Criteria: 1. In accordance with 2 CFR § 200.319(a), all procurement transactions under a Federal award must be conducted in a manner that provides full and open competition. Further, 2 CFR § 200.320(a)(1)(i) requires that, to the extent practicable, micro‑purchases be distributed equitably among qualified suppliers. 2. 2 CFR § 200.214 subjects non‑Federal entities to the non-procurement suspension and debarment regulations in 2 CFR part 180, which restrict awards, subawards, and contracts with parties that are debarred, suspended, or otherwise excluded from Federal awards. Under 2 CFR § 180.300, before entering into a covered transaction with another person or entity at the next lower tier, the non Federal entity must verify that the party is not excluded or disqualified. This verification may be completed by reviewing the SAM.gov Exclusions, obtaining a certification from the entity, or including an appropriate suspension and debarment clause or condition in the contract or agreement. Further, in accordance with 2 CFR § 200.318(i), non‑federal entities must maintain records sufficient to document the history of procurement transactions, and 2 CFR § 200.334 requires retention of all supporting documentation for Federal awards. Together, these regulations require that documentation of the suspension and debarment verification be retained to demonstrate compliance with Federal procurement and suspension and debarment requirements. Condition: 1. The Republic’s procurement regulation § 625(c)(3) permits purchases under $2,500 after obtaining one written price quotation. However, the policy does not demonstrate full and open competition to ensure that small purchases are distributed equitably among qualified suppliers. Of the 583 procurement transactions, 140 were identified as within the threshold established under § 625(c)(3). No. No. of Transactions General Ledger Account Name Amount 1 7 Boat Rentals $ 9,400 2 64 General Supplies 60,349 3 7 Advertising 1,045 4 6 Conference 11,800 5 1 All Other Purchased Serv 1,999 6 39 Vehicle Cycle Repair 7,987 7 12 Building/Space Rentals 5,830 8 4 Machinery & Equip Repair 837 Total: 140 $ 99,247 2. The Republic represents that vendors are verified in SAM.gov before entering into covered transactions; however, no documentation was retained to demonstrate that the required verification occurred. Documentation such as screenshots, printouts, approval records, or other system‑based evidence showing that the SAM.gov check was performed was not available in the procurement or vendor files. Of the 185 purchase orders issued during the year ended September 30, 2023, 19 were identified as covered transactions subject to federal suspension and debarment requirements, totaling $2,101,228, of which 12 totaling $1,919,175 were selected for testing. No. Purchase Order # Vendor Amount 1 22300843 MEDPHARM $ 93,032 2 22301907 PACIFIC SOURCE INC. LTD. 490,573 3 22301908 PACIFIC SOURCE INC. LTD. 512,382 4 22301909 PACIFIC SOURCE INC. LTD. 463,320 5 22302788 MEDPHARM 111,550 6 22300845 MD WHOLESALE 55,160 7 22301465 MD WHOLESALE 11,952 8 22302557 MD WHOLESALE 29,607 9 22302790 MEDPHARM 80,946 10 22303546 G&N CLEANING EXPRESS 16,560 11 22306254 ARC HEALTH 37,125 12 22307066 MD WHOLESALE 16,968 Total: $ 1,919,175 Auditor verification of the above vendors in SAM.gov did not identify any as suspended or debarred. However, the absence of documentation prevents the Republic from demonstrating compliance with Federal suspension and debarment requirements. Cause: The Republic’s procurement policy does not ensure full and open competition for small purchases and does not include procedures to equitably distribute micro‑purchases among qualified suppliers. Additionally, the Republic’s procurement and vendor compliance procedures do not require the retention of documentation evidencing that suspension and debarment checks were performed. Effect: The Republic is not in compliance with Federal procurement, suspension and debarment requirements. Without federally compliant procedures and supporting documentation, the extent of questioned costs cannot be determined, resulting in an undeterminable question cost. Identification as a Repeat Finding: Finding 2022-009 Recommendation: We recommend that the Republic update its procurement policies and procedures to include specific guidance to ensure full and open competition and to equitably distribute micro‑purchases among qualified suppliers. Management should ensure that documentation supporting the basis for supplier selection is consistently maintained in procurement files. Additionally, we recommend that the Republic strengthen its procurement and vendor‑approval procedures to require retention of evidence demonstrating that suspension and debarment verification was performed for each covered transaction. Acceptable documentation may include date‑stamped screenshots of the SAM.gov search, system‑generated verification logs, or signed certifications. Documentation should be consistently retained in the procurement or vendor file to support compliance with Federal requirements. Views of Responsible Officials: The Republic’s Corrective Action Plan does not indicate disagreement and provides planned corrective action.
