FINDING NO: 2023-059 (Partial Repeat 2022-049) STATE AGENCY: Oklahoma State Department of Education (OSDE) FEDERAL AGENCY: United States Department of Education (USDE) ALN: 84.425 – 84.425D, 84.425U; 84.425R FEDERAL PROGRAM NAME: Education Stabilization Fund (ESF) - Elementary and Secondary Schools Emergency Relief Fund (ESSER II); American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund (ARP ESSER III); Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance To Non-Public Schools (CRRSA EANS) FEDERAL AWARD NUMBER: S425D210024; S425U210024 FEDERAL AWARD YEAR: 2023 CONTROL CATEGORY: Reporting QUESTIONED COSTS: $0 Criteria: 2 CFR § 200.303(a) – Internal Controls states in part, “The Non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.” 2 CFR § 200.334 Record retention requirements states in part, “The recipient and subrecipient must retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to, financial records, supporting documentation, and statistical records. Federal agencies or pass-through entities may not impose any other record retention requirements except for the following: (a) The records must be retained until all litigation, claims, or audit findings involving the records have been resolved and final action taken if any litigation, claim, or audit is started before the expiration of the three-year period.” United States Department of Education website ESSER Annual Reporting states in part, “All grantees are required to report on ESSER funds received under the Coronavirus Aid, Relief, and Economic Security (CARES) Act; the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Act; and the American Rescue Plan (ARP) Act. Grantees must submit an annual report describing how the State and subrecipients used the awarded funds during the performance period. Similar to CARES Act Year 1 annual reporting, grantees will use the Annual Report Data Collection Tool to submit the State report.” Condition and Context: We were unable to verify compliance with several key line items on the ESSER I, ESSER II, ARP ESSER III, and CRRSA EANS SFY 22 Annual Reports submitted during the audit period due to a lack of supporting documentation (i.e., supporting data and questionnaires sent to LEAs/nonpublic schools to collect the FTE, Student Participation data, and expenditures by category and object code). These key line items include the following: • Line 3.b1 LEA expenditures by category, and object code for ESSER I, ESSER II and ARP ESSER III • Line 3.b10 Number of specific positions supported with ESSER Funds • Line 5.a Full Time Equivalent positions for ESSER I, ESSER II and ARP ESSER III • SEA obligations (including reimbursements) by allowable activity for CRRSA EANS • Other information for Non-public schools receiving services or assistance under CRRSA EANS While documenting controls over the Annual Report we noted one LEA with a subaward/allocation of $16,832,303.63 and re-allocation of $28,177.30 and SFY 22 current expenditures of $5,509,241.03 was not included on the ARP ESSER III Annual Report. While reviewing a sample of 62 of 1,275 LEA subaward allocations and total expenditures reported on the ESSER Annual Reports, we noted the following: • For 25 of 62 (40.32%) subawards tested, the SFY 22 allocations reported on the LEA’s Grant Management System (GMS) application was less than the amount reported on the ESSER II Annual Report, totaling $12,707.62. In addition, OSDE did not provide the supporting documentation for ESSER II re-allocations. Therefore, we were unable to verify whether the total allocation for these LEAs were reported correctly in the ESSER II Annual Report. • For three of 62 (4.84%) subawards tested, the SFY 22 current expenditures reported on the LEA’s GMS Closeout Report or Summary Expenditures reports were less than the amount reported on the ARP ESSER III Annual Report. OSDE was unable to provide support for the variances totaling $218,392.41. Cause: Due to staff turnover and inadequate record retention policies and procedures, OSDE was unable to locate and/or provide all the supporting documentation used by previous staff members to prepare the reports. Effect: The amount reported for the total ARP ESSER III subaward was understated by $16,860,480.93, and the amount reported for the total ARP ESSER III current year expenditures was understated by $5,290,848.62 Information being reported on the USDOE website is not accurate and/or complete. Data previously reported cannot be verified by current staff or other entities required to perform audits or reviews. Recommendation: We recommend OSDE develop and implement appropriate record retention policies and procedures to ensure records are maintained, especially during staff turnovers. We recommend OSDE develop and implement policies and procedures to ensure personnel have an adequate understanding of the requirements for the Annual Report and to ensure the amounts reported are correct. Views of Responsible Official(s) Contact Person: Tammy Smith, Senior Director of Federal Programs | Office of Title Services Anticipated Completion Date: March 2024 Corrective Action Planned: The Oklahoma State Department of Education agrees with the finding. See corrective action plan located in the corrective action plan section of this report.
FINDING NO: 2023-059 (Partial Repeat 2022-049) STATE AGENCY: Oklahoma State Department of Education (OSDE) FEDERAL AGENCY: United States Department of Education (USDE) ALN: 84.425 – 84.425D, 84.425U; 84.425R FEDERAL PROGRAM NAME: Education Stabilization Fund (ESF) - Elementary and Secondary Schools Emergency Relief Fund (ESSER II); American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund (ARP ESSER III); Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance To Non-Public Schools (CRRSA EANS) FEDERAL AWARD NUMBER: S425D210024; S425U210024 FEDERAL AWARD YEAR: 2023 CONTROL CATEGORY: Reporting QUESTIONED COSTS: $0 Criteria: 2 CFR § 200.303(a) – Internal Controls states in part, “The Non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.” 2 CFR § 200.334 Record retention requirements states in part, “The recipient and subrecipient must retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to, financial records, supporting documentation, and statistical records. Federal agencies or pass-through entities may not impose any other record retention requirements except for the following: (a) The records must be retained until all litigation, claims, or audit findings involving the records have been resolved and final action taken if any litigation, claim, or audit is started before the expiration of the three-year period.” United States Department of Education website ESSER Annual Reporting states in part, “All grantees are required to report on ESSER funds received under the Coronavirus Aid, Relief, and Economic Security (CARES) Act; the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Act; and the American Rescue Plan (ARP) Act. Grantees must submit an annual report describing how the State and subrecipients used the awarded funds during the performance period. Similar to CARES Act Year 1 annual reporting, grantees will use the Annual Report Data Collection Tool to submit the State report.” Condition and Context: We were unable to verify compliance with several key line items on the ESSER I, ESSER II, ARP ESSER III, and CRRSA EANS SFY 22 Annual Reports submitted during the audit period due to a lack of supporting documentation (i.e., supporting data and questionnaires sent to LEAs/nonpublic schools to collect the FTE, Student Participation data, and expenditures by category and object code). These key line items include the following: • Line 3.b1 LEA expenditures by category, and object code for ESSER I, ESSER II and ARP ESSER III • Line 3.b10 Number of specific positions supported with ESSER Funds • Line 5.a Full Time Equivalent positions for ESSER I, ESSER II and ARP ESSER III • SEA obligations (including reimbursements) by allowable activity for CRRSA EANS • Other information for Non-public schools receiving services or assistance under CRRSA EANS While documenting controls over the Annual Report we noted one LEA with a subaward/allocation of $16,832,303.63 and re-allocation of $28,177.30 and SFY 22 current expenditures of $5,509,241.03 was not included on the ARP ESSER III Annual Report. While reviewing a sample of 62 of 1,275 LEA subaward allocations and total expenditures reported on the ESSER Annual Reports, we noted the following: • For 25 of 62 (40.32%) subawards tested, the SFY 22 allocations reported on the LEA’s Grant Management System (GMS) application was less than the amount reported on the ESSER II Annual Report, totaling $12,707.62. In addition, OSDE did not provide the supporting documentation for ESSER II re-allocations. Therefore, we were unable to verify whether the total allocation for these LEAs were reported correctly in the ESSER II Annual Report. • For three of 62 (4.84%) subawards tested, the SFY 22 current expenditures reported on the LEA’s GMS Closeout Report or Summary Expenditures reports were less than the amount reported on the ARP ESSER III Annual Report. OSDE was unable to provide support for the variances totaling $218,392.41. Cause: Due to staff turnover and inadequate record retention policies and procedures, OSDE was unable to locate and/or provide all the supporting documentation used by previous staff members to prepare the reports. Effect: The amount reported for the total ARP ESSER III subaward was understated by $16,860,480.93, and the amount reported for the total ARP ESSER III current year expenditures was understated by $5,290,848.62 Information being reported on the USDOE website is not accurate and/or complete. Data previously reported cannot be verified by current staff or other entities required to perform audits or reviews. Recommendation: We recommend OSDE develop and implement appropriate record retention policies and procedures to ensure records are maintained, especially during staff turnovers. We recommend OSDE develop and implement policies and procedures to ensure personnel have an adequate understanding of the requirements for the Annual Report and to ensure the amounts reported are correct. Views of Responsible Official(s) Contact Person: Tammy Smith, Senior Director of Federal Programs | Office of Title Services Anticipated Completion Date: March 2024 Corrective Action Planned: The Oklahoma State Department of Education agrees with the finding. See corrective action plan located in the corrective action plan section of this report.
