Missing Required Moving to Work (MTW) Demonstration Program Documentation (ALN 14.881) Condition: During our review of the Authority's administration of the MTW Program, the Authority was unable to provide a copy of its Annual Contributions Contract (ACC), which serves as the foundational agreement between the Authority and HUD for the receipt and use of federal funds. Criteria: Under 2 CFR §200.302 and §200.334, non-Federal entities must maintain effective control over and access to records that support compliance with federal program requirements. The MTW Operations Notice (85 FR 10232) and the Authority's MTW ACC Amendment require that the PHA maintain and certify compliance with its MTW Plan and statutory objectives. The ACC establishes the legal basis for receiving and administering MTW-related federal funds. Cause: The Authority did not have adequate internal procedures to ensure that foundational program documents were retained, tracked, and made available for audit and oversight purposes. Effect: The absence of the Annual Contributions Contract (ACC) impairs verification of the Authority's legal authority to receive and administer HUD funds under the MTW program and may result in HUD compliance findings, delayed approvals, or other administrative sanctions. Questioned Costs: None Recommendation: The Authority should obtain and retain a copy of its executed ACC for audit and HUD monitoring purposes and establish or strengthen internal controls to track and retain all required MTW program records and certifications in accordance with HUD guidance and federal record retention requirements. Reply and Corrective Action Plan: The Authority will locate and archive its Annual Contributions Contract (ACC) to ensure compliance with HUD documentation requirements.
Missing Required Moving to Work (MTW) Demonstration Program Documentation (ALN 14.881) Condition: During our review of the Authority's administration of the MTW Program, the Authority was unable to provide a copy of its Annual Contributions Contract (ACC), which serves as the foundational agreement between the Authority and HUD for the receipt and use of federal funds. Criteria: Under 2 CFR §200.302 and §200.334, non-Federal entities must maintain effective control over and access to records that support compliance with federal program requirements. The MTW Operations Notice (85 FR 10232) and the Authority's MTW ACC Amendment require that the PHA maintain and certify compliance with its MTW Plan and statutory objectives. The ACC establishes the legal basis for receiving and administering MTW-related federal funds. Cause: The Authority did not have adequate internal procedures to ensure that foundational program documents were retained, tracked, and made available for audit and oversight purposes. Effect: The absence of the Annual Contributions Contract (ACC) impairs verification of the Authority's legal authority to receive and administer HUD funds under the MTW program and may result in HUD compliance findings, delayed approvals, or other administrative sanctions. Questioned Costs: None Recommendation: The Authority should obtain and retain a copy of its executed ACC for audit and HUD monitoring purposes and establish or strengthen internal controls to track and retain all required MTW program records and certifications in accordance with HUD guidance and federal record retention requirements. Reply and Corrective Action Plan: To address missing foundational documentation, the Authority will locate and archive its Annual Contributions Contract (ACC), the required supplement to the annual MTW Plan, the HUD-issued approval letter for the supplement, and complete the MTW Certification of Compliance for the most recent fiscal year.
U.S. Department of Health and Human Services - 93.432 Center for Independent Living 2024-007 Missing Supporting Documentation for Federal Reimbursement Claims Criteria: Per 2 CFR §200.333 (now §200.334), financial records, supporting documents, statistical records, and all other records pertinent to a federal award must be retained for a period of three years from the date of submission of the final expenditure report. Furthermore, 2 CFR §200.302(b)(3) requires recipients to maintain records that adequately identify the source and application of funds for federally funded activities. Condition: During our audit of the Centers for Independent Living funded by the U.S. Department of Health and Human Services, we noted that the League did not retain adequate supporting documentation for reimbursement claims submitted during the year. Specifically, for October - December 2023 reimbursement claims tested, the actual claim forms submitted to the funding agency were missing. Cause: The missing documentation appears to have resulted from an inadequate document retention process and a lack of oversight in ensuring that federal claim records were properly filed and stored. Effect: The absence of supporting documentation for submitted claims limits the League’s ability to demonstrate compliance with federal requirements and increases the risk of questioned costs. It also impairs transparency and accountability for federal funds. Questioned Costs: $118,023 for October – December 2023 claims. Recommendation: We recommend the League strengthen its grant management procedures by implementing a centralized tracking system for grant expenditures and claims. Staff responsible for managing grants should receive training on claiming procedures and grant deadlines, and a periodic review of unclaimed eligible expenditures should be performed to ensure timely reimbursement. Views of Responsible Officials and Planned Corrective Actions: See corrective action plan on page 50.
Cash Management Grantor: Department of Health and Human Services Pass Through Entity: Advanced Regenerative Manufacturing Institute, Inc. Award Name: Hospital Preparedness Program (HPP) Ebola Preparedness and Response Activities Award Number: IDSEP22005-003 Assistance Listing Number: 93.817 Award Year: June 1, 2023-September 30, 2023 Criteria In accordance with 2 CFR 200.305 (b)(3), reimbursement is the preferred method when the requirements in paragraph (b) cannot be met, when the Federal awarding agency sets a specific condition per 2 CFR 200.208, or when the non-Federal entity requests payment by reimbursement. In accordance with 2 CFR 200.334 (c) and (e), a subrecipient must liquidate all financial obligations incurred under a subaward no later than 90 calendar days after the conclusion of the period of performance of the subaward (or an earlier date as agreed upon by the pass-through entity and subrecipient). The subrecipient must promptly refund any unobligated funds that the pass-through entity paid and that are not authorized to be retained. Condition In testing the period of performance compliance requirement in accordance with the OMB Compliance Supplement, we requested support for the expenditures on the FY2024 Schedule of Federal Awards, as they were outside of the period of performance of the subaward, which ended September 30, 2023. The Company issued an invoice to Advanced Regenerative Manufacturing Institute, the Prime awardee, for $215,192 on September 14, 2023, but did not incur those expenses until after the period of performance of the subaward. Therefore, the Company requested and received the funds in advance of incurring the expenses. Further, the Company did not liquidate its obligations under the subaward within the required 90 calendar days after the conclusion of the performance of the subaward, as expenditures were recorded through August 2024. There were no terms in the award that allowed retention of unused funds. Cause The grant personnel were not aware of the invoicing requirements under the reimbursement method and invoiced the Prime awardee in advance of incurring the associated costs. Effect Federal funds were obtained in advance of incurring costs and outside of the period of performance of the subaward. Questioned Costs $215,192 Recommendation We recommend that the Company return the advance funds received to the Prime. Further, the Company should consider the need for clarifying and/or enhancing existing internal control procedures to ensure expenditures are paid in compliance with Federal reimbursement requirements and that requests for reimbursement are reviewed and validated against supporting documentation to identify any discrepancies prior to requesting reimbursement. Management’s Views and Corrective Action Plan Management’s Views and Corrective Action Plan are included at the end of this report after the summary schedule of prior audit findings and status.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
FINDING 2024-002 Bridges Interface Controls See Schedule of Findings and Questioned Costs for chart/table. Background The Michigan Department of Health and Human Services (MDHHS) uses the Bridges Integrated Automated Eligibility Determination System* (Bridges) for determining eligibility and benefit amounts for food assistance, cash assistance, child care assistance, medical assistance, and emergency assistance programs. MDHHS and the Department of Technology, Management, and Budget (DTMB) are jointly responsible for maintenance and operation of Bridges. Condition DTMB did not always ensure its interface controls over the Bridges data exchanges were operating as prescribed. We noted DTMB did not ensure the file control and batch summary tables used to reconcile Bridges interfaces consistently represented control totals of information processed for 2 of the 8 interfaces sampled. For these 2 interfaces, we sampled 28 daily and monthly files and noted 7 (25%) files did not reconcile. Criteria Federal regulations 2 CFR 200.303 and 45 CFR 75.303 require the auditee to establish and maintain effective internal control over federal awards that provides reasonable assurance the auditee is managing federal awards in compliance with federal statutes, regulations, and the terms and conditions of federal awards. According to State of Michigan Administrative Guide to State Government policy 1340.00, security controls must be implemented to protect State of Michigan information from modification to ensure confidentiality, integrity, and availability of State of Michigan information. In addition, the U.S. Government Accountability Office's (GAO's) Federal Information System Controls Audit Manual* (FISCAM) recommends interface controls be established and implemented to reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Also, effective interface reconciliation procedures should include the use of control totals, records, counts, and other logging techniques. Cause DTMB informed us because of a coding issue, record counts were either not logged or inappropriately duplicated and the exceptions were not caught during development. Effect DTMB's weakness in maintaining sufficient internal control over federal program compliance could result in noncompliance not being detected or corrected in a timely manner. Known Questioned Costs None. Recommendation We recommend DTMB ensure its interface controls over Bridges data exchanges are operating as prescribed. Management Views DTMB disagrees with the condition and the effect of the OAG's finding. The OAG sampled 85 total files across 8 interfaces. Of these, 7 appeared to present issues. For 5 of the sampled files, detailed exception results no longer existed. DTMB maintains summary tables for 10 years and purges detailed exception records at the beginning of each calendar year for anything older than 12 months. This purge process was communicated to the OAG during the fiscal year 2022 audit, and sampling was performed prior to purging for the fiscal year 2023 audit. When informed that the sample included files for which the detailed exception records had been purged, the OAG requested DTMB run a simulation processing of the original interface file in a testing environment to recreate detailed exception records. DTMB's technical teams informed the OAG that rerunning in the current test environment would likely differ from the original results due to code changes that occurred in the test environment subsequent to when the original interface files were run in production. The OAG requested DTMB to proceed with rerunning the files in the current test environment. As a result, the OAG identified 5 instances where the detailed exception records from the simulation in the test environment did not exactly match the summary table from the original production interface results. For the 2 remaining files out of 85 (2.4 percent) that were cited, it should be clarified that the reconciliation being discussed is not data that was lost or misplaced between systems, but reconciliation of 2 exceptions correctly logged and correctly not counted in a summary report because they were alerts during processing, not errors that would be forwarded for review. These results do not present a significant deficiency in the ability of MDHHS to review the detailed exceptions. Also, these 2 records are insignificant when compared to the 11.6 million records processed in the 85 sampled files (0.000001 percent). Therefore, the current controls are reasonable to ensure that data processed from the source system to the receiving system is processed accurately, completely, and timely. Auditor's Comments to Management Views* Contrary to DTMB's views, it would not be appropriate to combine the results of all the subsampled interface files to determine if the auditee appropriately reconciled the 8 sampled interfaces because the frequency of interfaces occurs at different intervals. Doing so would minimize the errors noted in less frequent interface intervals when compared with more frequent interface intervals. Also, the significance of an interface is not dependent on the frequency of the interface's interval but the purpose for the interface regardless of the frequency interval. Federal regulations 2 CFR 200.334 and 45 CFR 75.361 require the auditee to retain records pertinent to a federal award for a period of three years from the submission date of the respective financial report as reported to the awarding agency. The sampled interfaces included subsampled dates throughout the audit period which falls within the required three-year retention period. Therefore, DTMB should have maintained sufficient documentation or maintained it in a manner to allow for replication of the purged files to support controls operated effectively throughout the audit period. DTMB was not able to provide documentation to support the 2 files cited in its response were alerts and not reconciling errors. Also, DTMB did not provide documentation it timely reviewed the interface exceptions. In addition, we determined the errors occurred on multiple daily and monthly files. Contrary to DTMB's views, interface controls are established at a specific data file level and not based on the total number of records or errors identified over a series of data file transfers. Therefore, the percentage of records in error does not prove the interface controls reasonably ensure data transferred from a source system to a receiving system is processed accurately, completely, and timely. Therefore, the finding stands as written.