Criteria: 1. In accordance with 2 CFR § 200.319(a), all procurement transactions under a Federal award must be conducted in a manner that provides full and open competition. Further, 2 CFR § 200.320(a)(1)(i) requires that, to the extent practicable, micro‑purchases be distributed equitably among qualified suppliers. 2. 2 CFR § 200.214 subjects non‑Federal entities to the non-procurement suspension and debarment regulations in 2 CFR part 180, which restrict awards, subawards, and contracts with parties that are debarred, suspended, or otherwise excluded from Federal awards. Under 2 CFR § 180.300, before entering into a covered transaction with another person or entity at the next lower tier, the non Federal entity must verify that the party is not excluded or disqualified. This verification may be completed by reviewing the SAM.gov Exclusions, obtaining a certification from the entity, or including an appropriate suspension and debarment clause or condition in the contract or agreement. Further, in accordance with 2 CFR § 200.318(i), non‑federal entities must maintain records sufficient to document the history of procurement transactions, and 2 CFR § 200.334 requires retention of all supporting documentation for Federal awards. Together, these regulations require that documentation of the suspension and debarment verification be retained to demonstrate compliance with Federal procurement and suspension and debarment requirements. Condition: 1. The Republic’s procurement regulation § 625(c)(3) permits small purchases under $2,500 after obtaining one written price quotation. However, the policy does not demonstrate full and open competition to ensure that micro‑purchases are distributed equitably among qualified suppliers. Of the 224 procurement transactions, 72 were identified as within the threshold established under § 625(c)(3). Condition, continued: No. No. of transactions General Ledger Account Name Amount 1 18 General Supplies $ 19,541 2 1 All Other Rentals 240 3 13 Freight 6,894 4 3 Boat Rentals 3,000 5 3 All Other Purchased Serv 1,635 6 3 Conference 6,463 7 5 Vehicle Cycle Repair 628 8 11 Advertising 4,309 9 1 Dues & Fees 700 10 3 Machinery & Equip Repair 899 11 11 Fuel & Other Pol Products 5,865 Total: 72 $ 50,174 2. The Republic represents that vendors are verified in SAM.gov before entering into covered transactions; however, no documentation was retained to demonstrate that the required verification occurred. Documentation such as screenshots, printouts, approval records, or other system‑based evidence showing that the SAM.gov check was performed was not available in the procurement or vendor files. Of the 70 purchase orders issued during the year ended September 30, 2023, 7 were identified as covered transactions subject to federal suspension and debarment requirements totaling $229,639. No. Purchase Order # Vendor Amount 1 22300343 TLAU T. RIDPATH $ 32,500 2 22301468 MD WHOLESALE 5,371 3 22302270 UNIVERSITY OF HAWAII - OFFICE OF RESEARCH SERVICES 59,738 4 22304018 JMI-EDISON 93,300 5 22304084 SOCIAL SECURITY ADMINISTRATION 7,500 6 22306331 BELAU MEDICAL CLINIC 21,870 7 22307680 DIAGNOSTIC LABORATORY SERVICES, INC 9,360 Total: $ 229,639 Condition, continued: Auditor verification of the above vendors in SAM.gov not identify any as suspended or debarred. However, the absence of documentation prevents the Republic from demonstrating compliance with Federal suspension and debarment requirements. Cause: The Republic’s procurement policy does not ensure full and open competition for small purchases due to lack of procedures to equitably distribute small purchases among qualified suppliers. Additionally, the Republic’s procurement and vendor compliance procedures do not require the retention of documentation evidencing that suspension and debarment checks were performed. Effect: The Republic is not in compliance with Federal procurement, suspension and debarment requirements. Without federally compliant procedures and supporting documentation, the extent of questioned costs cannot be determined, resulting in an undeterminable question cost. Identification as a Repeat Finding: This is not a repeat finding. Recommendation: We recommend that the Republic update its procurement policies and procedures to include specific guidance to ensure full and open competition and to equitably distribute small purchases among available qualified suppliers. Management should ensure that documentation supporting the basis for supplier selection is consistently maintained in procurement files. Additionally, we recommend that the Republic strengthen its procurement and vendor‑approval procedures to require retention of evidence demonstrating that suspension and debarment verification was performed for each covered transaction. Acceptable documentation may include date‑stamped screenshots of the SAM.gov search, system‑generated verification logs, or signed certifications. Documentation should be consistently retained in the procurement or vendor file to support compliance with Federal requirements. Views of Responsible Officials: The Republic’s Corrective Action Plan does not indicate disagreement and provides planned corrective action.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Reporting Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Social Services Block Grant ALN: 93.667 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2301TXSOSR, 2201TXSOSR and 2101TXSOSR October 1, 2022 – September 30, 2024, October 1, 2021 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass_x0002_through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. Title 42 USC 1397e requires states and territories to submit to the federal administering agency, the Office of Community Services, an annual Post Expenditure Report no later than six months following the close of the fiscal year. The report includes certain critical key line information including: 1. The number of eligible individuals who received services paid for in part or in whole with federal funds under the SSBG. 2. The amount of Social Services Block Grant funds spent in providing each service. Condition: During testing of key line items noted above in the FY2022 Annual Post Expenditure Report submitted in March 2023, we noted the following variances between the amounts reported and supporting documentation: Key Line Item 1 Children Family Planning Services – variance of 1,796 Prevention and Intervention – variance of 9,866 Protective Services – Children – variance of 13,511 Adults Age 59 Years and Younger Family Planning Services – variance of 107,476 Prevention and Intervention – variance of 19,398 Protective Services – Adults – variance of 21,973 Other Services – variance of 10,733 Adults Age 60 Years and Older Family Planning Services – variance of 4,549 Prevention and Intervention – variance of 868 Protective Services – Adults – variance of 71,969 Other Services – variance of 14,408 Adults of Unknown Age Prevention and Intervention – variance of 151 Key Line Item 2 SSBG Allocation Foster Care Services – Children – variance of ($77,124) Information & Referral – variance of $2,116 Protective Services – Adults – variance of ($59,467) Protective Services – Children – variance of ($114,243) Funds Transferred into SSBG Protective Services – Children – variance of ($6,948,063) Expenditures of All Other Federal, State, and Local Funds Family Planning Services – variance of $172,504,171 Foster Care Services – Children – variance of $674,230,152 Information & Referral – variance of $35,508,405 Protective Services – Adults – variance of $67,694,139 Protective Services – Children – variance of $1,145,408,512 Other Services – $171,788,478 Questioned costs: None. Context: See “Condition.” Cause: Current internal controls are not at the correct precision level to ensure the completeness and accuracy of the report. Additionally, HHSC did not follow current policies and procedures regarding record retention. More specifically, all