FINDING NO: 2023-059 (Partial Repeat 2022-049) STATE AGENCY: Oklahoma State Department of Education (OSDE) FEDERAL AGENCY: United States Department of Education (USDE) ALN: 84.425 – 84.425D, 84.425U; 84.425R FEDERAL PROGRAM NAME: Education Stabilization Fund (ESF) - Elementary and Secondary Schools Emergency Relief Fund (ESSER II); American Rescue Plan – Elementary and Secondary Schools Emergency Relief Fund (ARP ESSER III); Coronavirus Response and Relief Supplemental Appropriations Act, 2021 – Emergency Assistance To Non-Public Schools (CRRSA EANS) FEDERAL AWARD NUMBER: S425D210024; S425U210024 FEDERAL AWARD YEAR: 2023 CONTROL CATEGORY: Reporting QUESTIONED COSTS: $0 Criteria: 2 CFR § 200.303(a) – Internal Controls states in part, “The Non-Federal entity must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award.” 2 CFR § 200.334 Record retention requirements states in part, “The recipient and subrecipient must retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to, financial records, supporting documentation, and statistical records. Federal agencies or pass-through entities may not impose any other record retention requirements except for the following: (a) The records must be retained until all litigation, claims, or audit findings involving the records have been resolved and final action taken if any litigation, claim, or audit is started before the expiration of the three-year period.” United States Department of Education website ESSER Annual Reporting states in part, “All grantees are required to report on ESSER funds received under the Coronavirus Aid, Relief, and Economic Security (CARES) Act; the Coronavirus Response and Relief Supplemental Appropriations (CRRSA) Act; and the American Rescue Plan (ARP) Act. Grantees must submit an annual report describing how the State and subrecipients used the awarded funds during the performance period. Similar to CARES Act Year 1 annual reporting, grantees will use the Annual Report Data Collection Tool to submit the State report.” Condition and Context: We were unable to verify compliance with several key line items on the ESSER I, ESSER II, ARP ESSER III, and CRRSA EANS SFY 22 Annual Reports submitted during the audit period due to a lack of supporting documentation (i.e., supporting data and questionnaires sent to LEAs/nonpublic schools to collect the FTE, Student Participation data, and expenditures by category and object code). These key line items include the following: • Line 3.b1 LEA expenditures by category, and object code for ESSER I, ESSER II and ARP ESSER III • Line 3.b10 Number of specific positions supported with ESSER Funds • Line 5.a Full Time Equivalent positions for ESSER I, ESSER II and ARP ESSER III • SEA obligations (including reimbursements) by allowable activity for CRRSA EANS • Other information for Non-public schools receiving services or assistance under CRRSA EANS While documenting controls over the Annual Report we noted one LEA with a subaward/allocation of $16,832,303.63 and re-allocation of $28,177.30 and SFY 22 current expenditures of $5,509,241.03 was not included on the ARP ESSER III Annual Report. While reviewing a sample of 62 of 1,275 LEA subaward allocations and total expenditures reported on the ESSER Annual Reports, we noted the following: • For 25 of 62 (40.32%) subawards tested, the SFY 22 allocations reported on the LEA’s Grant Management System (GMS) application was less than the amount reported on the ESSER II Annual Report, totaling $12,707.62. In addition, OSDE did not provide the supporting documentation for ESSER II re-allocations. Therefore, we were unable to verify whether the total allocation for these LEAs were reported correctly in the ESSER II Annual Report. • For three of 62 (4.84%) subawards tested, the SFY 22 current expenditures reported on the LEA’s GMS Closeout Report or Summary Expenditures reports were less than the amount reported on the ARP ESSER III Annual Report. OSDE was unable to provide support for the variances totaling $218,392.41. Cause: Due to staff turnover and inadequate record retention policies and procedures, OSDE was unable to locate and/or provide all the supporting documentation used by previous staff members to prepare the reports. Effect: The amount reported for the total ARP ESSER III subaward was understated by $16,860,480.93, and the amount reported for the total ARP ESSER III current year expenditures was understated by $5,290,848.62 Information being reported on the USDOE website is not accurate and/or complete. Data previously reported cannot be verified by current staff or other entities required to perform audits or reviews. Recommendation: We recommend OSDE develop and implement appropriate record retention policies and procedures to ensure records are maintained, especially during staff turnovers. We recommend OSDE develop and implement policies and procedures to ensure personnel have an adequate understanding of the requirements for the Annual Report and to ensure the amounts reported are correct. Views of Responsible Official(s) Contact Person: Tammy Smith, Senior Director of Federal Programs | Office of Title Services Anticipated Completion Date: March 2024 Corrective Action Planned: The Oklahoma State Department of Education agrees with the finding. See corrective action plan located in the corrective action plan section of this report.