Missing Required Moving to Work (MTW) Demonstration Program Documentation (ALN 14.881) Condition: During our review of the Authority's administration of the MTW Program, the Authority was unable to provide a copy of its Annual Contributions Contract (ACC), which serves as the foundational agreement between the Authority and HUD for the receipt and use of federal funds. Criteria: Under 2 CFR §200.302 and §200.334, non-Federal entities must maintain effective control over and access to records that support compliance with federal program requirements. The MTW Operations Notice (85 FR 10232) and the Authority's MTW ACC Amendment require that the PHA maintain and certify compliance with its MTW Plan and statutory objectives. The ACC establishes the legal basis for receiving and administering MTW-related federal funds. Cause: The Authority did not have adequate internal procedures to ensure that foundational program documents were retained, tracked, and made available for audit and oversight purposes. Effect: The absence of the Annual Contributions Contract (ACC) impairs verification of the Authority's legal authority to receive and administer HUD funds under the MTW program and may result in HUD compliance findings, delayed approvals, or other administrative sanctions. Questioned Costs: None Recommendation: The Authority should obtain and retain a copy of its executed ACC for audit and HUD monitoring purposes and establish or strengthen internal controls to track and retain all required MTW program records and certifications in accordance with HUD guidance and federal record retention requirements. Reply and Corrective Action Plan: The Authority will locate and archive its Annual Contributions Contract (ACC) to ensure compliance with HUD documentation requirements.
Missing Required Moving to Work (MTW) Demonstration Program Documentation (ALN 14.881) Condition: During our review of the Authority's administration of the MTW Program, the Authority was unable to provide a copy of its Annual Contributions Contract (ACC), which serves as the foundational agreement between the Authority and HUD for the receipt and use of federal funds. Criteria: Under 2 CFR §200.302 and §200.334, non-Federal entities must maintain effective control over and access to records that support compliance with federal program requirements. The MTW Operations Notice (85 FR 10232) and the Authority's MTW ACC Amendment require that the PHA maintain and certify compliance with its MTW Plan and statutory objectives. The ACC establishes the legal basis for receiving and administering MTW-related federal funds. Cause: The Authority did not have adequate internal procedures to ensure that foundational program documents were retained, tracked, and made available for audit and oversight purposes. Effect: The absence of the Annual Contributions Contract (ACC) impairs verification of the Authority's legal authority to receive and administer HUD funds under the MTW program and may result in HUD compliance findings, delayed approvals, or other administrative sanctions. Questioned Costs: None Recommendation: The Authority should obtain and retain a copy of its executed ACC for audit and HUD monitoring purposes and establish or strengthen internal controls to track and retain all required MTW program records and certifications in accordance with HUD guidance and federal record retention requirements. Reply and Corrective Action Plan: To address missing foundational documentation, the Authority will locate and archive its Annual Contributions Contract (ACC), the required supplement to the annual MTW Plan, the HUD-issued approval letter for the supplement, and complete the MTW Certification of Compliance for the most recent fiscal year.
U.S. Department of Health and Human Services - 93.432 Center for Independent Living 2024-007 Missing Supporting Documentation for Federal Reimbursement Claims Criteria: Per 2 CFR §200.333 (now §200.334), financial records, supporting documents, statistical records, and all other records pertinent to a federal award must be retained for a period of three years from the date of submission of the final expenditure report. Furthermore, 2 CFR §200.302(b)(3) requires recipients to maintain records that adequately identify the source and application of funds for federally funded activities. Condition: During our audit of the Centers for Independent Living funded by the U.S. Department of Health and Human Services, we noted that the League did not retain adequate supporting documentation for reimbursement claims submitted during the year. Specifically, for October - December 2023 reimbursement claims tested, the actual claim forms submitted to the funding agency were missing. Cause: The missing documentation appears to have resulted from an inadequate document retention process and a lack of oversight in ensuring that federal claim records were properly filed and stored. Effect: The absence of supporting documentation for submitted claims limits the League’s ability to demonstrate compliance with federal requirements and increases the risk of questioned costs. It also impairs transparency and accountability for federal funds. Questioned Costs: $118,023 for October – December 2023 claims. Recommendation: We recommend the League strengthen its grant management procedures by implementing a centralized tracking system for grant expenditures and claims. Staff responsible for managing grants should receive training on claiming procedures and grant deadlines, and a periodic review of unclaimed eligible expenditures should be performed to ensure timely reimbursement. Views of Responsible Officials and Planned Corrective Actions: See corrective action plan on page 50.
U.S. Department of Health and Human Services Program Name: Maternal and Child Health Services Block Grant Federal Assistance Listing Number: 93.994 Significant Deficiency, Nonmaterial Noncompliance - Reporting Finding 2024-006 Criteria or Specific Requirement: Per Section 200.303 of the Uniform Grant Guidance, a non-federal entity must establish and maintain effective internal control over the federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. Per 2 CFR 200.334 the recipient must retain all Federal award records for three years from the date of submission of their final financial report. Condition: During the audit we tested 13 reports and noted the following: a) There were four (4) instances out of 13 reports tested where the submitted reports were unable to be provided, including the date of submission for the reports. b) There were 10 instances out of 13 reports tested where the County was unable to provide evidence the report was reviewed prior to submission. Questioned Costs: None. Effect: By not having the required documentation and underlying support, the County is not able to demonstrate compliance with the applicable requirements. Cause: The County did not have a formal policy to ensure documentation was retained to evidence review and submission of all reports. Recommendation: The County should consider creating a formalized policy to require all submitted reports and underlying data are retained in accordance with the Uniform Grant Guidance requirements. Views of Responsible Officials: Management agrees with the finding and is implementing procedures to correct this which is further discussed in the Corrective Action Plan. Corrective Action Plan: See Corrective Action Plan prepared by the County.