variances listed for key line item 1 were due to lack of supporting documentation except for the Protective Services – Children variance of 13,511, which was the difference between amounts reported and supporting documentation provided. All variances for key line item 2 were due to lack of supporting documentation except the four amounts listed under SSBG Allocation, which are a result difference between amounts reported and supporting documentation provided. Effect: Improperly designed internal controls over reporting may result in a misstatement of amounts reported on federal reports. In addition, failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat Finding: No Recommendation: We recommend management revise its internal controls to reconcile expenditures reported on federal reports to federal expenditures in the general ledger. Additionally, HHSC should implement or revise policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Children’s Health Insurance Program ALN: 93.767 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5021, 2205TX5021, 2305TX3002, 2305TX5021 October 1, 2020 – September 30, 2022, October 1, 2021 – September 30, 2023, October 1, 2022 – September 30, 2024 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance. Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual). Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers for CHIP, which resulted in one exception for the following: A copy of the completed application was not included in the file. Enrollment of the provider was not completed within the last 5 years. Verification of the provider’s license was not included in the file. Required information on ownership and control was not disclosed. Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. A copy of the provider agreement was not included in the files. Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving CHIP funds. Repeat Finding: No Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in CHIP. Views of responsible officials: HHSC concurs with the finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Children’s Health Insurance Program ALN: 93.767 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5021, 2205TX5021, 2305TX3002, 2305TX5021 October 1, 2020 – September 30, 2022, October 1, 2021 – September 30, 2023, October 1, 2022 – September 30, 2024 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance. Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual). Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers for CHIP, which resulted in one exception for the following: A copy of the completed application was not included in the file. Enrollment of the provider was not completed within the last 5 years. Verification of the provider’s license was not included in the file. Required information on ownership and control was not disclosed. Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. A copy of the provider agreement was not included in the files. Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving CHIP funds. Repeat Finding: No Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in CHIP. Views of responsible officials: HHSC concurs with the finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Activities Allowed or Unallowed, Allowable Costs/Cost Principles Federal Agency: U.S. Department of the Treasury Federal Program Title: Coronavirus State and Local Fiscal Recovery Funds ALN: 21.027 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: SLT – 8809: Project Name: HHSC Section 33; HHSC Section 12: Rural Hospitals, HHSC Section 22: Sunrise Canyon Hospital November 8, 2021 – December 31, 2026 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In the 2021 Texas Senate Bill 8, HHSC was appropriated money in various sections of the bill received by Texas from the Coronavirus State Fiscal Recovery Fund for the following purposes related to costs incurred during the period beginning October 8, 2021, and ending November 8, 2023, due to the coronavirus pandemic: Section 11(a) – funding for the construction of a state hospital in Dallas, Texas. Section 12 – funding for grants to support rural hospitals that have been affected by the COVID-19 pandemic. Section 13 – funding for the creation of a consolidated internet portal for Medicaid and the Children’s Health Insurance Program medical services provider data. Section 14 – funding for technology updates to the Medicaid eligibility computer system. Section 15 – funding for COVID-19 related expenses incurred by the Texas Civil Commitment Office related to consumable supplies and travel. Section 22 – funding for the expansion of capacity of Sunrise Canyon Hospital. Section 33 – funding to administer one-time grants related to providing critical staffing needs resulting from frontline healthcare workers affected by COVID-19, including recruitment and retention bonuses for staff. Condition: Audit procedures included a selection of 60 sampled expenditures totaling $143,092,786 incurred during the fiscal year to test allowability with the grant awards. We noted that for 48 out of the 60 samples totaling $9,600,062, the agency did not obtain supporting documentation from the vendor to verify that the amounts advanced to the vendor were expended on allowable costs. We were unable to substantiate the amounts expended by the vendor and allowability of those expenditures in accordance with the relevant Senate Bill 8 section and the Department of the Treasury Final Rule. Questioned costs: $9,600,062. Context: See “Condition.” Cause: HHSC is not fully monitoring the use of program funds through collection, review, and maintenance of invoices supporting the expenditures. Effect: Failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat finding: No Recommendation: HHSC should implement policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Reporting Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Social Services Block Grant ALN: 93.667 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2301TXSOSR, 2201TXSOSR and 2101TXSOSR October 1, 2022 – September 30, 2024, October 1, 2021 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance Criteria or specific requirement: Per 2 CFR 200.303(a), a non-Federal entity must: Establish and maintain effective internal control over the Federal award that provides reasonable assurance that it is managing the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award. These internal controls should be in compliance with guidance in the “Internal Control Integrated Framework” issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass_x0002_through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. Title 42 USC 1397e requires states and territories to submit to the federal administering agency, the Office of Community Services, an annual Post Expenditure Report no later than six months following the close of the fiscal year. The report includes certain critical key line information including: 1. The number of eligible individuals who received services paid for in part or in whole with federal funds under the SSBG. 2. The amount of Social Services Block Grant funds spent in providing each service. Condition: During testing of key line items noted above in the FY2022 Annual Post Expenditure Report submitted in March 2023, we noted the following variances between the amounts reported and supporting documentation: Key Line Item 1 Children Family Planning Services – variance of 1,796 Prevention and Intervention – variance of 9,866 Protective Services – Children – variance of 13,511 Adults Age 59 Years and Younger Family Planning Services – variance of 107,476 Prevention and Intervention – variance of 19,398 Protective Services – Adults – variance of 21,973 Other Services – variance of 10,733 Adults Age 60 Years and Older Family Planning Services – variance of 4,549 Prevention and Intervention – variance of 868 Protective Services – Adults – variance of 71,969 Other Services – variance of 14,408 Adults of