FINDING 2022-003 Subject: CDBG - Entitlement Grants Cluster - Reporting Federal Agency: Department of Housing and Urban Development Federal Program: Community Development Block Grants/Entitlement Grants Assistance Listings Number: 14.218 Federal Award Numbers and Years (or Other Identifying Numbers): B-20-MC-0010, B-21-MC-18-0010, B-22-MC-18-0010, M-20-MW-18-0010 Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2021-003. Condition and Context The City had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties that would likely be effective in preventing, or detecting and correcting, noncompliance. Recipients are required to submit financial, performance, and special reports annually or quarterly depending on the specifics of their CDBG - Entitlement Grant. Financial reports are entered into the Integrated Disbursement and Information System (IDIS). Grantees may include reports generated by the IDIS as part of their annual performance and evaluation reports that must be submitted 90 days after the end of the grantee's program year. Information to be tested from the IDIS is in the following system-generated reports: PR-26 - CDBG Financial Summary Report, PR26 - CDBG-CV Financial Summary Report, PR-26 CDBG Activity Summary by Selected Grant, PR-29 CDBG Cash on Hand Quarterly Reporting, and the PR-29 CDBG-CV Cash on Hand Quarterly Report. In addition, under the Federal Funding Accountability and Transparency Act (FFATA) grantees are required to report first-tier subawards of $30,000 or more to the FFATA Subaward System. The City, based on the grants received, was required to submit the following reports during the audit period: the PR-29 CDBG Cash on Hand Quarterly Report, the PR-26 CDBG Financial Summary Report, and the FFATA reports. PR-29 CDBG CV Cash on Hand Reporting The City submitted the four required quarterly reports; however, a single employee prepared and submitted the reports without a review or oversight process in place to prevent, or detect and correct, errors. Federal Funding and Transparency Act (FFATA) Reporting The City submitted the two required FFATA reports for the two subaward recipients that received over $30,000. Although the reports were prepared by one individual and approved by another, the internal control was not effective and did not detect and allow correction of errors prior to submission. Due to the lack of effective internal controls the following key data elements were missing: Subawardee DUNS number, Subaward obligation/action date, and the date of report submission (report submitted timely). The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 170, Appendix A(I)(a) states in part: "Reporting of first-tier subawards. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non- Federal entity or Federal agency . . . 2. Where and when to report. i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov. ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.) 3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify . . ." Cause A proper system of internal controls was not designed by management of the City, which would include segregation of key functions. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the City's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper design or implementation of the components of a system of internal controls, including policies and procedures that provide segregation of duties and additional oversight as needed, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, reports were not filed timely with all required key line items. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the City. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the City establish a proper system of internal controls, including strengthening their policies and procedures to ensure all required reports are filed and all required information is provided and supported by the City's records in a timely manner. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2022-003 Subject: Medicaid Cluster - Reporting Federal Agency: Department of Health and Human Services Federal Program: Medical Assistance Program Assistance Listings Number: 93.778 Federal Award Number and Year (or Other Identifying Number): FY2022 Pass-Through Entity: Indiana Family and Social Services Administration Compliance Requirement: Reporting Audit Findings: Material Weakness, Modified Opinion Condition and Context The Township had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties that would likely be effective in preventing, or detecting and correcting, material noncompliance related to expenditures made from the Medicaid Cluster. The Medicaid Cluster consists of three federal programs. However, the Township received funding from only one program, the Medicaid Assistance Program. The Medicaid Assistance Program grant funding is provided by the Indiana Family and Social Services Administration (FSSA) to Freestanding Governmental Ambulance Providers, such as the Township, based on a Cost Report for funding. The Cost Report for funding utilizes all costs associated with the operation of the Township's ambulance program in conjunction with other metrics such as ambulance runs, total charges, and Medicaid charges to determine the federal ambulance payment adjustment, the amount received by the Township. The Township utilized its Fire Operations fund to account for both fire and ambulance services. Costs were allocated between fire and ambulance services as necessary. Expenditures related to ambulance services were included in the Township's Cost Report to determine the reimbursement due to the Township. The funding received during the audit period was based on expenditures and data from January 1, 2019 to December 31, 2019, and as such, internal controls for that period were reviewed. The Cost Report for the Medicaid Program was prepared by the Township's contracted CPA firm using information provided by the Township. The Township provided reports detailing run data, expenditures, and charges (both Medicaid and non-Medicaid) to the CPA firm. The CPA firm prepared the report and submitted it to the Indiana FSSA. The Township did not participate in the preparation or submission process, nor complete a review of the report prior to submission. As such, the Township could not ensure that the information provided was properly utilized or that the report was accurate. Additionally, for five of the seven key line items tested, the Township could not provide supporting documentation. The lack of supporting documentation for Ambulance Runs, Fire Runs, EMT Salaries, Fire Salaries, and Total Ambulance Cost on the 2019 Cost Report prevented the determination of the accuracy of these line items. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. . . ." Cause A proper system of internal controls over the Medicaid Cluster expenditures was not designed by management of the Township, which would include segregation of key functions to ensure the Medicaid Cluster funds were appropriately reported. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the Township's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, including policies and procedures that provide segregation of duties and additional oversight as needed, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the Township. In addition, not supporting key line items increases the likelihood that information is not accurate and properly reported to FSSA and the public. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the Township design and implement a proper system of internal controls that would provide segregation of duties for the preparation of the Cost Report for Reimbursement for the Medicaid Cluster awards. Additionally, policies and procedures should be implemented to ensure appropriate reviews, approvals, and oversight are taking place. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2022-004 Subject: Staffing for Adequate Fire and Emergency Response (SAFER) - Cash Management Federal Agency: Department of Homeland Security Federal Program: Staffing for Adequate Fire and Emergency Response (SAFER) Assistance Listings Number: 97.083 Federal Award Number and Year (or Other Identifying Number): EMW-2019-FF-00944 Compliance Requirement: Cash Management Audit Findings: Material Weakness, Modified Opinion Condition and Context The Township submits request for reimbursements to the Federal Emergency Management Agency of the Department of Homeland Security. The reimbursement method of cash management requires the Township to retain supporting documentation that shows the costs for which reimbursement was requested were paid prior to the reimbursement date. The Township was awarded a SAFER grant to increase the number of firefighters and was approved for personnel and fringe benefits costs, which includes health insurance, for nine additional firefighters. The Township is self-insured and would make payments to third-party administrators and other benefit coordinators. The Township would pay a large dollar amount at the end of each year to its selfinsurance benefit coordinators for the next year's benefit, and then additional payments throughout the year as needed for employee's medical claim coverage. These payments were made from various Township funds and the Payroll Deductions fund. Additionally, the payroll deductions for health insurance, including those for employees paid from the grant, would accumulate in the Payroll Deductions fund, and be used for payments to the benefit coordinators as needed and the payment of the next year's required funding. The amount submitted for reimbursement for health insurance benefits were based upon a calculation. The Township did not have supporting documentation for the calculation of those benefits that were claimed. In addition, the health insurance benefits claimed for reimbursement were not paid out of the SAFER Grant Fund and were not at a transaction level in the ledger. The health insurance benefit submitted for reimbursement could not be tied to a specific payment; thus, we were unable to determine the Township's compliance for the health benefit reimbursements being incurred and paid prior to the Township's request for reimbursement. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.302 states in part: "(a) Each state must expend and account for the Federal award in accordance with state laws and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. See also ? 200.450. (b) The financial management system of each non-Federal entity must provide for the following (see also ?? 200.334, 200.335, 200.336, and 200.337): (1) Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, Federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any. (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Similarly, a pass-through entity must not require a subrecipient to establish an accrual accounting system and must allow the subrecipient to develop accrual data for its reports on the basis of an analysis of the documentation on hand. (3) Records that identify adequately the source and application of funds for federallyfunded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. (4) Effective control over, and accountability for, all funds, property, and other assets. The non-Federal entity must adequately safeguard all assets and assure that they are used solely for authorized purposes. See ? 200.303. . . ." Cause A system of internal controls was not designed or implemented by management of the Township which would include segregation of key functions. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect management's expectation of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, health insurance benefits were requested for reimbursement without adequate supporting documentation that the amount was paid prior to the request. Noncompliance with the grant agreement and the cash management compliance requirement could result in the loss of future federal funds to the Township. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the Township establish a proper system of internal controls and develop policies and procedures to ensure expenses are paid prior to requesting reimbursement. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2022-003 Filing system and document retention. CURRENT CONDITION: The Housing Authority of the City of Greeley was unable to efficiently locate documents for the audit. CFDA#: 14.850, 14.871 CRITERIA: 24 CFR section 200.334 requires the retention of supporting documentation. CAUSE: The Authority did not have procedures or controls in place to systematically file information. EFFECT: Documents could not be located in a timely fashion. RECOMMENDATION: The Authority should standardize procedures and employee responsibilities. VIEWS OF RESPONSIBLE OFFICIALS: We will comply with the Auditor?s recommendation. DISCUSSED WITH: Tom Teixeira, September 15, 2022
FINDING 2022-001 DOCUMENT RETENTION SIGNIFICANT DEFICIENCY Federal Program: Child Care Development Block Grant Assistance Listing Number: 93.575 Criteria Per 7 CFR 200.334, ?Financial records, supporting documents, statistical records, and all other non- Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient.? Condition Salary expenses were included in the administrative costs applied to the program. Employees were to be applied to the program based on percentages set in the grant budget. IAN did not maintain documentation to support the amounts for each employee applied to the program during the year. Total payroll costs were provided for these employees. It was determined that total salary expenses applied to the grant were within the budget allotment, and no questioned costs were identified. Cause IAN did not maintain documentation to show amounts applied to the program by individual employees. Effect We were unable to see how much of each employee?s salary was specifically applied to the grant. Recommendation We recommend IAN develop internal controls requiring the maintenance of documentation to support employee allocations to federal programs. Views of Responsible Officials The School?s Corrective Action Plan is included on page 25.
#2022-011 - Major Federal Award Finding - Document Retention Nature of Finding: Compliance Finding - Uniform Guidance Administrative Requirements and Material Weakness in Internal Controls Over Compliance Criteria/Condition: Federal regulations 2 CFR 200.334 provides that a non-federal entity must retain all records pertinent to a federal award for a minimum period of three years from the date of submission of the annual financial report. We noted during testing that records were not consistently being maintained. Cause/Context: For 2 of the 40 expenditures selected for testing, the Organization was unable to provide appropriate invoice documentation supporting the amount charged to the grant. Effect: Federal expenditures could be charged to the grant at incorrect amounts or for unallowable costs. Recommendation: We recommend the Organization implement a document retention policy that is consistent with the federal document retention requirements. Views of Responsible Officials and Planned Corrective Actions: MARR will retain a CPA consultant to implement a document retention policy that is consistent with federal document retention requirements.
#2022-011 - Major Federal Award Finding - Document Retention Nature of Finding: Compliance Finding - Uniform Guidance Administrative Requirements and Material Weakness in Internal Controls Over Compliance Criteria/Condition: Federal regulations 2 CFR 200.334 provides that a non-federal entity must retain all records pertinent to a federal award for a minimum period of three years from the date of submission of the annual financial report. We noted during testing that records were not consistently being maintained. Cause/Context: For 2 of the 40 expenditures selected for testing, the Organization was unable to provide appropriate invoice documentation supporting the amount charged to the grant. Effect: Federal expenditures could be charged to the grant at incorrect amounts or for unallowable costs. Recommendation: We recommend the Organization implement a document retention policy that is consistent with the federal document retention requirements. Views of Responsible Officials and Planned Corrective Actions: MARR will retain a CPA consultant to implement a document retention policy that is consistent with federal document retention requirements.
FINDING 2022-003 Subject: CDBG - Entitlement Grants Cluster - Reporting Federal Agency: Department of Housing and Urban Development Federal Program: Community Development Block Grants/Entitlement Grants Assistance Listings Number: 14.218 Federal Award Numbers and Years (or Other Identifying Numbers): B-20-MC-0010, B-21-MC-18-0010, B-22-MC-18-0010, M-20-MW-18-0010 Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2021-003. Condition and Context The City had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties that would likely be effective in preventing, or detecting and correcting, noncompliance. Recipients are required to submit financial, performance, and special reports annually or quarterly depending on the specifics of their CDBG - Entitlement Grant. Financial reports are entered into the Integrated Disbursement and Information System (IDIS). Grantees may include reports generated by the IDIS as part of their annual performance and evaluation reports that must be submitted 90 days after the end of the grantee's program year. Information to be tested from the IDIS is in the following system-generated reports: PR-26 - CDBG Financial Summary Report, PR26 - CDBG-CV Financial Summary Report, PR-26 CDBG Activity Summary by Selected Grant, PR-29 CDBG Cash on Hand Quarterly Reporting, and the PR-29 CDBG-CV Cash on Hand Quarterly Report. In addition, under the Federal Funding Accountability and Transparency Act (FFATA) grantees are required to report first-tier subawards of $30,000 or more to the FFATA Subaward System. The City, based on the grants received, was required to submit the following reports during the audit period: the PR-29 CDBG Cash on Hand Quarterly Report, the PR-26 CDBG Financial Summary Report, and the FFATA reports. PR-29 CDBG CV Cash on Hand Reporting The City submitted the four required quarterly reports; however, a single employee prepared and submitted the reports without a review or oversight process in place to prevent, or detect and correct, errors. Federal Funding and Transparency Act (FFATA) Reporting The City submitted the two required FFATA reports for the two subaward recipients that received over $30,000. Although the reports were prepared by one individual and approved by another, the internal control was not effective and did not detect and allow correction of errors prior to submission. Due to the lack of effective internal controls the following key data elements were missing: Subawardee DUNS number, Subaward obligation/action date, and the date of report submission (report submitted timely). The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 170, Appendix A(I)(a) states in part: "Reporting of first-tier subawards. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non- Federal entity or Federal agency . . . 2. Where and when to report. i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov. ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.) 3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify . . ." Cause A proper system of internal controls was not designed by management of the City, which would include segregation of key functions. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the City's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper design or implementation of the components of a system of internal controls, including policies and procedures that provide segregation of duties and additional oversight as needed, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, reports were not filed timely with all required key line items. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the City. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the City establish a proper system of internal controls, including strengthening their policies and procedures to ensure all required reports are filed and all required information is provided and supported by the City's records in a timely manner. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2022-003 Subject: Medicaid Cluster - Reporting Federal Agency: Department of Health and Human Services Federal Program: Medical Assistance Program Assistance Listings Number: 93.778 Federal Award Number and Year (or Other Identifying Number): FY2022 Pass-Through Entity: Indiana Family and Social Services Administration Compliance Requirement: Reporting Audit Findings: Material Weakness, Modified Opinion Condition and Context The Township had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties that would likely be effective in preventing, or detecting and correcting, material noncompliance related to expenditures made from the Medicaid Cluster. The Medicaid Cluster consists of three federal programs. However, the Township received funding from only one program, the Medicaid Assistance Program. The Medicaid Assistance Program grant funding is provided by the Indiana Family and Social Services Administration (FSSA) to Freestanding Governmental Ambulance Providers, such as the Township, based on a Cost Report for funding. The Cost Report for funding utilizes all costs associated with the operation of the Township's ambulance program in conjunction with other metrics such as ambulance runs, total charges, and Medicaid charges to determine the federal ambulance payment adjustment, the amount received by the Township. The Township utilized its Fire Operations fund to account for both fire and ambulance services. Costs were allocated between fire and ambulance services as necessary. Expenditures related to ambulance services were included in the Township's Cost Report to determine the reimbursement due to the Township. The funding received during the audit period was based on expenditures and data from January 1, 2019 to December 31, 2019, and as such, internal controls for that period were reviewed. The Cost Report for the Medicaid Program was prepared by the Township's contracted CPA firm using information provided by the Township. The Township provided reports detailing run data, expenditures, and charges (both Medicaid and non-Medicaid) to the CPA firm. The CPA firm prepared the report and submitted it to the Indiana FSSA. The Township did not participate in the preparation or submission process, nor complete a review of the report prior to submission. As such, the Township could not ensure that the information provided was properly utilized or that the report was accurate. Additionally, for five of the seven key line items tested, the Township could not provide supporting documentation. The lack of supporting documentation for Ambulance Runs, Fire Runs, EMT Salaries, Fire Salaries, and Total Ambulance Cost on the 2019 Cost Report prevented the determination of the accuracy of these line items. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. . . ." Cause A proper system of internal controls over the Medicaid Cluster expenditures was not designed by management of the Township, which would include segregation of key functions to ensure the Medicaid Cluster funds were appropriately reported. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the Township's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, including policies and procedures that provide segregation of duties and additional oversight as needed, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the Township. In addition, not supporting key line items increases the likelihood that information is not accurate and properly reported to FSSA and the public. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the Township design and implement a proper system of internal controls that would provide segregation of duties for the preparation of the Cost Report for Reimbursement for the Medicaid Cluster awards. Additionally, policies and procedures should be implemented to ensure appropriate reviews, approvals, and oversight are taking place. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2022-004 Subject: Staffing for Adequate Fire and Emergency Response (SAFER) - Cash Management Federal Agency: Department of Homeland Security Federal Program: Staffing for Adequate Fire and Emergency Response (SAFER) Assistance Listings Number: 97.083 Federal Award Number and Year (or Other Identifying Number): EMW-2019-FF-00944 Compliance Requirement: Cash Management Audit Findings: Material Weakness, Modified Opinion Condition and Context The Township submits request for reimbursements to the Federal Emergency Management Agency of the Department of Homeland Security. The reimbursement method of cash management requires the Township to retain supporting documentation that shows the costs for which reimbursement was requested were paid prior to the reimbursement date. The Township was awarded a SAFER grant to increase the number of firefighters and was approved for personnel and fringe benefits costs, which includes health insurance, for nine additional firefighters. The Township is self-insured and would make payments to third-party administrators and other benefit coordinators. The Township would pay a large dollar amount at the end of each year to its selfinsurance benefit coordinators for the next year's benefit, and then additional payments throughout the year as needed for employee's medical claim coverage. These payments were made from various Township funds and the Payroll Deductions fund. Additionally, the payroll deductions for health insurance, including those for employees paid from the grant, would accumulate in the Payroll Deductions fund, and be used for payments to the benefit coordinators as needed and the payment of the next year's required funding. The amount submitted for reimbursement for health insurance benefits were based upon a calculation. The Township did not have supporting documentation for the calculation of those benefits that were claimed. In addition, the health insurance benefits claimed for reimbursement were not paid out of the SAFER Grant Fund and were not at a transaction level in the ledger. The health insurance benefit submitted for reimbursement could not be tied to a specific payment; thus, we were unable to determine the Township's compliance for the health benefit reimbursements being incurred and paid prior to the Township's request for reimbursement. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.302 states in part: "(a) Each state must expend and account for the Federal award in accordance with state laws and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. See also ? 200.450. (b) The financial management system of each non-Federal entity must provide for the following (see also ?? 200.334, 200.335, 200.336, and 200.337): (1) Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, Federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any. (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Similarly, a pass-through entity must not require a subrecipient to establish an accrual accounting system and must allow the subrecipient to develop accrual data for its reports on the basis of an analysis of the documentation on hand. (3) Records that identify adequately the source and application of funds for federallyfunded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. (4) Effective control over, and accountability for, all funds, property, and other assets. The non-Federal entity must adequately safeguard all assets and assure that they are used solely for authorized purposes. See ? 200.303. . . ." Cause A system of internal controls was not designed or implemented by management of the Township which would include segregation of key functions. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect management's expectation of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, health insurance benefits were requested for reimbursement without adequate supporting documentation that the amount was paid prior to the request. Noncompliance with the grant agreement and the cash management compliance requirement could result in the loss of future federal funds to the Township. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the Township establish a proper system of internal controls and develop policies and procedures to ensure expenses are paid prior to requesting reimbursement. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2022-003 Filing system and document retention. CURRENT CONDITION: The Housing Authority of the City of Greeley was unable to efficiently locate documents for the audit. CFDA#: 14.850, 14.871 CRITERIA: 24 CFR section 200.334 requires the retention of supporting documentation. CAUSE: The Authority did not have procedures or controls in place to systematically file information. EFFECT: Documents could not be located in a timely fashion. RECOMMENDATION: The Authority should standardize procedures and employee responsibilities. VIEWS OF RESPONSIBLE OFFICIALS: We will comply with the Auditor?s recommendation. DISCUSSED WITH: Tom Teixeira, September 15, 2022
FINDING 2022-001 DOCUMENT RETENTION SIGNIFICANT DEFICIENCY Federal Program: Child Care Development Block Grant Assistance Listing Number: 93.575 Criteria Per 7 CFR 200.334, ?Financial records, supporting documents, statistical records, and all other non- Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient.? Condition Salary expenses were included in the administrative costs applied to the program. Employees were to be applied to the program based on percentages set in the grant budget. IAN did not maintain documentation to support the amounts for each employee applied to the program during the year. Total payroll costs were provided for these employees. It was determined that total salary expenses applied to the grant were within the budget allotment, and no questioned costs were identified. Cause IAN did not maintain documentation to show amounts applied to the program by individual employees. Effect We were unable to see how much of each employee?s salary was specifically applied to the grant. Recommendation We recommend IAN develop internal controls requiring the maintenance of documentation to support employee allocations to federal programs. Views of Responsible Officials The School?s Corrective Action Plan is included on page 25.
