, among other line items: cash receipts, cash disbursements, cash on hand, total federal funds authorized, and total recipient share required. Both of the submitted SF-425 reports were tested. Additionally, the City was required to submit progress reports on a quarterly basis. Two of the quarterly reports were selected for testing. Both the SF-425 reports and the quarterly progress reports were prepared and submitted by one employee of the City. Evidence of an established internal control over the reports tested was not available for audit. The data submitted in the SF-425 report submitted by the City for the reporting period ending on September 30, 2024, contained the following errors: Cash receipts were understated by $1,037,155. INDIANA STATE BOARD OF ACCOUNTS 19 CITY OF KOKOMO SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Cash disbursements were understated by $1,037,155. The lack of internal controls and noncompliance was isolated to the award 06-79-06420, EDA-Davis Road construction project. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following (see §§ 200.334, 200.335, 200.336, and 200.337): (1) Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, Federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any. (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. . . . (3) Records that identify adequately the source and application of funds for federallyfunded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." Cause Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the City's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. The errors were due to federal reimbursements not being included as cash receipts and cash disbursements in the SF-425 reports. INDIANA STATE BOARD OF ACCOUNTS 20 CITY OF KOKOMO SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Effect Without the proper implementation of an effectively designed system of internal controls over reporting, the City could not ensure that the reports submitted were accurate. In addition, not meeting the Economic Development Cluster reporting requirements increases the likelihood that the public will not have access to transparent and accurate information regarding expenditures of federal awards. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the City. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the City design and implement a proper system of internal controls, including policies and procedures, to ensure that the City provides the Department of Commerce with complete and accurate information for the SF-425 and quarterly reports. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
#2024-005 – Major Federal Award Finding – Reporting; Procurement and Suspension and Debarment Nature of Finding: Reporting and Procurement, Maintenance of Documentation/Records – Compliance Finding and Significant Deficiency in Internal Control over Compliance Criteria/Condition: Documentation was not maintained to support financial data provided in reports submitted to the funding source. Documentation was also not maintained to support certain procurement procedures. Per 2 CFR 200.334, financial records and supporting documentation must be maintained for three years from the date of the final financial report. Per 2 CFR 200.318(i), recipients must maintain records sufficient to detail the history of each procurement transaction, including (among other items) rationale for contractor selection or rejection. Cause/Context: The following activities did not have supporting documentation: • Expenditure balances reported to the State of Michigan in quarterly reports were not amended or reconciled to the final accounting records for each reporting period. The accounting periods were impacted by various transactions between the dates of the grant expenditure reports and the close of the respective period financial statement. • Performance of contractor/vendor suspension and debarment search on SAM.gov. Effect: Evidence to support a reconciliation between reports submitted to a funding source and the general ledger is not readily available. Evidence to support that the appropriate contractor/vendor vetting process was conducted is not available. Recommendation: The Organization should produce and maintain supporting documentation for all reports submitted to funding sources, including information to reconcile reports to the final financial statements for the respective period and resolution of any reporting differences with the funding agency. We also recommend that the Organization maintain all documentation to support the decision process associated with procurement. Views of Responsible Officials and Planned Corrective Actions: All procurement following the adoption of the procurement policy have been done in alignment with the policy. We also introduced procurement “kickoff meetings’ for new grants to review each budget line, determine the correct procurement method and plan documentation. All vendors now have debarment searches in their QuickBooks vendor information tab.
Support for Employee Reimbursement Transactions – Allowable Costs Criteria: 2 CFR Part 200.403(g) requires that costs should be adequately documented to support the nature and amount of a transaction for such charges to be allowable under federal awards. In addition, 2 CFR Part 200.334 requires recipients to maintain financial records sufficient to show compliance with federal statues, regulations, and terms and conditions of the award. Condition: During our audit we identified certain transactions without adequate documentation. Context: A review of 23 disbursements totaling $90,636 noted 2 requests for mileage reimbursement that were not supported. Cause: Supporting calculations and documents were not obtained from employees requesting mileage reimbursements. Effect: Costs could be deemed unallowable by the awarding agency if not properly substantiated. Questioned Costs: $141 of known costs charged to federal awards without adequate documentation. The estimation of possible additional questioned costs is $1,302. Recommendation: We recommend the Organization reiterate its policy to employees to provide supporting calculations and documents when requesting reimbursement for business expenses prior to making payment. View of Responsible Officials and Planned Corrective Action: We are in agreement with the finding and will reinforce our policies on reimbursements.