Unknown Age Prevention and Intervention – variance of 151 Key Line Item 2 SSBG Allocation Foster Care Services – Children – variance of ($77,124) Information & Referral – variance of $2,116 Protective Services – Adults – variance of ($59,467) Protective Services – Children – variance of ($114,243) Funds Transferred into SSBG Protective Services – Children – variance of ($6,948,063) Expenditures of All Other Federal, State, and Local Funds Family Planning Services – variance of $172,504,171 Foster Care Services – Children – variance of $674,230,152 Information & Referral – variance of $35,508,405 Protective Services – Adults – variance of $67,694,139 Protective Services – Children – variance of $1,145,408,512 Other Services – $171,788,478 Questioned costs: None. Context: See “Condition.” Cause: Current internal controls are not at the correct precision level to ensure the completeness and accuracy of the report. Additionally, HHSC did not follow current policies and procedures regarding record retention. More specifically, all variances listed for key line item 1 were due to lack of supporting documentation except for the Protective Services – Children variance of 13,511, which was the difference between amounts reported and supporting documentation provided. All variances for key line item 2 were due to lack of supporting documentation except the four amounts listed under SSBG Allocation, which are a result difference between amounts reported and supporting documentation provided. Effect: Improperly designed internal controls over reporting may result in a misstatement of amounts reported on federal reports. In addition, failure to maintain adequate documentation pertinent to a federal award may result in noncompliance with grant terms and conditions. Repeat Finding: No Recommendation: We recommend management revise its internal controls to reconcile expenditures reported on federal reports to federal expenditures in the general ledger. Additionally, HHSC should implement or revise policies and procedures to ensure documentation is maintained for a period of at least three years from the date of submission of the final expenditure report for the grant in accordance with 2 CFR 200.334. Views of responsible officials: HHSC concurs with the finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Children’s Health Insurance Program ALN: 93.767 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5021, 2205TX5021, 2305TX3002, 2305TX5021 October 1, 2020 – September 30, 2022, October 1, 2021 – September 30, 2023, October 1, 2022 – September 30, 2024 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance. Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual). Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers for CHIP, which resulted in one exception for the following: A copy of the completed application was not included in the file. Enrollment of the provider was not completed within the last 5 years. Verification of the provider’s license was not included in the file. Required information on ownership and control was not disclosed. Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. A copy of the provider agreement was not included in the files. Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving CHIP funds. Repeat Finding: No Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in CHIP. Views of responsible officials: HHSC concurs with the finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Children’s Health Insurance Program ALN: 93.767 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5021, 2205TX5021, 2305TX3002, 2305TX5021 October 1, 2020 – September 30, 2022, October 1, 2021 – September 30, 2023, October 1, 2022 – September 30, 2024 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Significant Deficiency in Internal Control over Compliance and Noncompliance. Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual). Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers for CHIP, which resulted in one exception for the following: A copy of the completed application was not included in the file. Enrollment of the provider was not completed within the last 5 years. Verification of the provider’s license was not included in the file. Required information on ownership and control was not disclosed. Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. A copy of the provider agreement was not included in the files. Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving CHIP funds. Repeat Finding: No Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in CHIP. Views of responsible officials: HHSC concurs with the finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
Special Tests and Provisions – Provider Eligibility – Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: Medicaid Cluster 2205TX5ADM, 2205TX5MAP, 2205TXIMPL; 2305TX5ADM, 2305TX5MAP, 2305TXIMPL October 1, 2021 – September 30, 2022, October 1, 2022 – September 30, 2023 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, a non-Federal entity must: Establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: § 455.104 – HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. Date of birth and Social Security Number (in the case of an individual) Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). § 455.105 – HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. § 455.106 – Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. § 455.410 – HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. § 455.412 – HHSC must: Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State. Confirm that the provider's license has not expired and that there are no current limitations on the provider's license. § 455.414 – HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. § 455.432 – HHSC must: Conduct pre-enrollment and post-enrollment site visits of providers who are designated as “moderate” or “high” categorical risks to the Medicaid program. Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. § 455.434 – HHSC must: Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider. Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. o Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a “high” risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. § 455.436 – HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. § 455.434 – HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of “limited,” “moderate,” or “high.” If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 60 providers each for Medicaid, which resulted in the following (sampled exceptions noted in parentheses): A copy of the completed application was not included in the file. (9 providers) Enrollment of the provider was not completed within the last 5 years. (7 providers) Verification of the provider’s license was not included in the file. (7 providers) Required information on ownership and control was not disclosed. (11 providers) Supporting documentation was not included in the file indicating the provider consented to a criminal background check. (9 providers) Supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. (12 providers) Supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. (13 providers) A copy of the provider agreement was not included in the files. (13 providers) Supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. (13 providers) Supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. (9 providers) Questioned costs: None. Context: See “Condition.” Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat finding: 2022-014, 2021-008 Recommendation: HHSC should implement controls to ensure: Documentation is maintained for at least the length of the providers’ current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. Provider licenses are verified during enrollment. Providers are re-enrolled at least once every five years. Provider agreements are obtained, and the proper disclosures are made. Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: HHSC concurs with this repeat finding.