#2022-011 - Major Federal Award Finding - Document Retention Nature of Finding: Compliance Finding - Uniform Guidance Administrative Requirements and Material Weakness in Internal Controls Over Compliance Criteria/Condition: Federal regulations 2 CFR 200.334 provides that a non-federal entity must retain all records pertinent to a federal award for a minimum period of three years from the date of submission of the annual financial report. We noted during testing that records were not consistently being maintained. Cause/Context: For 2 of the 40 expenditures selected for testing, the Organization was unable to provide appropriate invoice documentation supporting the amount charged to the grant. Effect: Federal expenditures could be charged to the grant at incorrect amounts or for unallowable costs. Recommendation: We recommend the Organization implement a document retention policy that is consistent with the federal document retention requirements. Views of Responsible Officials and Planned Corrective Actions: MARR will retain a CPA consultant to implement a document retention policy that is consistent with federal document retention requirements.
#2022-011 - Major Federal Award Finding - Document Retention Nature of Finding: Compliance Finding - Uniform Guidance Administrative Requirements and Material Weakness in Internal Controls Over Compliance Criteria/Condition: Federal regulations 2 CFR 200.334 provides that a non-federal entity must retain all records pertinent to a federal award for a minimum period of three years from the date of submission of the annual financial report. We noted during testing that records were not consistently being maintained. Cause/Context: For 2 of the 40 expenditures selected for testing, the Organization was unable to provide appropriate invoice documentation supporting the amount charged to the grant. Effect: Federal expenditures could be charged to the grant at incorrect amounts or for unallowable costs. Recommendation: We recommend the Organization implement a document retention policy that is consistent with the federal document retention requirements. Views of Responsible Officials and Planned Corrective Actions: MARR will retain a CPA consultant to implement a document retention policy that is consistent with federal document retention requirements.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
FINDING 2022-032 Pandemic EBT Food Benefits, ALN 10.542, Reporting ? Report of Disaster Supplemental Nutrition Assistance Benefit Issuance See Schedule of Findings and Questioned Costs for chart/table. Condition MDHHS did not have a process in place to ensure it maintained documentation to support the submitted Report of Disaster Supplemental Nutrition Assistance Benefit Issuance (FNS-292B). For all 3 sampled reports, MDHHS did not retain auditable submitted information, such as copies or screen prints of submitted reports. Rather, MDHHS provided us an e-mail disclosing the information which it represented as submitted. Criteria Federal regulation 2 CFR 200.334 requires financial records, supporting documents, statistical records, and all other nonfederal entity records pertinent to a federal award must be retained for a period of three years from the date of submission of the final expenditure report. Federal Register 86:89 (11 May 2021) page 25,837 requires state agencies to report the number of eligible children and households receiving P-EBT benefits and total value of the benefits monthly. Cause MDHHS informed us it electronically submitted the FNS-292B using the Food Program Reporting System (FPRS), but it did not retain copies of the submitted reports and the submitted reports were not available in FPRS. Effect We were unable to validate the information submitted to USDA on the FNS-292B. The federal grantor agency could issue sanctions or disallowances related to noncompliance. Known Questioned Costs None. Recommendation We recommend MDHHS establish a process to ensure it maintains documentation to support submitted FNS-292B reports. Management Views MDHHS disagrees that federal regulations require MDHHS to maintain copies or screenshots of FNS-292B information reported on the federal website. MDHHS normally has the ability to access the information on the federal system. However, during audit fieldwork, the FNS-292B information MDHHS submitted on the federal website was not viewable to the auditors because the reports were under federal review. MDHHS did not a retain a copy or screen prints of the submitted reports; however, MDHHS did maintain the underlying reports used to compile the submitted FNS-292B reports and this was provided to the auditors during fieldwork. Auditor's Comments to Management View MDHHS acknowledges it did not maintain a copy or screen prints of submitted reports. Documentation of submitted reports is necessary to provide auditable information to validate the accuracy of the report submission. MDHHS provided a spreadsheet and an e-mail disclosing the information which it represented as submitted; however, this information did not substantiate the FNS-292B was accurately submitted. Therefore, the finding stands as written.
FINDING 2022-032 Pandemic EBT Food Benefits, ALN 10.542, Reporting ? Report of Disaster Supplemental Nutrition Assistance Benefit Issuance See Schedule of Findings and Questioned Costs for chart/table. Condition MDHHS did not have a process in place to ensure it maintained documentation to support the submitted Report of Disaster Supplemental Nutrition Assistance Benefit Issuance (FNS-292B). For all 3 sampled reports, MDHHS did not retain auditable submitted information, such as copies or screen prints of submitted reports. Rather, MDHHS provided us an e-mail disclosing the information which it represented as submitted. Criteria Federal regulation 2 CFR 200.334 requires financial records, supporting documents, statistical records, and all other nonfederal entity records pertinent to a federal award must be retained for a period of three years from the date of submission of the final expenditure report. Federal Register 86:89 (11 May 2021) page 25,837 requires state agencies to report the number of eligible children and households receiving P-EBT benefits and total value of the benefits monthly. Cause MDHHS informed us it electronically submitted the FNS-292B using the Food Program Reporting System (FPRS), but it did not retain copies of the submitted reports and the submitted reports were not available in FPRS. Effect We were unable to validate the information submitted to USDA on the FNS-292B. The federal grantor agency could issue sanctions or disallowances related to noncompliance. Known Questioned Costs None. Recommendation We recommend MDHHS establish a process to ensure it maintains documentation to support submitted FNS-292B reports. Management Views MDHHS disagrees that federal regulations require MDHHS to maintain copies or screenshots of FNS-292B information reported on the federal website. MDHHS normally has the ability to access the information on the federal system. However, during audit fieldwork, the FNS-292B information MDHHS submitted on the federal website was not viewable to the auditors because the reports were under federal review. MDHHS did not a retain a copy or screen prints of the submitted reports; however, MDHHS did maintain the underlying reports used to compile the submitted FNS-292B reports and this was provided to the auditors during fieldwork. Auditor's Comments to Management View MDHHS acknowledges it did not maintain a copy or screen prints of submitted reports. Documentation of submitted reports is necessary to provide auditable information to validate the accuracy of the report submission. MDHHS provided a spreadsheet and an e-mail disclosing the information which it represented as submitted; however, this information did not substantiate the FNS-292B was accurately submitted. Therefore, the finding stands as written.