Finding number:2024-004 AL number:10.561 and 21.027 AL title:Supplemental Nutrition Assistance Program and Coronavirus State and Local Fiscal Recovery Funds Name of federal agency:U.S. Department of Agriculture and U.S. Department of Treasury Repeat Finding: No Criteria:The Code of Federal Regulations 2 CFR 200.344 states, "the recipient and subrecipient must retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to, financial records, supporting documentation, and statistical records. Condition:During audit testing, it was noted that the Organization had charged expenditures to a federal grant without obtaining or retaining the appropriate underlying support for the transactions. The absence of this documentation represents a failure to meet the record retention and documentation standards required under federal regulations. This gap in documentation undermines the audit trail and raises concerns about the eligibility and allowability of the expenditures. Cause:The deficiency was attributed to ineffective internal controls over the documentation and review process for grant-related disbursements. Specifically, the Organization's formalized procedure was not effectively operating to ensure all expenditures submitted for reimbursement were supported by current and complete documentation. This control lapse allowed unsupported expenditures to be processed without adequate scrutiny. Effect or potential effect:Without proper documentation, the expenditures submitted for reimbursement may be deemed ineligible under federal cost principles. This could result in: - Disallowed costs during audit or federal review, - Reimbursement delays or denials, and - Potential reputational risk or future funding implications.Although no questioned costs were identified, the lack of documentation exposes the Organization to future audit findings and financial risk. Questioned Cost: None Recommendation:We recommend the Organization strengthen its internal controls by implementing a formal documentation review protocol for all expenditures submitted for federal reimbursement. This protocol should include: - Verification that current and complete supporting documentation (e.g., lease agreements, contracts, signed affidavits from participants, etc.) is retained and reviewed prior to submission. - Integration of this review into the monthly and year-end close processes to ensure compliance with 2 CPR§ 200.334 and§ 200.403. - Staff training on federal documentation standards and the importance of maintaining a robust audit trail.By ensuring that all expenses are properly supported, the Organization will enhance compliance, reduce audit risk, and uphold the integrity of its financial reporting. Views of responsible officials:Management agrees with the finding. Management has reinforced the effective execution of existing controls around proper documentation of all expenditures and record retention for these expenditures. Monthly and year-end procedures have been updated to ensure compliance with these procedures.
Finding 2024-002 Lack of Supporting Documentation for Disbursements (Including Credit Card Transactions) Condition: During our testing of disbursements, including credit card transactions, we identified several instances where supporting invoices or receipts were missing or incomplete. In these cases, the organization was unable to provide sufficient documentation to substantiate the nature, purpose, or business justification of the expenditures charged to federal programs. Criteria: The Uniform Guidance requires that costs charged to federal awards be necessary, reasonable, allocable, and adequately documented. Specifically, §200.403(g) states that a cost is allowable only if it is adequately documented, and §200.302(b)(3) requires recipients to maintain records that identify the source and application of funds for federally funded activities.Questioned Costs: The total questioned costs cannot be determined due to lack of adequate supporting documentation.Cause: This issue occurred due to inadequate internal controls over the documentation and retention of support for disbursements. Management has not fully implemented procedures to ensure all expenditures are properly supported before being approved or charged to a federal program.Effect: Without proper supporting documentation, there is an increased risk that unallowable or unsupported costs were charged to the federal award. This condition could result in repayment of disallowed costs, noncompliance with the Uniform Guidance, and potential impact on future federal funding.Recommendation: We recommend that management: 1. Implement a formal written policy requiring original invoices or receipts to be obtained and reviewed for every disbursement, including credit card purchases, prior to payment or cost allocation to a federal award. 2. Ensure that documentation is reviewed and approved by an individual independent of the preparer or cardholder. 3. Maintain supporting documentation in accordance with the record retention requirements of 2 CFR §200.334. 4. Provide staff training on the documentation requirements for allowable costs under the Uniform Guidance.Views of Responsible Officials: We concur with this finding. The organization acknowledges that complete documentation is essential to substantiate the nature, purpose, and justification of all expenditures, particularly those funded by federal awards.