FINDING 2023-001 DOCUMENT RETENTION SIGNIFICANT DEFICIENCY Federal Program: Title I, Part A Assistance Listing Number: 84.010 Condition The Indiana Department of Education uses data on the poverty levels of students in determining funding amounts for the program. We selected a sample of forty students from the Real Time Data report used in making funding assessments for the year under audit. The School was unable to provide documentation to support the poverty levels of ten of those students. Criteria Per 7 CFR 200.334, “Financial records, supporting documents, statistical records, and all other non- Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient.” Cause The School did not maintain poverty level documentation for all students reported. Effect We were unable to determine if the poverty levels of all students were properly reported. Funding amounts could have been incorrectly determined. Recommendation We recommend the School develop internal controls requiring the maintenance of student poverty level documentation. Views of Responsible Officials The School’s Corrective Action Plan is included on page 24.
FINDING 2023-001 DOCUMENT RETENTION SIGNIFICANT DEFICIENCY Federal Program: Title I, Part A Assistance Listing Number: 84.010 Condition The Indiana Department of Education uses data on the poverty levels of students in determining funding amounts for the program. We selected a sample of forty students from the Real Time Data report used in making funding assessments for the year under audit. The School was unable to provide documentation to support the poverty levels of ten of those students. Criteria Per 7 CFR 200.334, “Financial records, supporting documents, statistical records, and all other non- Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient.” Cause The School did not maintain poverty level documentation for all students reported. Effect We were unable to determine if the poverty levels of all students were properly reported. Funding amounts could have been incorrectly determined. Recommendation We recommend the School develop internal controls requiring the maintenance of student poverty level documentation. Views of Responsible Officials The School’s Corrective Action Plan is included on page 24.
Assistance Listing Number(s): 10.553 and 10.555 Name of Federal Program or Cluster: Child Nutrition Cluster Name of Federal Agency: Department of Agriculture Name of Pass-through Entity: Wisconsin Department of Public Instruction Pass-through Entity Identifying Number(s): 2023-138142-DPI-SB-546, 2023-138005-DPI-SB-546, 2023-138005-DPI-NSL-547, and 2023-138005-DPI-SK_NSLAE-566 Award Period: July 1, 2022 through June 30, 2023 Criteria: According to 2 CFR, Part 200.334 of the Uniform Guidance, supporting documentation pertinent to a federal award must be retained for a period of three years from the date of submission of the expenditure. According to 2 CFR, Part 200.302(3) of the Uniform Guidance, records must be supported by source documentation. Condition: Supporting documentation for claims were not retained. Cause: Internal controls for funding claims have not been designed appropriately. Currently, there are no internal controls to ensure support for claims are retained in accordance with federal requirements. Questioned Costs: $344,674 Effect or Potential Effect: Incomplete or inaccurate information could be reported on funding claims. Context: A sample of 8 claims reports were selected from a population of 39. The testing found that supporting documentation for claims was not retained for any of the claims in the sample. Repeat Finding: No Recommendation: One City Schools, Inc. should design and implement appropriate internal controls for retaining support for claims in accordance with federal requirements. Views of Responsible Officials: One City Schools, Inc. agrees with the finding and are working on implementing internal controls for maintaining supporting documentation.
Assistance Listing Number(s): 10.553 and 10.555 Name of Federal Program or Cluster: Child Nutrition Cluster Name of Federal Agency: Department of Agriculture Name of Pass-through Entity: Wisconsin Department of Public Instruction Pass-through Entity Identifying Number(s): 2023-138142-DPI-SB-546, 2023-138005-DPI-SB-546, 2023-138005-DPI-NSL-547, and 2023-138005-DPI-SK_NSLAE-566 Award Period: July 1, 2022 through June 30, 2023 Criteria: According to 2 CFR, Part 200.334 of the Uniform Guidance, supporting documentation pertinent to a federal award must be retained for a period of three years from the date of submission of the expenditure. According to 2 CFR, Part 200.302(3) of the Uniform Guidance, records must be supported by source documentation. Condition: Supporting documentation for claims were not retained. Cause: Internal controls for funding claims have not been designed appropriately. Currently, there are no internal controls to ensure support for claims are retained in accordance with federal requirements. Questioned Costs: $344,674 Effect or Potential Effect: Incomplete or inaccurate information could be reported on funding claims. Context: A sample of 8 claims reports were selected from a population of 39. The testing found that supporting documentation for claims was not retained for any of the claims in the sample. Repeat Finding: No Recommendation: One City Schools, Inc. should design and implement appropriate internal controls for retaining support for claims in accordance with federal requirements. Views of Responsible Officials: One City Schools, Inc. agrees with the finding and are working on implementing internal controls for maintaining supporting documentation.