Federal Agency: U.S. Department of Education Federal Program Name: Elementary and Secondary School Relief Fund Assistance Listing Number: 84.425D, 84.425U Federal Award Identification Number and Year: S425D210044 Federal Award Date 1/6/2021, S425U210044 Federal Award Date 12/6/2021 and 3/13/2020 Pass-Through Agency: Wisconsin Department of Public Instruction Pass-Through Number(s): 2022-714508-DPI-ESSERFII-163, 2022-714508-DPI-ESSERFIII-165, 2024-714508-DPI-LETRS-165 Award Period: July 1, 2023 – June 30, 2024 Type of Finding: Material Weakness in Internal Control over Compliance and Other Matter Criteria or Specific Requirement: 2 CFR 200.334 states that "The recipient and subrecipient must retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to, financial records, supporting documentation, and statistical records." Segregation of duties is an internal control intended to prevent or decrease the occurrence of errors or intentional fraud. Segregation of duties ensures that no single employee has control over all phases of a transaction. Condition: The District is required to file an annual report for ESSER. The supporting documentation used to enter the data into the reporting portal was not maintained and there was no review of the data entered into the form by someone other than the preparer. Accordingly, this does not allow for a proper segregation of duties for internal control purposes. Questioned Costs: None. Context: While performing audit procedures, it was noted that there was no review of the report completed by the finance director by someone else. The supporting documents used to complete the report was not retained by the District. Cause: The lack of segregation of duties is due to the limited number of employees and the size of the District’s operations. Effect: Errors or intentional fraud could occur and not be detected timely by other employees in the normal course of their responsibilities as a result of the lack of segregation of duties. Repeat Finding: No. Recommendation: We recommend the District review its grant reporting processes and implement internal controls to help ensure that there is adequate segregation of duties in regards to grant reporting including special reports and that all supporting documentation is maintained with the filed copy of the report. Views of Responsible Officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education Federal Program Name: Elementary and Secondary School Relief Fund Assistance Listing Number: 84.425D, 84.425U Federal Award Identification Number and Year: S425D210044 Federal Award Date 1/6/2021, S425U210044 Federal Award Date 12/6/2021 and 3/13/2020 Pass-Through Agency: Wisconsin Department of Public Instruction Pass-Through Number(s): 2022-714508-DPI-ESSERFII-163, 2022-714508-DPI-ESSERFIII-165, 2024-714508-DPI-LETRS-165 Award Period: July 1, 2023 – June 30, 2024 Type of Finding: Material Weakness in Internal Control over Compliance and Other Matter Criteria or Specific Requirement: 2 CFR 200.334 states that "The recipient and subrecipient must retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to, financial records, supporting documentation, and statistical records." Segregation of duties is an internal control intended to prevent or decrease the occurrence of errors or intentional fraud. Segregation of duties ensures that no single employee has control over all phases of a transaction. Condition: The District is required to file an annual report for ESSER. The supporting documentation used to enter the data into the reporting portal was not maintained and there was no review of the data entered into the form by someone other than the preparer. Accordingly, this does not allow for a proper segregation of duties for internal control purposes. Questioned Costs: None. Context: While performing audit procedures, it was noted that there was no review of the report completed by the finance director by someone else. The supporting documents used to complete the report was not retained by the District. Cause: The lack of segregation of duties is due to the limited number of employees and the size of the District’s operations. Effect: Errors or intentional fraud could occur and not be detected timely by other employees in the normal course of their responsibilities as a result of the lack of segregation of duties. Repeat Finding: No. Recommendation: We recommend the District review its grant reporting processes and implement internal controls to help ensure that there is adequate segregation of duties in regards to grant reporting including special reports and that all supporting documentation is maintained with the filed copy of the report. Views of Responsible Officials: There is no disagreement with the audit finding.
Federal Agency: U.S. Department of Education Federal Program Name: Elementary and Secondary School Relief Fund Assistance Listing Number: 84.425D, 84.425U Federal Award Identification Number and Year: S425D210044 Federal Award Date 1/6/2021, S425U210044 Federal Award Date 12/6/2021 and 3/13/2020 Pass-Through Agency: Wisconsin Department of Public Instruction Pass-Through Number(s): 2022-714508-DPI-ESSERFII-163, 2022-714508-DPI-ESSERFIII-165, 2024-714508-DPI-LETRS-165 Award Period: July 1, 2023 – June 30, 2024 Type of Finding: Material Weakness in Internal Control over Compliance and Other Matter Criteria or Specific Requirement: 2 CFR 200.334 states that "The recipient and subrecipient must retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to, financial records, supporting documentation, and statistical records." Segregation of duties is an internal control intended to prevent or decrease the occurrence of errors or intentional fraud. Segregation of duties ensures that no single employee has control over all phases of a transaction. Condition: The District is required to file an annual report for ESSER. The supporting documentation used to enter the data into the reporting portal was not maintained and there was no review of the data entered into the form by someone other than the preparer. Accordingly, this does not allow for a proper segregation of duties for internal control purposes. Questioned Costs: None. Context: While performing audit procedures, it was noted that there was no review of the report completed by the finance director by someone else. The supporting documents used to complete the report was not retained by the District. Cause: The lack of segregation of duties is due to the limited number of employees and the size of the District’s operations. Effect: Errors or intentional fraud could occur and not be detected timely by other employees in the normal course of their responsibilities as a result of the lack of segregation of duties. Repeat Finding: No. Recommendation: We recommend the District review its grant reporting processes and implement internal controls to help ensure that there is adequate segregation of duties in regards to grant reporting including special reports and that all supporting documentation is maintained with the filed copy of the report. Views of Responsible Officials: There is no disagreement with the audit finding.
FINDING 2024-001 DOCUMENT RETENTION SIGNIFICANT DEFICIENCY Federal Program: Child Nutrition Cluster Assistance Listing Number: 10.553 & 10.555 Criteria Per 7 CFR 200.334, “Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient.” Condition Two claims for meal reimbursement were selected for testing. The School was unable to provide records of meals served. The School qualified for the Community Eligibility Provision program and all students receive free meals. Meals claimed were below the maximum that could have been claimed had all students obtained school meals each day of the periods under review. No determination of questioned costs could be made. Cause The School did not maintain documentation for each individual claim. Effect Reconciliation of meals served data to individual claims was not possible. Recommendation We recommend the School develop internal controls requiring the maintenance of documentation of meals served for the individual claims submitted for the program. Views of Responsible Officials The School’s Corrective Action Plan is included on page 25.
FINDING 2024-001 DOCUMENT RETENTION SIGNIFICANT DEFICIENCY Federal Program: Child Nutrition Cluster Assistance Listing Number: 10.553 & 10.555 Criteria Per 7 CFR 200.334, “Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient.” Condition Two claims for meal reimbursement were selected for testing. The School was unable to provide records of meals served. The School qualified for the Community Eligibility Provision program and all students receive free meals. Meals claimed were below the maximum that could have been claimed had all students obtained school meals each day of the periods under review. No determination of questioned costs could be made. Cause The School did not maintain documentation for each individual claim. Effect Reconciliation of meals served data to individual claims was not possible. Recommendation We recommend the School develop internal controls requiring the maintenance of documentation of meals served for the individual claims submitted for the program. Views of Responsible Officials The School’s Corrective Action Plan is included on page 25.
FINDING 2024-003 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425U Federal Award Number and Year (or Other Identifying Number): S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-002. Condition and Context An effective internal control system was not designed or implemented at the School Corporation to ensure compliance with requirements related to the grant agreement and the Reporting compliance requirement. The School Corporation had not designed, nor implemented, a system of internal controls to ensure that the annual Elementary and Secondary School Emergency Relief (ESSER) Data Collection reports (Reports) were complete and accurately submitted. The Reports were prepared by one employee without a documented oversight, review, or approval process in place to prevent, or detect and correct, errors. Due to the lack of effective internal controls, two of the five Reports submitted during the audit period were not supported by the School Corporation's records. The following errors were noted: For the ESSER III, Year 2 report, which covered the period July 1, 2021 to June 30, 2022, total expenses reported were understated by $369,741. For the ESSER III, Year 3 report, which covered the period July 1, 2022 to June 30, 2023, total expenses reported for Property - Mandatory Subgrant Funds - Exclusive of Learning Loss Set-Aside were understated by $519,504. Total expenses reported for Supplies - Mandatory Subgrant Funds - Learning Loss Set-Aside were overstated by $11,260. The lack of internal controls was a systemic issue throughout the audit period. Noncompliance was isolated to the ESSER III, Year 2 and Year 3 reports. INDIANA STATE BOARD OF ACCOUNTS 18 JAC-CEN-DEL COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." Cause A proper system of internal controls was not designed by management of the School Corporation. Due to turnover in the position responsible for review, reports were not reviewed to detect errors prior to submission. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, the ESSER III, Year 2 and Year 3 reports were not supported by the School Corporation's records. INDIANA STATE BOARD OF ACCOUNTS 19 JAC-CEN-DEL COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that the management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure that all reports are supported by the School Corporation's records. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-003 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425U Federal Award Number and Year (or Other Identifying Number): S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-002. Condition and Context An effective internal control system was not designed or implemented at the School Corporation to ensure compliance with requirements related to the grant agreement and the Reporting compliance requirement. The School Corporation had not designed, nor implemented, a system of internal controls to ensure that the annual Elementary and Secondary School Emergency Relief (ESSER) Data Collection reports (Reports) were complete and accurately submitted. The Reports were prepared by one employee without a documented oversight, review, or approval process in place to prevent, or detect and correct, errors. Due to the lack of effective internal controls, two of the five Reports submitted during the audit period were not supported by the School Corporation's records. The following errors were noted: For the ESSER III, Year 2 report, which covered the period July 1, 2021 to June 30, 2022, total expenses reported were understated by $369,741. For the ESSER III, Year 3 report, which covered the period July 1, 2022 to June 30, 2023, total expenses reported for Property - Mandatory Subgrant Funds - Exclusive of Learning Loss Set-Aside were understated by $519,504. Total expenses reported for Supplies - Mandatory Subgrant Funds - Learning Loss Set-Aside were overstated by $11,260. The lack of internal controls was a systemic issue throughout the audit period. Noncompliance was isolated to the ESSER III, Year 2 and Year 3 reports. INDIANA STATE BOARD OF ACCOUNTS 18 JAC-CEN-DEL COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." Cause A proper system of internal controls was not designed by management of the School Corporation. Due to turnover in the position responsible for review, reports were not reviewed to detect errors prior to submission. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, the ESSER III, Year 2 and Year 3 reports were not supported by the School Corporation's records. INDIANA STATE BOARD OF ACCOUNTS 19 JAC-CEN-DEL COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified. Recommendation We recommended that the management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure that all reports are supported by the School Corporation's records. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-005 Subject: Title I Grants to Local Educational Agencies - Eligibility Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listings Number: 84.010 Federal Award Numbers and Years (or Other Identifying Numbers): S010A210014, S010A220014, S010A230014 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Eligibility Audit Findings: Material Weakness, Modified Opinion Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-003. INDIANA STATE BOARD OF ACCOUNTS 23 MADISON CONSOLIDATED SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Condition and Context Eligibility for Title I is determined on the Eligible School Summary of the Tile I application. Enrollment and Poverty numbers are automatically pulled from the Indiana Department of Education's (IDOE) Official Pupil Enrollment (PE) count for each school into the Eligible School Summary page of the Tile I application. These counts that are prepopulated should be based on the School Corporation's records as of October of the prior fiscal year. One person compiled and uploaded enrollment data, including poverty status for Real Time (RT) reports, to the IDOE without a documented oversight or review process to ensure that the information was accurate and retained for audit. In addition, there was no review by the School Corporation of the enrollment and poverty counts that were prepopulated into the School Corporation's Title I grant application. The IDOE used the October 1 RT reports for fiscal years 2021-2022 and 2022-2023, as provided by the School Corporation, to determine Eligibility for the 2022-2023 and 2023-2024 grant programs, respectively. The October 1 RT report could not be presented for audit for 2021-2022, which would have been used to pull in enrollment and poverty information for the 2022-2023 grant. As such, we were unable to verify the amounts reported in the grant application. Additionally, the Indiana State Board of Accounts was unable to verify if the correct socioeconomic status was properly reported for any of the students. Enrollment and poverty numbers for any nonpublic schools are manually entered into the application by the School Corporation. The School Corporation had not established an effective process to review the listing of students from the nonpublic schools for enrollment and poverty counts to be entered into the Title I application and to retain this information for audit. We were unable to determine if the enrolled student count and their poverty status in the application was accurate. The lack of internal controls and lack of information submitted for audit was a systemic issue throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." INDIANA STATE BOARD OF ACCOUNTS 24 MADISON CONSOLIDATED SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Cause A proper system of internal controls was not designed by management of the School Corporation, which would include segregation of key functions, to ensure all records pertinent to the federal award were retained for audit. After a change in software providers, information from the previous provider could not be obtained for audit. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, RT reports and nonpublic school enrollment documentation were not maintained for audit, and, as such, the Indiana State Board of Accounts could not determine if the School Corporation complied with the Eligibility compliance requirement. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that the management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure RT reports, and nonpublic school enrollment documentation are maintained for audit. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-005 Subject: Title I Grants to Local Educational Agencies - Eligibility Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listings Number: 84.010 Federal Award Numbers and Years (or Other Identifying Numbers): S010A210014, S010A220014, S010A230014 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Eligibility Audit Findings: Material Weakness, Modified Opinion Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-003. INDIANA STATE BOARD OF ACCOUNTS 23 MADISON CONSOLIDATED SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Condition and Context Eligibility for Title I is determined on the Eligible School Summary of the Tile I application. Enrollment and Poverty numbers are automatically pulled from the Indiana Department of Education's (IDOE) Official Pupil Enrollment (PE) count for each school into the Eligible School Summary page of the Tile I application. These counts that are prepopulated should be based on the School Corporation's records as of October of the prior fiscal year. One person compiled and uploaded enrollment data, including poverty status for Real Time (RT) reports, to the IDOE without a documented oversight or review process to ensure that the information was accurate and retained for audit. In addition, there was no review by the School Corporation of the enrollment and poverty counts that were prepopulated into the School Corporation's Title I grant application. The IDOE used the October 1 RT reports for fiscal years 2021-2022 and 2022-2023, as provided by the School Corporation, to determine Eligibility for the 2022-2023 and 2023-2024 grant programs, respectively. The October 1 RT report could not be presented for audit for 2021-2022, which would have been used to pull in enrollment and poverty information for the 2022-2023 grant. As such, we were unable to verify the amounts reported in the grant application. Additionally, the Indiana State Board of Accounts was unable to verify if the correct socioeconomic status was properly reported for any of the students. Enrollment and poverty numbers for any nonpublic schools are manually entered into the application by the School Corporation. The School Corporation had not established an effective process to review the listing of students from the nonpublic schools for enrollment and poverty counts to be entered into the Title I application and to retain this information for audit. We were unable to determine if the enrolled student count and their poverty status in the application was accurate. The lack of internal controls and lack of information submitted for audit was a systemic issue throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." INDIANA STATE BOARD OF ACCOUNTS 24 MADISON CONSOLIDATED SCHOOLS SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Cause A proper system of internal controls was not designed by management of the School Corporation, which would include segregation of key functions, to ensure all records pertinent to the federal award were retained for audit. After a change in software providers, information from the previous provider could not be obtained for audit. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, RT reports and nonpublic school enrollment documentation were not maintained for audit, and, as such, the Indiana State Board of Accounts could not determine if the School Corporation complied with the Eligibility compliance requirement. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that the management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure RT reports, and nonpublic school enrollment documentation are maintained for audit. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
Information on the federal program: Subject: Title I Grants to Local Educational Agencies – Special Tests and Provisions – Annual Report Card, High School Graduation Rate Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listing Number: 84.010A Federal Award Numbers: S010A210014, S010A220014, S010A230014 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Special Tests and Provisions – Annual Report Card, High School Graduation Rate Audit Findings: Significant Deficiency Criteria: 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)...." 20 USC 7801(23)(B) states: "To remove a student from a cohort, a school or local educational agency shall require documentation, or obtain information from the State educational agency, to confirm that the student has transferred out, emigrated to another country, or transferred to a prison or juvenile facility, or deceased." 2 CFR 200.333 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient..." 2 CFR 200.334 (Revised Uniform Guidance) states in part: “Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . Condition: An effective internal control system was not in place at the School Corporation to ensure compliance with requirements related to the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Cause: Management had not developed nor implemented a system of internal control that would have ensured compliance with the grant agreement and the Special Tests and Provisions compliance requirement. Effect: The failure to establish an effective internal control system could enable noncompliance to go undetected. Noncompliance with the grant agreement and the Special Tests and Provisions – Annual Report Card, High School Graduation Rate compliance requirement could result in loss of future federal funds to the School Corporation. Questioned Costs: There were no questioned costs identified. Context: An effective internal control system was not in place at the School Corporation to ensure compliance with requirements related to the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. There was no formal documented review of mobility reports in Skyward during our audit period. Identification as a repeat finding: This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-003. Recommendation: We recommended that the School Corporation's management establish an effective system of internal control to ensure compliance and comply with the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. Views of Responsible Officials and Planned Corrective Actions: Management agrees with the finding and has prepared a corrective action plan.
Information on the federal program: Subject: Title I Grants to Local Educational Agencies – Special Tests and Provisions – Annual Report Card, High School Graduation Rate Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listing Number: 84.010A Federal Award Numbers: S010A210014, S010A220014, S010A230014 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Special Tests and Provisions – Annual Report Card, High School Graduation Rate Audit Findings: Significant Deficiency Criteria: 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)...." 20 USC 7801(23)(B) states: "To remove a student from a cohort, a school or local educational agency shall require documentation, or obtain information from the State educational agency, to confirm that the student has transferred out, emigrated to another country, or transferred to a prison or juvenile facility, or deceased." 2 CFR 200.333 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient..." 2 CFR 200.334 (Revised Uniform Guidance) states in part: “Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . Condition: An effective internal control system was not in place at the School Corporation to ensure compliance with requirements related to the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Cause: Management had not developed nor implemented a system of internal control that would have ensured compliance with the grant agreement and the Special Tests and Provisions compliance requirement. Effect: The failure to establish an effective internal control system could enable noncompliance to go undetected. Noncompliance with the grant agreement and the Special Tests and Provisions – Annual Report Card, High School Graduation Rate compliance requirement could result in loss of future federal funds to the School Corporation. Questioned Costs: There were no questioned costs identified. Context: An effective internal control system was not in place at the School Corporation to ensure compliance with requirements related to the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. There was no formal documented review of mobility reports in Skyward during our audit period. Identification as a repeat finding: This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-003. Recommendation: We recommended that the School Corporation's management establish an effective system of internal control to ensure compliance and comply with the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. Views of Responsible Officials and Planned Corrective Actions: Management agrees with the finding and has prepared a corrective action plan.