Finding No.: 2022-023 Federal Agency: U.S. Department of Education AL Program: 84.425 Education Stabilization Fund AL Sub-Program: 84.425E Higher Education Emergency Relief Fund (HEERF) - Student Aid Portion Federal Award No.: COVID-19 P425E204126 AL Sub-Program: 84.425F HEERF - Institutional Portion Federal Award No.: COVID-19 P425F202732 AL Sub-Program: 84.425L HEERF - Minority Serving Institution Federal Award No.: COVID-19 P425L200219 Area: Reporting Questioned Costs: $0 Criteria: Annual Reporting - Per OMB Compliance Supplement Addendum April 2022, ED will be collecting an annual report for HEERF grantees in April 2022. ED will require institutions to report on their uses of HEERF I CARES Act funds, HEERF II CRRSAA funds, and HEERF III ARP funds in advance of the ARP annual reporting deadline. Quarterly Public Reporting for (a)(1) Student Aid Portion - Per OMB Compliance Supplement Addendum April 2022, institutions that received a HEERF 18004(a)(1) Student Aid Portion award are required to publicly post certain information on their website no later than 30 days after award and update that information every 45 days thereafter. On August 31, 2020, the frequency of reporting after the initial 30-day period decreased from every 45 days thereafter to every calendar quarter. On May 13, 2021, ED published an additional notice for student aid public reporting under CRRSAA and ARP, which requires that institution publicly post certain information on their website. Institutions must publicly post their report as soon as possible, but no later than 30 days after the publication of the notice or 30 days after the date ED first obligated funds under HEERF I, II, or III to the institution for Emergency Financial Aid Grants to Students, whichever comes later. The report must be updated no later than 10 days after the end of each calendar quarter. Quarterly Public Reporting for (a)(1) Institutional Portion and (a)(2), and (a)(3) funds - Per OMB Compliance Supplement Addendum April 2022, Quarterly Budget and Expenditure form must be conspicuously posted on the institution’s primary website on the same page the reports of the IHE’s activities as to the emergency financial aid grants to students (Student Aid Portion) are posted. The form must be posted covering each quarterly reporting period no later than 10 days after the end of each calendar quarter. Any changes or updates after initial posting must be conspicuously noted after initial posting and the date of the change must be noted in the “Date of Report” line. Furthermore, as required by 2 CFR 200.334, regardless of the need to submit an audit, all financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a federal award must be retained for a period of three years from the date of submission of the last HEERF grant’s final expenditure report. Furthermore, 2 CFR 200.303(a) states that the subrecipient must establish, document, and maintain effective internal control over the Federal award that provides reasonable assurance that the subrecipient is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should align with the guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control-Integrated Framework” issued by the COSO. Conditions: 1. Total annual expenditures per the Annual Report Data Collection System differ from cumulative expenditures from 01/01/21 through 12/31/21 per underlying accounting records, as follows: Annual Expenditures Student Portion Institution Portion Minority Serving Institution Annual Data Collection System $2,628,200 $2,223,328 $ --- Underlying accounting records 2,554,416 1,917,546 338,297 Over (under) reporting $ 73,784 $ 305,782 $(338,297) 2. ALN 84.425E COVID-19 HEERF-Student Aid Portion A. Quarterly reports for quarters ended 12/31/2021 and 03/31/2022 that were publicly posted in the website, along with relevant documentation evidencing compliance (i.e., webmaster logs, or other relevant documentation establishing good-faith indication that the institution posted the required information at approximately timelines established by the public reporting requirements) on whether the College was timely in publicly posting its quarterly report could not be provided. B. Relevant documentation evidencing compliance (i.e., webmaster logs, or other relevant documentation establishing good-faith indication that the institution posted the required information at approximately timelines established by the public reporting requirements) on whether the College was timely in publicly posting its quarterly report for quarters ended 06/30/2022 and 09/30/2022, could not be provided. 3. 84.425F COVID-19 HEERF-Institutional Portion 84.425L COVID-19 HEERF-Minority Serving Institution A. Relevant documentation evidencing compliance (i.e., webmaster logs, or other relevant documentation establishing good-faith indication that the institution posted the required information at approximately timelines established by the public reporting requirements) on whether the College was timely in publicly posting its quarterly report for quarters ended 12/31/2021, 03/31/2022, 06/30/2022 and 09/30/2022, could not be provided. Cause: The College lacks adequate internal controls over the timely and accurate preparation and review of required reports as stipulated in the Compliance Supplement. Furthermore, the College lacks adequate internal controls regarding retaining sufficient documentation to support all reported transactions. Effect: The College is not in compliance with the applicable reporting requirements. No questioned costs are presented as the identified reporting differences do not represent overpayments, and we are unable to quantify the impact of late reporting on the program. Identified as a Repeat Finding: 2021-017 Recommendation: College management should strengthen controls so that required reports are timely and accurately prepared and reviewed and submitted within the specified timeframes to evidence compliance with the applicable reporting requirements and retain sufficient documentation to support all reported transactions. Views of Auditee and Planned Corrective Actions: The College agrees with the finding and provides details in its Corrective Action Plan.
Finding No. 2022-011 Federal Agency: U.S. Department of Agriculture AL Program: 10.542 Pandemic EBT Food Benefits (P-EBT) Federal Award No.: 7NM400NM2 Area: Activities Allowed or Unallowed Questioned Costs: $-0- Criteria: 1. In accordance with Section 1101(b)(f)(2) of the Families First Coronavirus Response Act, as amended, a State agency may develop and use simplifying assumptions (including a State or local public health ordinance developed in response to COVID-19) and the best feasibly available data to determine the status of a school or covered child care facility as opened, closed, or operating with a reduced number of days or hours, establish State or regionally-based benefits levels, identify eligible children, and establish eligibility periods for eligible children. 2. In accordance with the CNMI State Plan, the Nutrition Assistance Program (NAP) will receive data from the CNMI Department of Education, Child Nutrition Program, the agency which shall receive all school information from the public schools, the private schools, and childcare centers. 3. In accordance with the April 2022 Compliance Supplement, the state agency is to instruct schools and school districts appropriately in order to collect the data necessary to set benefit levels consistent with the terms of the state plan. In addition, use of funds made available for P-EBT must also comply with government accounting and record keeping requirements in 2 CFR 200.334, for which the recipient and subrecipient must retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to financial records, supporting documentation, and statistical records. Condition: Documentation of the instructions provided to schools and school districts in order for the CNMI NAP to appropriately collect the necessary data to set benefit levels consistent with the terms of the state plan, was not provided. Cause: The CNMI did not provide instructions appropriately to schools and school districts in order to collect the data necessary to set benefit levels consistent with the terms of the state plan. Effect: The CNMI is in noncompliance with applicable activities allowed or unallowed compliance requirements. Recommendation: The CNMI should implement and enforce monitoring over the required instructions that state agency is to provide to schools and school districts appropriately in order to collect the data necessary to set benefit levels consistent with the terms of the CNMI’s P-EBT State Plan. Views of Responsible Officials: CNMI NAP disagrees with this finding. The 2022 Compliance Supplement states that the LEA, in this instance, the CNMI Public School System (PSS), is responsible for verifying the current free and reduced-price eligibility of households, unless the LEA is exempt from the verification requirement. PSS is not exempt from the verification requirement and the CNMI NAP has never given instructions to PSS for data collection as it is the PSS’ responsibility to supply the data to CNMI NAP for P-EBT. CNMI NAP’s role is to distribute the benefits only. Similar to the SUN Bucks (S-EBT) program, PSS furnishes the student listing to CNMI NAP, after which CNMI NAP distributes the benefits according to the listing provided by PSS. Refer to CNMI’s Corrective Action Plan for additional information. Auditor Response: The 2022 Compliance Supplement being referenced by CNMI NAP pertains to ALN 10.551 Supplemental Nutrition Assistance Program (SNAP). CNMI NAP should refer to the April 2022 Compliance Supplement specifically for ALN 10.542 Pandemic EBT Food Benefits (P-EBT). In addition, documentation that CNMI NAP is not required to provide instructions to schools and school district were not provided.