Assistance Listing Number(s): 10.553 and 10.555 Name of Federal Program or Cluster: Child Nutrition Cluster Name of Federal Agency: Department of Agriculture Name of Pass-through Entity: Wisconsin Department of Public Instruction Pass-through Entity Identifying Number(s): 2023-138142-DPI-SB-546, 2023-138005-DPI-SB-546, 2023-138005-DPI-NSL-547, and 2023-138005-DPI-SK_NSLAE-566 Award Period: July 1, 2022 through June 30, 2023 Criteria: According to 2 CFR, Part 200.334 of the Uniform Guidance, supporting documentation pertinent to a federal award must be retained for a period of three years from the date of submission of the expenditure. According to 2 CFR, Part 200.302(3) of the Uniform Guidance, records must be supported by source documentation. Condition: Supporting documentation for claims were not retained. Cause: Internal controls for funding claims have not been designed appropriately. Currently, there are no internal controls to ensure support for claims are retained in accordance with federal requirements. Questioned Costs: $344,674 Effect or Potential Effect: Incomplete or inaccurate information could be reported on funding claims. Context: A sample of 8 claims reports were selected from a population of 39. The testing found that supporting documentation for claims was not retained for any of the claims in the sample. Repeat Finding: No Recommendation: One City Schools, Inc. should design and implement appropriate internal controls for retaining support for claims in accordance with federal requirements. Views of Responsible Officials: One City Schools, Inc. agrees with the finding and are working on implementing internal controls for maintaining supporting documentation.
Assistance Listing Number(s): 10.553 and 10.555 Name of Federal Program or Cluster: Child Nutrition Cluster Name of Federal Agency: Department of Agriculture Name of Pass-through Entity: Wisconsin Department of Public Instruction Pass-through Entity Identifying Number(s): 2023-138142-DPI-SB-546, 2023-138005-DPI-SB-546, 2023-138005-DPI-NSL-547, and 2023-138005-DPI-SK_NSLAE-566 Award Period: July 1, 2022 through June 30, 2023 Criteria: According to 2 CFR, Part 200.334 of the Uniform Guidance, supporting documentation pertinent to a federal award must be retained for a period of three years from the date of submission of the expenditure. According to 2 CFR, Part 200.302(3) of the Uniform Guidance, records must be supported by source documentation. Condition: Supporting documentation for claims were not retained. Cause: Internal controls for funding claims have not been designed appropriately. Currently, there are no internal controls to ensure support for claims are retained in accordance with federal requirements. Questioned Costs: $344,674 Effect or Potential Effect: Incomplete or inaccurate information could be reported on funding claims. Context: A sample of 8 claims reports were selected from a population of 39. The testing found that supporting documentation for claims was not retained for any of the claims in the sample. Repeat Finding: No Recommendation: One City Schools, Inc. should design and implement appropriate internal controls for retaining support for claims in accordance with federal requirements. Views of Responsible Officials: One City Schools, Inc. agrees with the finding and are working on implementing internal controls for maintaining supporting documentation.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425D Federal Award Numbers and Years (or Other Identifying Numbers): S425D200013, S425D210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance. The School Corporation was required to submit annual data reports to the Indiana Department of Education via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period the School Corporation submitted two ESSER I reports, two ESSER II reports, and two ESSER III reports, for a total of six reports. The annual data reports were complied, prepared, and submitted by the Assistant Superintendent of Schools without an oversight or review process in place to prevent, or detect and correct, errors. Furthermore, the reported data on two of the reports, as noted below, could not be traced back to records that accumulate or summarize the data; therefore, the accuracy and completeness of the reports could not be verified. ESSER I, Year 3 Report The key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Salaries," was not able to be verified to the School Corporation's records. Additionally, the key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Benefits," was understated by $16. ESSER II, Year 2 Report The key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Salaries," was understated by $288,199. The lack of internal controls and noncompliance were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 17 MILL CREEK COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following: . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, some data could not be traced back to the underlying records. INDIANA STATE BOARD OF ACCOUNTS 18 MILL CREEK COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure all reports submitted on behalf of the COVID-19 - Education Stabilization Fund program funds are accurate and complete. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425D Federal Award Numbers and Years (or Other Identifying Numbers): S425D200013, S425D210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance. The School Corporation was required to submit annual data reports to the Indiana Department of Education via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period the School Corporation submitted two ESSER I reports, two ESSER II reports, and two ESSER III reports, for a total of six reports. The annual data reports were complied, prepared, and submitted by the Assistant Superintendent of Schools without an oversight or review process in place to prevent, or detect and correct, errors. Furthermore, the reported data on two of the reports, as noted below, could not be traced back to records that accumulate or summarize the data; therefore, the accuracy and completeness of the reports could not be verified. ESSER I, Year 3 Report The key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Salaries," was not able to be verified to the School Corporation's records. Additionally, the key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Benefits," was understated by $16. ESSER II, Year 2 Report The key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Salaries," was understated by $288,199. The lack of internal controls and noncompliance were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 17 MILL CREEK COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following: . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, some data could not be traced back to the underlying records. INDIANA STATE BOARD OF ACCOUNTS 18 MILL CREEK COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure all reports submitted on behalf of the COVID-19 - Education Stabilization Fund program funds are accurate and complete. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425D Federal Award Numbers and Years (or Other Identifying Numbers): S425D200013, S425D210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance. The School Corporation was required to submit annual data reports to the Indiana Department of Education via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period the School Corporation submitted two ESSER I reports, two ESSER II reports, and two ESSER III reports, for a total of six reports. The annual data reports were complied, prepared, and submitted by the Assistant Superintendent of Schools without an oversight or review process in place to prevent, or detect and correct, errors. Furthermore, the reported data on two of the reports, as noted below, could not be traced back to records that accumulate or summarize the data; therefore, the accuracy and completeness of the reports could not be verified. ESSER I, Year 3 Report The key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Salaries," was not able to be verified to the School Corporation's records. Additionally, the key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Benefits," was understated by $16. ESSER II, Year 2 Report The key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Salaries," was understated by $288,199. The lack of internal controls and noncompliance were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 17 MILL CREEK COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following: . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, some data could not be traced back to the underlying records. INDIANA STATE BOARD OF ACCOUNTS 18 MILL CREEK COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure all reports submitted on behalf of the COVID-19 - Education Stabilization Fund program funds are accurate and complete. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425D Federal Award Numbers and Years (or Other Identifying Numbers): S425D200013, S425D210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance. The School Corporation was required to submit annual data reports to the Indiana Department of Education via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period the School Corporation submitted two ESSER I reports, two ESSER II reports, and two ESSER III reports, for a total of six reports. The annual data reports were complied, prepared, and submitted by the Assistant Superintendent of Schools without an oversight or review process in place to prevent, or detect and correct, errors. Furthermore, the reported data on two of the reports, as noted below, could not be traced back to records that accumulate or summarize the data; therefore, the accuracy and completeness of the reports could not be verified. ESSER I, Year 3 Report The key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Salaries," was not able to be verified to the School Corporation's records. Additionally, the key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Benefits," was understated by $16. ESSER II, Year 2 Report The key line item, "Meeting Students' Academic, Social, Emotional, and Other Needs (Excluding Mental Health Supports) Uses - Personnel Services - Salaries," was understated by $288,199. The lack of internal controls and noncompliance were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 17 MILL CREEK COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following: . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." 34 CFR 76.731 states: "A State and a subgrantee shall keep records to show its compliance with program requirements." Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, some data could not be traced back to the underlying records. INDIANA STATE BOARD OF ACCOUNTS 18 MILL CREEK COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure all reports submitted on behalf of the COVID-19 - Education Stabilization Fund program funds are accurate and complete. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2023-001 Subject: COVID-19 - Education Stabilization Fund - Allowable Costs/Cost Principles Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425U Federal Award Number and Year (or Other Identifying Number): S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Allowable Costs/Cost Principles Audit Findings: Material Weakness, Other Matters INDIANA STATE BOARD OF ACCOUNTS 15 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Condition and Context The COVID-19 - Education Stabilization Fund established by the Coronavirus Aid, Relief, and Economic Security Act, and further funded by the Coronavirus Response and Relief Supplemental Appropriations Act and the American Rescue Plan Act, was for the purpose of preventing, preparing for, or responding to the novel coronavirus. A sample of 25 claims charged to the program was selected for testing to verify the expenditures were in conformance with the applicable cost principles. Of the 25 claims tested, 6 claims totaling $1,650, each of which paid an individual for work as a contracted security guard, were identified as not being in conformance with the applicable cost principles. Payment to the security guards was made based on an accounts payable voucher signed by the contractor; however, there was not an invoice, time sheet, or other supporting documentation that accompanied the accounts payable voucher. The ineffective internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." INDIANA STATE BOARD OF ACCOUNTS 16 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, documentation could not be provided to support amounts charged to the grant. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure time charged to the grant is properly supported, recorded, and approved.