Condition and Context: During our audit of the Public Safety Partnership and Community Policing Grant (CFDA 16.710), we were unable to obtain a copy of the required SF-425 (Federal Financial Report) submitted by the County. Criteria: Per 2 CFR 200.334, Non-Federal entities other than States, including those operating Federal programs as subrecipients of States, must retain financial records, supporting documents, and reports pertinent to federal awards for a period of three years from the date of submission of the final expenditure report. In addition, 2 CFR 200.327 and 200.328 require recipients to submit required financial reports, including the SF-425, to demonstrate accountability for grant expenditures. Cause: The County does not have adequate recordkeeping procedures in place to ensure that copies of all submitted federal reports, including the SF-425, are retained and available for audit. Effect: The inability to provide the SF-425 limited our ability to verify compliance with federal reporting requirements. Lack of adequate documentation may result in questioned costs, affect the granting agency’s ability to monitor the use of federal funds, and may place the County at risk of administrative findings in future audits. Recommendation: We recommend that the County implement procedures to ensure that copies of all required federal reports are retained in accordance with federal record retention requirements and made available for audit purposes. Views of Responsible Officials and Planned Corrective Actions: Management agrees with the finding and will establish procedures to ensure that all required federal reports are retained and readily available for future monitoring and audits.
Inadequate Record Retention and Documentation for Federal Expenditures Material Weakness Department of the Treasury Passed through City of Indianapolis and Marion County, Indiana, by and through its Office of Public Health and Safety Passed through Indiana Family and Social Services Administration Passed through The Indianapolis Foundation ALN #: 21.027 COVID-19 Coronavirus State and Local Fiscal Recovery Funds Federal Award Identification #: 19FG-ARYthMedia-1, 43758, and 66867 Condition: During Fiscal Year 2024, the Organization did not retain sufficient documentation to support certain federal expenditures, as required by the record retention requirements of 2 CFR 200.334. Criteria: 2 CFR 200.334 Questioned Costs: $0 (see context) Context: Out of seven invoices tested, three did not have adequate supporting documentation for certain expenses. In addition, one invoice lacked evidence of review and approval prior to submission to the grantor. Specifically: • For an invoice tested under federal award identification number 19FG-ARYthMedia-1, the Organization was unable to locate support for $1,093 of the expenses billed. Additionally, the Organization underbilled $1,994 of other allowable costs, resulting in no net questioned costs. • For an invoice tested under federal award identification number 43758, the Organization was unable to locate support for certain expenses included on the invoice. However, the supporting documentation obtained exceeded the amount billed; therefore, there were no questioned costs. • For an invoice tested under federal award identification number 66867, the Organization was unable to locate support for $942 of the expenses billed. The Organization also underbilled $1,404 of other allowable costs, resulting in no net questioned costs. In addition, this invoice lacked evidence of appropriate review and approval. Overall, while unsupported costs were noted within individual invoices tested, the Organization incurred allowable expenditures in excess of the amounts billed under the program. Accordingly, no net questioned costs were identified. Cause: Transition in accounting team. Effect: Lack of adequate recordkeeping can result in being required to return cash to the grantor. Identification as repeat finding, if applicable: Yes, 2023-003 Recommendation: We recommend the Organization implement a standardized recordkeeping system for all federal award expenditures that complies with the requirements of the Uniform Guidance. Views of Responsible Officials and Planned Corrective Action: Management agrees with the finding. See corrective action plan.