Information on the federal program: Subject: Title I Grants to Local Educational Agencies – Special Tests and Provisions – Annual Report Card, High School Graduation Rate Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listing Number: 84.010A Federal Award Numbers: S010A210014, S010A220014, S010A230014 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Special Tests and Provisions – Annual Report Card, High School Graduation Rate Audit Findings: Significant Deficiency Criteria: 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)...." 20 USC 7801(23)(B) states: "To remove a student from a cohort, a school or local educational agency shall require documentation, or obtain information from the State educational agency, to confirm that the student has transferred out, emigrated to another country, or transferred to a prison or juvenile facility, or deceased." 2 CFR 200.333 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient..." 2 CFR 200.334 (Revised Uniform Guidance) states in part: “Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . Condition: An effective internal control system was not in place at the School Corporation to ensure compliance with requirements related to the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Cause: Management had not developed nor implemented a system of internal control that would have ensured compliance with the grant agreement and the Special Tests and Provisions compliance requirement. Effect: The failure to establish an effective internal control system could enable noncompliance to go undetected. Noncompliance with the grant agreement and the Special Tests and Provisions – Annual Report Card, High School Graduation Rate compliance requirement could result in loss of future federal funds to the School Corporation. Questioned Costs: There were no questioned costs identified. Context: An effective internal control system was not in place at the School Corporation to ensure compliance with requirements related to the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. There was no formal documented review of mobility reports in Skyward during our audit period. Identification as a repeat finding: This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-003. Recommendation: We recommended that the School Corporation's management establish an effective system of internal control to ensure compliance and comply with the grant agreement and the Special Tests and Provisions - Annual Report Card, High School Graduation Rate compliance requirement. Views of Responsible Officials and Planned Corrective Actions: Management agrees with the finding and has prepared a corrective action plan.
FINDING 2024-003 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Indiana Department of Education Federal Program: COVID-19 - Education Stablization Fund Assistance Listings Numbers: 84.425C, 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425C200018, S425D200013, S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation was required to submit annual data reports to the Indiana Department of Education (IDOE) via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period, the School Corporation submitted one ESSER I report, two ESSER II reports, and two ESSER III reports for a total of five reports. The annual data reports were compiled, prepared, and submitted by the Treasurer without an oversight or review process in place to prevent, or detect and correct, errors. In addition, the five annual data reports were not supported by the School Corporation's records. The documentation used to prepare the reports was not retained by the School Corporation and the ledger activity for the time period of each report did not agree to the data submitted. As such, the Indiana State Board of Accounts could not verify the information submitted to the IDOE was accurate or complete. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." (3) Records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Cause A proper system of internal controls, which include segregation of key functions, was not established by management of the School Corporation to ensure that reports filed were supported by School Corporation records and had an independent review, for accuracy and completeness, prior to submission. Effect Without a proper system of internal controls in place that operated effectively, the School Corporation submitted reports that were not supported by School Corporation records. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funds to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure that documentation utilized in the preparation of the reports is maintained and that there is an independent review of the reports for accuracy and completeness prior to submission. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-003 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Indiana Department of Education Federal Program: COVID-19 - Education Stablization Fund Assistance Listings Numbers: 84.425C, 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425C200018, S425D200013, S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation was required to submit annual data reports to the Indiana Department of Education (IDOE) via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period, the School Corporation submitted one ESSER I report, two ESSER II reports, and two ESSER III reports for a total of five reports. The annual data reports were compiled, prepared, and submitted by the Treasurer without an oversight or review process in place to prevent, or detect and correct, errors. In addition, the five annual data reports were not supported by the School Corporation's records. The documentation used to prepare the reports was not retained by the School Corporation and the ledger activity for the time period of each report did not agree to the data submitted. As such, the Indiana State Board of Accounts could not verify the information submitted to the IDOE was accurate or complete. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." (3) Records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Cause A proper system of internal controls, which include segregation of key functions, was not established by management of the School Corporation to ensure that reports filed were supported by School Corporation records and had an independent review, for accuracy and completeness, prior to submission. Effect Without a proper system of internal controls in place that operated effectively, the School Corporation submitted reports that were not supported by School Corporation records. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funds to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure that documentation utilized in the preparation of the reports is maintained and that there is an independent review of the reports for accuracy and completeness prior to submission. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-003 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Indiana Department of Education Federal Program: COVID-19 - Education Stablization Fund Assistance Listings Numbers: 84.425C, 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425C200018, S425D200013, S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation was required to submit annual data reports to the Indiana Department of Education (IDOE) via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period, the School Corporation submitted one ESSER I report, two ESSER II reports, and two ESSER III reports for a total of five reports. The annual data reports were compiled, prepared, and submitted by the Treasurer without an oversight or review process in place to prevent, or detect and correct, errors. In addition, the five annual data reports were not supported by the School Corporation's records. The documentation used to prepare the reports was not retained by the School Corporation and the ledger activity for the time period of each report did not agree to the data submitted. As such, the Indiana State Board of Accounts could not verify the information submitted to the IDOE was accurate or complete. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." (3) Records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Cause A proper system of internal controls, which include segregation of key functions, was not established by management of the School Corporation to ensure that reports filed were supported by School Corporation records and had an independent review, for accuracy and completeness, prior to submission. Effect Without a proper system of internal controls in place that operated effectively, the School Corporation submitted reports that were not supported by School Corporation records. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funds to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure that documentation utilized in the preparation of the reports is maintained and that there is an independent review of the reports for accuracy and completeness prior to submission. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-003 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Indiana Department of Education Federal Program: COVID-19 - Education Stablization Fund Assistance Listings Numbers: 84.425C, 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425C200018, S425D200013, S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation was required to submit annual data reports to the Indiana Department of Education (IDOE) via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period, the School Corporation submitted one ESSER I report, two ESSER II reports, and two ESSER III reports for a total of five reports. The annual data reports were compiled, prepared, and submitted by the Treasurer without an oversight or review process in place to prevent, or detect and correct, errors. In addition, the five annual data reports were not supported by the School Corporation's records. The documentation used to prepare the reports was not retained by the School Corporation and the ledger activity for the time period of each report did not agree to the data submitted. As such, the Indiana State Board of Accounts could not verify the information submitted to the IDOE was accurate or complete. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." (3) Records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Cause A proper system of internal controls, which include segregation of key functions, was not established by management of the School Corporation to ensure that reports filed were supported by School Corporation records and had an independent review, for accuracy and completeness, prior to submission. Effect Without a proper system of internal controls in place that operated effectively, the School Corporation submitted reports that were not supported by School Corporation records. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funds to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure that documentation utilized in the preparation of the reports is maintained and that there is an independent review of the reports for accuracy and completeness prior to submission. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-003 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Indiana Department of Education Federal Program: COVID-19 - Education Stablization Fund Assistance Listings Numbers: 84.425C, 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425C200018, S425D200013, S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation was required to submit annual data reports to the Indiana Department of Education (IDOE) via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period, the School Corporation submitted one ESSER I report, two ESSER II reports, and two ESSER III reports for a total of five reports. The annual data reports were compiled, prepared, and submitted by the Treasurer without an oversight or review process in place to prevent, or detect and correct, errors. In addition, the five annual data reports were not supported by the School Corporation's records. The documentation used to prepare the reports was not retained by the School Corporation and the ledger activity for the time period of each report did not agree to the data submitted. As such, the Indiana State Board of Accounts could not verify the information submitted to the IDOE was accurate or complete. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." (3) Records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Cause A proper system of internal controls, which include segregation of key functions, was not established by management of the School Corporation to ensure that reports filed were supported by School Corporation records and had an independent review, for accuracy and completeness, prior to submission. Effect Without a proper system of internal controls in place that operated effectively, the School Corporation submitted reports that were not supported by School Corporation records. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funds to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure that documentation utilized in the preparation of the reports is maintained and that there is an independent review of the reports for accuracy and completeness prior to submission. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-003 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Indiana Department of Education Federal Program: COVID-19 - Education Stablization Fund Assistance Listings Numbers: 84.425C, 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425C200018, S425D200013, S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Modified Opinion Condition and Context The School Corporation was required to submit annual data reports to the Indiana Department of Education (IDOE) via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period, the School Corporation submitted one ESSER I report, two ESSER II reports, and two ESSER III reports for a total of five reports. The annual data reports were compiled, prepared, and submitted by the Treasurer without an oversight or review process in place to prevent, or detect and correct, errors. In addition, the five annual data reports were not supported by the School Corporation's records. The documentation used to prepare the reports was not retained by the School Corporation and the ledger activity for the time period of each report did not agree to the data submitted. As such, the Indiana State Board of Accounts could not verify the information submitted to the IDOE was accurate or complete. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." (3) Records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Cause A proper system of internal controls, which include segregation of key functions, was not established by management of the School Corporation to ensure that reports filed were supported by School Corporation records and had an independent review, for accuracy and completeness, prior to submission. Effect Without a proper system of internal controls in place that operated effectively, the School Corporation submitted reports that were not supported by School Corporation records. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funds to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure that documentation utilized in the preparation of the reports is maintained and that there is an independent review of the reports for accuracy and completeness prior to submission. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-004 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Special Milk Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.556 Federal Award Numbers and Years (or Other Identifying Numbers): FY2023, FY2024 Pass-Through Entity: Indiana Department of Education Compliance Requirements: Activities Allowed and Unallowed, Allowable Costs/Cost Principles Audit Findings: Material Weakness, Other Matters Condition and Context Internal control is generally defined as a process affected by an entity's oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. With respect to federal awards, nonfederal entities, such as the School Corporation, are required to establish and maintain internal controls over federal awards that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and terms and conditions of the federal awards. INDIANA STATE BOARD OF ACCOUNTS 22 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Internal control is not one event or circumstance, but a dynamic and iterative process. The internal control process is based on fundamental principles that operate as a whole but are best understood when analyzed individually. The fundamental principles are related to five components of internal control which are as follows: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. If a component is not effective, or the components are not operating together in an integrated manner, then an internal control system cannot be effective. Deficiencies as noted below were identified in the risk assessment, monitoring, and control activities components. Risk Assessment The School Corporation has not established a formal risk assessment process. There is no documented risk assessment policy, nor is there evidence of periodic risk identification, analysis, or evaluation. Monitoring The School Corporation did not conduct ongoing or periodic reviews to ensure that internal controls were operating as intended and to identify areas for improvement. Furthermore, the School Corporation did not have a process to follow up on corrective actions written as a response to audit findings. Control Activities A sample of 60 claims was selected for testing. Of the 60 claims selected for testing, 43 claims were vendor claims and 17 were payroll claims. Issues were identified with 5 of the vendor claims as noted below: Three claims, totaling $700, were paid based solely upon summary statements from the vendor. The School Corporation was unable to provide additional documentation, such as invoices, to detail what items or services had been purchased. Without adequate supporting documentation, we could not determine if the expenses incurred were for activities and costs allowable per the grant. Two claims, totaling $313, were paid with no supporting documentation. The School Corporation was unable to provide additional documentation, such as invoices, to detail what items or services had been purchased. Without adequate supporting documentation, we could not determine if the expenses incurred were for activities and costs allowable per the grant. The total amount, $1,013, paid without adequate supporting documentation was considered questioned costs. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: INDIANA STATE BOARD OF ACCOUNTS 23 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 7 CFR 210.14(a) states in part: ". . . Revenues received by the nonprofit school food service are to be used only for the operation or improvement of such food service, except that, such revenues shall not be used to purchase land or buildings, unless otherwise approved by FNS, or to construct buildings. . . ." 7 CFR 220.7(e)(1)(ii) states in part: ". . . use all revenues received by such food service only for the operation or improvement of that food service . . ." Cause Management of the School Corporation had not taken steps to design and implement policies and procedures to assess risks facing the School Corporation or to establish and operate monitoring activities that monitor the internal control system. Additionally, the School Corporation did not follow proper recordkeeping procedures. The Treasurer paid claims from federal program funds with no support or based on summary statements. INDIANA STATE BOARD OF ACCOUNTS 24 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Effect As a result of the five components of internal control not being adequately designed and implemented, the internal control system cannot be effective. Thus, general risks or specific risks from fraud and significant changes could negatively impact the School Corporation, identified internal control deficiencies could continue, and unidentified flaws within the internal control system could exist. Additionally, we could not determine if federal program funds were used to pay only for the operation or improvement of the food service. Furthermore, the lack of detailed documentation was not in compliance with the cost principles. Continued payment with no support or only summary statements could lead to payments for unallowable activities and additional questioned costs. Questioned Costs Questioned costs in the amount of $1,013 were identified as noted in the Condition and Context. Recommendation We recommended that the School Corporation's management establish a proper system of internal controls, which would include policies and procedures related to risk assessment and monitoring. Additionally, we recommended that the School Corporation's management establish a proper system of internal controls to ensure expenditures made from federal awards have appropriate supporting documentation to ensure expenditures are allowable per the terms and conditions of the federal award and adhere to the cost principles. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-004 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Special Milk Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.556 Federal Award Numbers and Years (or Other Identifying Numbers): FY2023, FY2024 Pass-Through Entity: Indiana Department of Education Compliance Requirements: Activities Allowed and Unallowed, Allowable Costs/Cost Principles Audit Findings: Material Weakness, Other Matters Condition and Context Internal control is generally defined as a process affected by an entity's oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. With respect to federal awards, nonfederal entities, such as the School Corporation, are required to establish and maintain internal controls over federal awards that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and terms and conditions of the federal awards. INDIANA STATE BOARD OF ACCOUNTS 22 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Internal control is not one event or circumstance, but a dynamic and iterative process. The internal control process is based on fundamental principles that operate as a whole but are best understood when analyzed individually. The fundamental principles are related to five components of internal control which are as follows: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. If a component is not effective, or the components are not operating together in an integrated manner, then an internal control system cannot be effective. Deficiencies as noted below were identified in the risk assessment, monitoring, and control activities components. Risk Assessment The School Corporation has not established a formal risk assessment process. There is no documented risk assessment policy, nor is there evidence of periodic risk identification, analysis, or evaluation. Monitoring The School Corporation did not conduct ongoing or periodic reviews to ensure that internal controls were operating as intended and to identify areas for improvement. Furthermore, the School Corporation did not have a process to follow up on corrective actions written as a response to audit findings. Control Activities A sample of 60 claims was selected for testing. Of the 60 claims selected for testing, 43 claims were vendor claims and 17 were payroll claims. Issues were identified with 5 of the vendor claims as noted below: Three claims, totaling $700, were paid based solely upon summary statements from the vendor. The School Corporation was unable to provide additional documentation, such as invoices, to detail what items or services had been purchased. Without adequate supporting documentation, we could not determine if the expenses incurred were for activities and costs allowable per the grant. Two claims, totaling $313, were paid with no supporting documentation. The School Corporation was unable to provide additional documentation, such as invoices, to detail what items or services had been purchased. Without adequate supporting documentation, we could not determine if the expenses incurred were for activities and costs allowable per the grant. The total amount, $1,013, paid without adequate supporting documentation was considered questioned costs. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: INDIANA STATE BOARD OF ACCOUNTS 23 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 7 CFR 210.14(a) states in part: ". . . Revenues received by the nonprofit school food service are to be used only for the operation or improvement of such food service, except that, such revenues shall not be used to purchase land or buildings, unless otherwise approved by FNS, or to construct buildings. . . ." 7 CFR 220.7(e)(1)(ii) states in part: ". . . use all revenues received by such food service only for the operation or improvement of that food service . . ." Cause Management of the School Corporation had not taken steps to design and implement policies and procedures to assess risks facing the School Corporation or to establish and operate monitoring activities that monitor the internal control system. Additionally, the School Corporation did not follow proper recordkeeping procedures. The Treasurer paid claims from federal program funds with no support or based on summary statements. INDIANA STATE BOARD OF ACCOUNTS 24 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Effect As a result of the five components of internal control not being adequately designed and implemented, the internal control system cannot be effective. Thus, general risks or specific risks from fraud and significant changes could negatively impact the School Corporation, identified internal control deficiencies could continue, and unidentified flaws within the internal control system could exist. Additionally, we could not determine if federal program funds were used to pay only for the operation or improvement of the food service. Furthermore, the lack of detailed documentation was not in compliance with the cost principles. Continued payment with no support or only summary statements could lead to payments for unallowable activities and additional questioned costs. Questioned Costs Questioned costs in the amount of $1,013 were identified as noted in the Condition and Context. Recommendation We recommended that the School Corporation's management establish a proper system of internal controls, which would include policies and procedures related to risk assessment and monitoring. Additionally, we recommended that the School Corporation's management establish a proper system of internal controls to ensure expenditures made from federal awards have appropriate supporting documentation to ensure expenditures are allowable per the terms and conditions of the federal award and adhere to the cost principles. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-004 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Special Milk Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.556 Federal Award Numbers and Years (or Other Identifying Numbers): FY2023, FY2024 Pass-Through Entity: Indiana Department of Education Compliance Requirements: Activities Allowed and Unallowed, Allowable Costs/Cost Principles Audit Findings: Material Weakness, Other Matters Condition and Context Internal control is generally defined as a process affected by an entity's oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. With respect to federal awards, nonfederal entities, such as the School Corporation, are required to establish and maintain internal controls over federal awards that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and terms and conditions of the federal awards. INDIANA STATE BOARD OF ACCOUNTS 22 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Internal control is not one event or circumstance, but a dynamic and iterative process. The internal control process is based on fundamental principles that operate as a whole but are best understood when analyzed individually. The fundamental principles are related to five components of internal control which are as follows: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. If a component is not effective, or the components are not operating together in an integrated manner, then an internal control system cannot be effective. Deficiencies as noted below were identified in the risk assessment, monitoring, and control activities components. Risk Assessment The School Corporation has not established a formal risk assessment process. There is no documented risk assessment policy, nor is there evidence of periodic risk identification, analysis, or evaluation. Monitoring The School Corporation did not conduct ongoing or periodic reviews to ensure that internal controls were operating as intended and to identify areas for improvement. Furthermore, the School Corporation did not have a process to follow up on corrective actions written as a response to audit findings. Control Activities A sample of 60 claims was selected for testing. Of the 60 claims selected for testing, 43 claims were vendor claims and 17 were payroll claims. Issues were identified with 5 of the vendor claims as noted below: Three claims, totaling $700, were paid based solely upon summary statements from the vendor. The School Corporation was unable to provide additional documentation, such as invoices, to detail what items or services had been purchased. Without adequate supporting documentation, we could not determine if the expenses incurred were for activities and costs allowable per the grant. Two claims, totaling $313, were paid with no supporting documentation. The School Corporation was unable to provide additional documentation, such as invoices, to detail what items or services had been purchased. Without adequate supporting documentation, we could not determine if the expenses incurred were for activities and costs allowable per the grant. The total amount, $1,013, paid without adequate supporting documentation was considered questioned costs. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: INDIANA STATE BOARD OF ACCOUNTS 23 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 7 CFR 210.14(a) states in part: ". . . Revenues received by the nonprofit school food service are to be used only for the operation or improvement of such food service, except that, such revenues shall not be used to purchase land or buildings, unless otherwise approved by FNS, or to construct buildings. . . ." 7 CFR 220.7(e)(1)(ii) states in part: ". . . use all revenues received by such food service only for the operation or improvement of that food service . . ." Cause Management of the School Corporation had not taken steps to design and implement policies and procedures to assess risks facing the School Corporation or to establish and operate monitoring activities that monitor the internal control system. Additionally, the School Corporation did not follow proper recordkeeping procedures. The Treasurer paid claims from federal program funds with no support or based on summary statements. INDIANA STATE BOARD OF ACCOUNTS 24 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Effect As a result of the five components of internal control not being adequately designed and implemented, the internal control system cannot be effective. Thus, general risks or specific risks from fraud and significant changes could negatively impact the School Corporation, identified internal control deficiencies could continue, and unidentified flaws within the internal control system could exist. Additionally, we could not determine if federal program funds were used to pay only for the operation or improvement of the food service. Furthermore, the lack of detailed documentation was not in compliance with the cost principles. Continued payment with no support or only summary statements could lead to payments for unallowable activities and additional questioned costs. Questioned Costs Questioned costs in the amount of $1,013 were identified as noted in the Condition and Context. Recommendation We recommended that the School Corporation's management establish a proper system of internal controls, which would include policies and procedures related to risk assessment and monitoring. Additionally, we recommended that the School Corporation's management establish a proper system of internal controls to ensure expenditures made from federal awards have appropriate supporting documentation to ensure expenditures are allowable per the terms and conditions of the federal award and adhere to the cost principles. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-004 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Special Milk Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.556 Federal Award Numbers and Years (or Other Identifying Numbers): FY2023, FY2024 Pass-Through Entity: Indiana Department of Education Compliance Requirements: Activities Allowed and Unallowed, Allowable Costs/Cost Principles Audit Findings: Material Weakness, Other Matters Condition and Context Internal control is generally defined as a process affected by an entity's oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. With respect to federal awards, nonfederal entities, such as the School Corporation, are required to establish and maintain internal controls over federal awards that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and terms and conditions of the federal awards. INDIANA STATE BOARD OF ACCOUNTS 22 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Internal control is not one event or circumstance, but a dynamic and iterative process. The internal control process is based on fundamental principles that operate as a whole but are best understood when analyzed individually. The fundamental principles are related to five components of internal control which are as follows: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. If a component is not effective, or the components are not operating together in an integrated manner, then an internal control system cannot be effective. Deficiencies as noted below were identified in the risk assessment, monitoring, and control activities components. Risk Assessment The School Corporation has not established a formal risk assessment process. There is no documented risk assessment policy, nor is there evidence of periodic risk identification, analysis, or evaluation. Monitoring The School Corporation did not conduct ongoing or periodic reviews to ensure that internal controls were operating as intended and to identify areas for improvement. Furthermore, the School Corporation did not have a process to follow up on corrective actions written as a response to audit findings. Control Activities A sample of 60 claims was selected for testing. Of the 60 claims selected for testing, 43 claims were vendor claims and 17 were payroll claims. Issues were identified with 5 of the vendor claims as noted below: Three claims, totaling $700, were paid based solely upon summary statements from the vendor. The School Corporation was unable to provide additional documentation, such as invoices, to detail what items or services had been purchased. Without adequate supporting documentation, we could not determine if the expenses incurred were for activities and costs allowable per the grant. Two claims, totaling $313, were paid with no supporting documentation. The School Corporation was unable to provide additional documentation, such as invoices, to detail what items or services had been purchased. Without adequate supporting documentation, we could not determine if the expenses incurred were for activities and costs allowable per the grant. The total amount, $1,013, paid without adequate supporting documentation was considered questioned costs. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: INDIANA STATE BOARD OF ACCOUNTS 23 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 7 CFR 210.14(a) states in part: ". . . Revenues received by the nonprofit school food service are to be used only for the operation or improvement of such food service, except that, such revenues shall not be used to purchase land or buildings, unless otherwise approved by FNS, or to construct buildings. . . ." 7 CFR 220.7(e)(1)(ii) states in part: ". . . use all revenues received by such food service only for the operation or improvement of that food service . . ." Cause Management of the School Corporation had not taken steps to design and implement policies and procedures to assess risks facing the School Corporation or to establish and operate monitoring activities that monitor the internal control system. Additionally, the School Corporation did not follow proper recordkeeping procedures. The Treasurer paid claims from federal program funds with no support or based on summary statements. INDIANA STATE BOARD OF ACCOUNTS 24 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Effect As a result of the five components of internal control not being adequately designed and implemented, the internal control system cannot be effective. Thus, general risks or specific risks from fraud and significant changes could negatively impact the School Corporation, identified internal control deficiencies could continue, and unidentified flaws within the internal control system could exist. Additionally, we could not determine if federal program funds were used to pay only for the operation or improvement of the food service. Furthermore, the lack of detailed documentation was not in compliance with the cost principles. Continued payment with no support or only summary statements could lead to payments for unallowable activities and additional questioned costs. Questioned Costs Questioned costs in the amount of $1,013 were identified as noted in the Condition and Context. Recommendation We recommended that the School Corporation's management establish a proper system of internal controls, which would include policies and procedures related to risk assessment and monitoring. Additionally, we recommended that the School Corporation's management establish a proper system of internal controls to ensure expenditures made from federal awards have appropriate supporting documentation to ensure expenditures are allowable per the terms and conditions of the federal award and adhere to the cost principles. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2024-004 Subject: Child Nutrition Cluster - Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: Department of Agriculture Federal Programs: School Breakfast Program, National School Lunch Program, Special Milk Program for Children Assistance Listings Numbers: 10.553, 10.555, 10.556 Federal Award Numbers and Years (or Other Identifying Numbers): FY2023, FY2024 Pass-Through Entity: Indiana Department of Education Compliance Requirements: Activities Allowed and Unallowed, Allowable Costs/Cost Principles Audit Findings: Material Weakness, Other Matters Condition and Context Internal control is generally defined as a process affected by an entity's oversight body, management, and other personnel that provides reasonable assurance that the objectives of an entity will be achieved. With respect to federal awards, nonfederal entities, such as the School Corporation, are required to establish and maintain internal controls over federal awards that provides reasonable assurance that the nonfederal entity is managing the federal award in compliance with federal statutes, regulations, and terms and conditions of the federal awards. INDIANA STATE BOARD OF ACCOUNTS 22 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Internal control is not one event or circumstance, but a dynamic and iterative process. The internal control process is based on fundamental principles that operate as a whole but are best understood when analyzed individually. The fundamental principles are related to five components of internal control which are as follows: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. If a component is not effective, or the components are not operating together in an integrated manner, then an internal control system cannot be effective. Deficiencies as noted below were identified in the risk assessment, monitoring, and control activities components. Risk Assessment The School Corporation has not established a formal risk assessment process. There is no documented risk assessment policy, nor is there evidence of periodic risk identification, analysis, or evaluation. Monitoring The School Corporation did not conduct ongoing or periodic reviews to ensure that internal controls were operating as intended and to identify areas for improvement. Furthermore, the School Corporation did not have a process to follow up on corrective actions written as a response to audit findings. Control Activities A sample of 60 claims was selected for testing. Of the 60 claims selected for testing, 43 claims were vendor claims and 17 were payroll claims. Issues were identified with 5 of the vendor claims as noted below: Three claims, totaling $700, were paid based solely upon summary statements from the vendor. The School Corporation was unable to provide additional documentation, such as invoices, to detail what items or services had been purchased. Without adequate supporting documentation, we could not determine if the expenses incurred were for activities and costs allowable per the grant. Two claims, totaling $313, were paid with no supporting documentation. The School Corporation was unable to provide additional documentation, such as invoices, to detail what items or services had been purchased. Without adequate supporting documentation, we could not determine if the expenses incurred were for activities and costs allowable per the grant. The total amount, $1,013, paid without adequate supporting documentation was considered questioned costs. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: INDIANA STATE BOARD OF ACCOUNTS 23 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 7 CFR 210.14(a) states in part: ". . . Revenues received by the nonprofit school food service are to be used only for the operation or improvement of such food service, except that, such revenues shall not be used to purchase land or buildings, unless otherwise approved by FNS, or to construct buildings. . . ." 7 CFR 220.7(e)(1)(ii) states in part: ". . . use all revenues received by such food service only for the operation or improvement of that food service . . ." Cause Management of the School Corporation had not taken steps to design and implement policies and procedures to assess risks facing the School Corporation or to establish and operate monitoring activities that monitor the internal control system. Additionally, the School Corporation did not follow proper recordkeeping procedures. The Treasurer paid claims from federal program funds with no support or based on summary statements. INDIANA STATE BOARD OF ACCOUNTS 24 CANNELTON CITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Effect As a result of the five components of internal control not being adequately designed and implemented, the internal control system cannot be effective. Thus, general risks or specific risks from fraud and significant changes could negatively impact the School Corporation, identified internal control deficiencies could continue, and unidentified flaws within the internal control system could exist. Additionally, we could not determine if federal program funds were used to pay only for the operation or improvement of the food service. Furthermore, the lack of detailed documentation was not in compliance with the cost principles. Continued payment with no support or only summary statements could lead to payments for unallowable activities and additional questioned costs. Questioned Costs Questioned costs in the amount of $1,013 were identified as noted in the Condition and Context. Recommendation We recommended that the School Corporation's management establish a proper system of internal controls, which would include policies and procedures related to risk assessment and monitoring. Additionally, we recommended that the School Corporation's management establish a proper system of internal controls to ensure expenditures made from federal awards have appropriate supporting documentation to ensure expenditures are allowable per the terms and conditions of the federal award and adhere to the cost principles. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
Significant Deficiency Other Noncompliance Program: Assistance Listing: 10.553/10.555 – Child Nutrition Cluster Assistance Listing 84.010A - Title I Grants To Local Educational Agencies Assistance Listing: 84.027/84.027X/84.173/84.173X – Special Education Cluster (IDEA) Assistance Listing: 84.425D – Elementary and Secondary School Emergency Relief Fund (ESSER II) Assistance Listing: 84.425U – Elementary and Secondary School Emergency Relief Fund (ARP ESSER) Repeat Finding: Yes Criteria: 2 CFR 200.303 requires that a non-federal entity must establish and maintain effective internal control over a federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statues, regulations, and the terms and conditions of the federal award. 2 CFR 200.334 requires subrecipients to retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to financial records, supporting documentation, and statistical records. Federal agencies or pass-through entities may not impose any other record retention requirements except records must be retained until all litigation, claims, or audit findings involving the records have been resolved and final action taken if any litigation, claim, or audit is started before the expiration of the three-year period. Condition: As part of our statistically valid random sample of sixty non-payroll disbursements from the District’s grant expenditures from major programs, we observed the following instances where information required to ensure that these expenditures fulfilled requirements of 2 CFR Part 200 as follows was not obtained by the District or was otherwise unavailable for our examination: Sixteen instances where there was no documentation to determine the District obtained the required information to ensure that the vendor was not suspended or debarred. One instance where there was no invoice or credit memo to support the transaction. Numerous instances where an invoice was not included in the paid invoice. These invoices were made available to us for our examination on our fourth request Context/ Perspective: This finding is based on our statistically valid random sample of sixty non-payroll cash disbursements charged to major programs of the District. Effect: Failure to follow the federal and state requirements could affect future eligibility for federal award programs or could result in a loss or misappropriation of public assets. Questioned Costs: None Recommendation: We recommend that the District implement additional internal controls as necessary to ensure that proper records are maintained to adequately document its expenditures charged to federal grant programs. Views of Responsible Officials: The Auditee’s Corrective Action Plan lists the District’s response to the findings.
Significant Deficiency Other Noncompliance Program: Assistance Listing: 10.553/10.555 – Child Nutrition Cluster Assistance Listing 84.010A - Title I Grants To Local Educational Agencies Assistance Listing: 84.027/84.027X/84.173/84.173X – Special Education Cluster (IDEA) Assistance Listing: 84.425D – Elementary and Secondary School Emergency Relief Fund (ESSER II) Assistance Listing: 84.425U – Elementary and Secondary School Emergency Relief Fund (ARP ESSER) Repeat Finding: Yes Criteria: 2 CFR 200.303 requires that a non-federal entity must establish and maintain effective internal control over a federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statues, regulations, and the terms and conditions of the federal award. 2 CFR 200.334 requires subrecipients to retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to financial records, supporting documentation, and statistical records. Federal agencies or pass-through entities may not impose any other record retention requirements except records must be retained until all litigation, claims, or audit findings involving the records have been resolved and final action taken if any litigation, claim, or audit is started before the expiration of the three-year period. Condition: As part of our statistically valid random sample of sixty non-payroll disbursements from the District’s grant expenditures from major programs, we observed the following instances where information required to ensure that these expenditures fulfilled requirements of 2 CFR Part 200 as follows was not obtained by the District or was otherwise unavailable for our examination: Sixteen instances where there was no documentation to determine the District obtained the required information to ensure that the vendor was not suspended or debarred. One instance where there was no invoice or credit memo to support the transaction. Numerous instances where an invoice was not included in the paid invoice. These invoices were made available to us for our examination on our fourth request Context/ Perspective: This finding is based on our statistically valid random sample of sixty non-payroll cash disbursements charged to major programs of the District. Effect: Failure to follow the federal and state requirements could affect future eligibility for federal award programs or could result in a loss or misappropriation of public assets. Questioned Costs: None Recommendation: We recommend that the District implement additional internal controls as necessary to ensure that proper records are maintained to adequately document its expenditures charged to federal grant programs. Views of Responsible Officials: The Auditee’s Corrective Action Plan lists the District’s response to the findings.
Significant Deficiency Other Noncompliance Program: Assistance Listing: 10.553/10.555 – Child Nutrition Cluster Assistance Listing 84.010A - Title I Grants To Local Educational Agencies Assistance Listing: 84.027/84.027X/84.173/84.173X – Special Education Cluster (IDEA) Assistance Listing: 84.425D – Elementary and Secondary School Emergency Relief Fund (ESSER II) Assistance Listing: 84.425U – Elementary and Secondary School Emergency Relief Fund (ARP ESSER) Repeat Finding: Yes Criteria: 2 CFR 200.303 requires that a non-federal entity must establish and maintain effective internal control over a federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statues, regulations, and the terms and conditions of the federal award. 2 CFR 200.334 requires subrecipients to retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to financial records, supporting documentation, and statistical records. Federal agencies or pass-through entities may not impose any other record retention requirements except records must be retained until all litigation, claims, or audit findings involving the records have been resolved and final action taken if any litigation, claim, or audit is started before the expiration of the three-year period. Condition: As part of our statistically valid random sample of sixty non-payroll disbursements from the District’s grant expenditures from major programs, we observed the following instances where information required to ensure that these expenditures fulfilled requirements of 2 CFR Part 200 as follows was not obtained by the District or was otherwise unavailable for our examination: Sixteen instances where there was no documentation to determine the District obtained the required information to ensure that the vendor was not suspended or debarred. One instance where there was no invoice or credit memo to support the transaction. Numerous instances where an invoice was not included in the paid invoice. These invoices were made available to us for our examination on our fourth request Context/ Perspective: This finding is based on our statistically valid random sample of sixty non-payroll cash disbursements charged to major programs of the District. Effect: Failure to follow the federal and state requirements could affect future eligibility for federal award programs or could result in a loss or misappropriation of public assets. Questioned Costs: None Recommendation: We recommend that the District implement additional internal controls as necessary to ensure that proper records are maintained to adequately document its expenditures charged to federal grant programs. Views of Responsible Officials: The Auditee’s Corrective Action Plan lists the District’s response to the findings.
Significant Deficiency Other Noncompliance Program: Assistance Listing: 10.553/10.555 – Child Nutrition Cluster Assistance Listing 84.010A - Title I Grants To Local Educational Agencies Assistance Listing: 84.027/84.027X/84.173/84.173X – Special Education Cluster (IDEA) Assistance Listing: 84.425D – Elementary and Secondary School Emergency Relief Fund (ESSER II) Assistance Listing: 84.425U – Elementary and Secondary School Emergency Relief Fund (ARP ESSER) Repeat Finding: Yes Criteria: 2 CFR 200.303 requires that a non-federal entity must establish and maintain effective internal control over a federal award that provides reasonable assurance that the non-federal entity is managing the federal award in compliance with federal statues, regulations, and the terms and conditions of the federal award. 2 CFR 200.334 requires subrecipients to retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to financial records, supporting documentation, and statistical records. Federal agencies or pass-through entities may not impose any other record retention requirements except records must be retained until all litigation, claims, or audit findings involving the records have been resolved and final action taken if any litigation, claim, or audit is started before the expiration of the three-year period. Condition: As part of our statistically valid random sample of sixty non-payroll disbursements from the District’s grant expenditures from major programs, we observed the following instances where information required to ensure that these expenditures fulfilled requirements of 2 CFR Part 200 as follows was not obtained by the District or was otherwise unavailable for our examination: Sixteen instances where there was no documentation to determine the District obtained the required information to ensure that the vendor was not suspended or debarred. One instance where there was no invoice or credit memo to support the transaction. Numerous instances where an invoice was not included in the paid invoice. These invoices were made available to us for our examination on our fourth request Context/ Perspective: This finding is based on our statistically valid random sample of sixty non-payroll cash disbursements charged to major programs of the District. Effect: Failure to follow the federal and state requirements could affect future eligibility for federal award programs or could result in a loss or misappropriation of public assets. Questioned Costs: None Recommendation: We recommend that the District implement additional internal controls as necessary to ensure that proper records are maintained to adequately document its expenditures charged to federal grant programs. Views of Responsible Officials: The Auditee’s Corrective Action Plan lists the District’s response to the findings.