FINDING 2023-001 Subject: COVID-19 - Education Stabilization Fund - Allowable Costs/Cost Principles Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Number: 84.425U Federal Award Number and Year (or Other Identifying Number): S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Allowable Costs/Cost Principles Audit Findings: Material Weakness, Other Matters INDIANA STATE BOARD OF ACCOUNTS 15 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Condition and Context The COVID-19 - Education Stabilization Fund established by the Coronavirus Aid, Relief, and Economic Security Act, and further funded by the Coronavirus Response and Relief Supplemental Appropriations Act and the American Rescue Plan Act, was for the purpose of preventing, preparing for, or responding to the novel coronavirus. A sample of 25 claims charged to the program was selected for testing to verify the expenditures were in conformance with the applicable cost principles. Of the 25 claims tested, 6 claims totaling $1,650, each of which paid an individual for work as a contracted security guard, were identified as not being in conformance with the applicable cost principles. Payment to the security guards was made based on an accounts payable voucher signed by the contractor; however, there was not an invoice, time sheet, or other supporting documentation that accompanied the accounts payable voucher. The ineffective internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." INDIANA STATE BOARD OF ACCOUNTS 16 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, documentation could not be provided to support amounts charged to the grant. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure time charged to the grant is properly supported, recorded, and approved.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Numbers: 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425D200013, S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Maters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance. The School Corporation was required to submit an annual data report to the Indiana Department of Education via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period, the School Corporation submitted two ESSER I reports, two ESSER II reports, and two ESSER III reports, for a total of six reports; however, a single employee prepared and submitted the reports without evidence of a review, or oversight process in place to prevent, or detect and correct, errors. INDIANA STATE BOARD OF ACCOUNTS 17 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Additionally, for the ESSER I, Year 2 report, the "Total Mandatory Subgrant Amount Expended in Current Reporting Period" was not supported by the School Corporation's records. Actual expenditures from a report provided by the School Corporation did not tie to the amount submitted for the Annual Performance Reporting. The key line item was determined to be overstated by $80,342. The lack of internal controls was a systemic issue throughout the audit period. The noncompliance was isolated to the ESSER I, Year 2 report. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . . (3) Records that identify adequately the source and application of funds for federallyfunded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." INDIANA STATE BOARD OF ACCOUNTS 18 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, the amounts reported were not supported by the School Corporation's records. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure supporting documentation is used and retained for all required reports submitted on behalf of the COVID-19 - Education Stabilization Fund program. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Numbers: 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425D200013, S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Maters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance. The School Corporation was required to submit an annual data report to the Indiana Department of Education via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period, the School Corporation submitted two ESSER I reports, two ESSER II reports, and two ESSER III reports, for a total of six reports; however, a single employee prepared and submitted the reports without evidence of a review, or oversight process in place to prevent, or detect and correct, errors. INDIANA STATE BOARD OF ACCOUNTS 17 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Additionally, for the ESSER I, Year 2 report, the "Total Mandatory Subgrant Amount Expended in Current Reporting Period" was not supported by the School Corporation's records. Actual expenditures from a report provided by the School Corporation did not tie to the amount submitted for the Annual Performance Reporting. The key line item was determined to be overstated by $80,342. The lack of internal controls was a systemic issue throughout the audit period. The noncompliance was isolated to the ESSER I, Year 2 report. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . . (3) Records that identify adequately the source and application of funds for federallyfunded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." INDIANA STATE BOARD OF ACCOUNTS 18 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, the amounts reported were not supported by the School Corporation's records. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure supporting documentation is used and retained for all required reports submitted on behalf of the COVID-19 - Education Stabilization Fund program. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Numbers: 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425D200013, S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Maters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance. The School Corporation was required to submit an annual data report to the Indiana Department of Education via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period, the School Corporation submitted two ESSER I reports, two ESSER II reports, and two ESSER III reports, for a total of six reports; however, a single employee prepared and submitted the reports without evidence of a review, or oversight process in place to prevent, or detect and correct, errors. INDIANA STATE BOARD OF ACCOUNTS 17 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Additionally, for the ESSER I, Year 2 report, the "Total Mandatory Subgrant Amount Expended in Current Reporting Period" was not supported by the School Corporation's records. Actual expenditures from a report provided by the School Corporation did not tie to the amount submitted for the Annual Performance Reporting. The key line item was determined to be overstated by $80,342. The lack of internal controls was a systemic issue throughout the audit period. The noncompliance was isolated to the ESSER I, Year 2 report. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . . (3) Records that identify adequately the source and application of funds for federallyfunded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." INDIANA STATE BOARD OF ACCOUNTS 18 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, the amounts reported were not supported by the School Corporation's records. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure supporting documentation is used and retained for all required reports submitted on behalf of the COVID-19 - Education Stabilization Fund program. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2023-002 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Numbers: 84.425D, 84.425U Federal Award Numbers and Years (or Other Identifying Numbers): S425D200013, S425D210013, S425U210013 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Maters Condition and Context The School Corporation had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties, that would likely be effective in preventing, or detecting and correcting, noncompliance. The School Corporation was required to submit an annual data report to the Indiana Department of Education via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period, the School Corporation submitted two ESSER I reports, two ESSER II reports, and two ESSER III reports, for a total of six reports; however, a single employee prepared and submitted the reports without evidence of a review, or oversight process in place to prevent, or detect and correct, errors. INDIANA STATE BOARD OF ACCOUNTS 17 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Additionally, for the ESSER I, Year 2 report, the "Total Mandatory Subgrant Amount Expended in Current Reporting Period" was not supported by the School Corporation's records. Actual expenditures from a report provided by the School Corporation did not tie to the amount submitted for the Annual Performance Reporting. The key line item was determined to be overstated by $80,342. The lack of internal controls was a systemic issue throughout the audit period. The noncompliance was isolated to the ESSER I, Year 2 report. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . . (3) Records that identify adequately the source and application of funds for federallyfunded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." INDIANA STATE BOARD OF ACCOUNTS 18 METROPOLITAN SCHOOL DISTRICT OF MARTINSVILLE SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Cause A proper system of internal controls was not designed by management of the School Corporation. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the School Corporation's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, the amounts reported were not supported by the School Corporation's records. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the School Corporation. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish a proper system of internal controls and develop policies and procedures to ensure supporting documentation is used and retained for all required reports submitted on behalf of the COVID-19 - Education Stabilization Fund program. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.