Finding 2024-005 - Reporting Federal Award Information: Federal Agency: U.S. Department of Health and Human Services Pass-Through Entity: Texas Department of Housing and Community Affairs Assistance Listing Number (ALN): 93.568 Federal Program Name: Low-Income Home Energy Assistance Type of Finding: Material Weakness in Internal Control Over Compliance Reporting Compliance Requirement No Questioned Costs Criteria: Under 2 CFR 200.303, the Organization is required to establish and maintain effective internal control over Federal awards that provides reasonable assurance of compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. Additionally, 2 CFR 200.302(a) requires that the financial management system provide accurate, current, and complete disclosure of the financial results of each Federal award. Further, 2 CFR 200.334 requires financial records, supporting documents, statistical records, and all other records pertinent to a Federal award be retained to support amounts reported. The OMB Compliance Supplement identifies Reporting as a compliance requirement for this program and requires that financial reports be supported by underlying accounting records and subject to appropriate review prior to submission. Condition: During our audit, we noted that financial reports submitted to the Federal awarding agency were not consistently supported by retained documentation demonstrating how reported amounts were calculated. In addition, there was no documented evidence of supervisory review or approval of the reports prior to submission. During interim testing of reports, we noted that certain periodic financial reports submitted to the pass-through entity did not reconcile to the Organization’s general ledger at the time of submission. The variances were attributable to journal entries, voided checks, and other posting adjustments recorded after report submission. While cumulative and final reports ultimately agreed to the Organization’s accounting records and no amended reports were required, documentation reconciling the differences at the time of submission was not retained. documentation was retained for amounts reported to the Federal awarding agency or to require documented supervisory review of reports prior to submission. Effect or Potential Effect: The absence of supporting documentation and independent review increases the risk that inaccurate, incomplete, or unsupported information could be reported to the Federal awarding agency and not be detected in a timely manner. Although no questioned costs were identified as a result of our audit procedures, this deficiency creates a reasonable possibility that material noncompliance with reporting requirements could occur and not be prevented or detected on a timely basis. Questioned Costs: None. Repeat Finding: This is not a repeat finding. Recommendation: We recommend that management implement procedures to: Retain supporting documentation for all amounts reported to Federal awarding agencies, including reconciliations to the general ledger; Require documented supervisory review and approval of reports prior to submission; and Ensure that adjustments occurring after report submission are documented and, when necessary, corrected through revised reporting. Views of Responsible Officials and Planned Corrective Action: Management acknowledged that supporting documentation was not consistently retained and that supervisory review was not formally documented. Management has indicated that procedures will be implemented to ensure reports are reconciled to accounting records, properly supported, and reviewed prior to submission.
Cash Management Grantor: Department of Health and Human Services Pass Through Entity: Advanced Regenerative Manufacturing Institute, Inc. Award Name: Hospital Preparedness Program (HPP) Ebola Preparedness and Response Activities Award Number: IDSEP22005-003 Assistance Listing Number: 93.817 Award Year: June 1, 2023-September 30, 2023 Criteria In accordance with 2 CFR 200.305 (b)(3), reimbursement is the preferred method when the requirements in paragraph (b) cannot be met, when the Federal awarding agency sets a specific condition per 2 CFR 200.208, or when the non-Federal entity requests payment by reimbursement. In accordance with 2 CFR 200.334 (c) and (e), a subrecipient must liquidate all financial obligations incurred under a subaward no later than 90 calendar days after the conclusion of the period of performance of the subaward (or an earlier date as agreed upon by the pass-through entity and subrecipient). The subrecipient must promptly refund any unobligated funds that the pass-through entity paid and that are not authorized to be retained. Condition In testing the period of performance compliance requirement in accordance with the OMB Compliance Supplement, we requested support for the expenditures on the FY2024 Schedule of Federal Awards, as they were outside of the period of performance of the subaward, which ended September 30, 2023. The Company issued an invoice to Advanced Regenerative Manufacturing Institute, the Prime awardee, for $215,192 on September 14, 2023, but did not incur those expenses until after the period of performance of the subaward. Therefore, the Company requested and received the funds in advance of incurring the expenses. Further, the Company did not liquidate its obligations under the subaward within the required 90 calendar days after the conclusion of the performance of the subaward, as expenditures were recorded through August 2024. There were no terms in the award that allowed retention of unused funds. Cause The grant personnel were not aware of the invoicing requirements under the reimbursement method and invoiced the Prime awardee in advance of incurring the associated costs. Effect Federal funds were obtained in advance of incurring costs and outside of the period of performance of the subaward. Questioned Costs $215,192 Recommendation We recommend that the Company return the advance funds received to the Prime. Further, the Company should consider the need for clarifying and/or enhancing existing internal control procedures to ensure expenditures are paid in compliance with Federal reimbursement requirements and that requests for reimbursement are reviewed and validated against supporting documentation to identify any discrepancies prior to requesting reimbursement. Management’s Views and Corrective Action Plan Management’s Views and Corrective Action Plan are included at the end of this report after the summary schedule of prior audit findings and status.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.