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Allowed Cost / Cost Principles Condition and context In testing compliance and internal controls over cost allowability / cost principles, we selected a sample of ten (10) transactions which amounted to $445,522 of HEERF Institutional aid funds expenditures. Our sample was a statistically valid sample. During our expenditure test, we noted the following deficiencies: a) In one transaction of a sample of ten (10) disbursements (10%) the vendor quote was not available for examination. The transaction amounted to $5,899. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In two (2) transactions of our sample (20%) the cost per quote did not agree with the amount of the invoice. The amount invoiced in excess of the quote cost was $1,090. c) In three (3) transactions of our sample (30%) we did not find documentation that the equipment was received (date and the employee who received the item). We inquired the Institution?s Management about this matter, and they explained that the Institution does not have a formal procedure or form to document the receipt of goods. Management confirmed and represented us that the items were properly received. d) In one transaction of our sample (10%) the expenditure was related to the amount of lost revenue claimed by the Institution in the fiscal year 2021-22. Upon examination of the Institution analysis, we noted that the lost revenue was not properly determined because the following situations: 1. For the loss of revenue calculation, the Institution used the unaudited figures for the fiscal year ended July 31, 2021. 2. We noted that the Institution considered in its analysis revenue that was not in accordance with the program guidelines (transactions that were not reimbursable under the HEERF grant program). 3. We noted that the lost revenue determined by the Institution was incorrectly determined (lost revenue claimed was understated by approximately $80,000) as result of the net effect of the deficiencies 1 and 2, above. Criteria 2 CFR 200.302 (b) (3) and (7) require records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.400 (a) to (d) establish that the application of these cost principles is based on the fundamental premises that: (a) The non-Federal entity is responsible for the efficient and effective administration of the Federal award through the application of sound management practices. (b) The non-Federal entity assumes responsibility for administering Federal funds in a manner consistent with underlying agreements, program objectives, and the terms and conditions of the Federal award. (c) The non-Federal entity, in recognition of its own unique combination of staff, facilities, and experience, has the primary responsibility for employing whatever form of sound organization and management techniques may be necessary in order to assure proper and efficient administration of the Federal award. (d) The application of these cost principles should require no significant changes in the internal accounting policies and practices of the non-Federal entity. However, the accounting practices of the non-Federal entity must be consistent with these cost principles and support the accumulation of costs as required by the principles and must provide for adequate documentation to support costs charged to the Federal awards. 2 CFR 200.403, related to factors affecting allowability of cost, (c) and (g) establish that except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: be consistent with policies and procedures that apply uniformly to both federally-financed and other activities of the non-Federal entity, and be adequately documented. 2 CFR 200.404 establishes that a cost is reasonable if, in its nature and amount, it does not exceed that which would be incurred by a prudent person under the circumstances prevailing at the time the decision was made to incur the cost. The question of reasonableness is particularly important when the non-Federal entity is predominantly federally-funded. In determining reasonableness of a given cost, consideration must be given to: (a) whether the cost is of a type generally recognized as ordinary and necessary for the operation of the non-Federal entity or the proper and efficient performance of the Federal award; (b) the restraints or requirements imposed by such factors as: sound business practices; arm's-length bargaining; Federal, state, local, tribal, and other laws and regulations; and terms and conditions of the Federal award; (c) market prices for comparable goods or services for the geographic area; (d) whether the individuals concerned acted with prudence in the circumstances considering their responsibilities to the non-Federal entity, its employees, where applicable its students or membership, the public at large, and the Federal Government; and (e) whether the non-Federal entity significantly deviates from its established practices and policies regarding the incurrence of costs, which may unjustifiably increase the Federal award's cost. 2 CFR 200.406 (a) establishes that applicable credits refer to those receipts or reduction-of-expenditure-type transactions that offset or reduce expense items allocable to the Federal awards as direct or indirect (F&A) costs. Examples of such transactions are: purchase discounts, rebates or allowances, recoveries or indemnities on losses, insurance refunds or rebates, and adjustments of overpayments or erroneous charges. To the extent that such credits accruing to or received by the non-Federal entity relate to allowable costs, they must be credited to the Federal award either as a cost reduction or cash refund, as appropriate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.337 (a) establishes that the Federal awarding agency, Inspectors General, the Comptroller General of the United States, and the pass-through entity, or any of their authorized representatives, must have the right of access to any documents, papers, or other records of the non-Federal entity which are pertinent to the Federal award, in order to make audits, examinations, excerpts, and transcripts. The right also includes timely and reasonable access to the non-Federal entity's personnel for the purpose of interview and discussion related to such documents. The Higher Education Emergency Relief Fund (HEERF I, II, and III) Lost Revenue Frequently Asked Questions (FAQs) published on March 19, 2021, in question number four establishes that sources of lost revenue that are not reimbursable under the HEERF grant programs include the following: capital outlays associated with facilities related to athletics (including fees assessed for capital athletic facility construction), acquisition of real property (including bond revenue), contributions or donations to the institution, marketing or recruitment activities, revenue related to sectarian instruction or religious worship, alcohol sales, and investment income (including endowment and quasi-endowment revenue. Cause The cause of the deficiencies noted were the result of the following situations: a) Lack of written policies and procedures did not provide the Institution?s personnel responsible for the purchasing process a guidance on how to perform and document the purchase transactions under this federal program. b) The vendor invoice was not compared to the quote and no inquiries were made and/or documented explaining the cause of the difference. c) The Institution does not have formal and written procedures to document when materials and/or equipment are received by the Institution?s personnel. d) The Institution management did not consult or requested assistance from the Department of Education program coordinator to ascertain that the request was properly performed and to clarify questions related to the allowable revenue to be considered in the analysis. Also, the Institution failed to review the financial figures of the audited trial balance for 2021. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, the above conditions could result in the reimbursement of federal funds to the grantors for those disbursements not properly supported and reviewed by the Institution?s management. Questioned costs Refer to finding 2022-010. Identification as a Repeat Finding No repeated finding. Recommendations We recommend the Institution to establish adequate procedures and controls, which shall consider, among others, the following: ? Maintain adequate documentation to support the allowability of its expenditures. ? Purchases must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. ? Improve its policies and procedures, and internal controls to incorporate the comparison of the vendor invoices with the quotes after the invoice is received to ascertain that expenses and liabilities are properly recorded. Instruct personnel of accounts payable to contact the vendor when discrepancies are identified and document in writing the inquiry performed, the results, and conclusions. ? Implement a formal process with receiving reports or checklist where upon receipt of equipment and/or materials purchased could detail description, amount received, date of receipt, and a reference to the invoice. Copies of the receiving reports and invoices should then be forwarded to the accounting department for processing. Payment of a vendor?s invoice should not be made unless a copy of a receiving report is attached. ? The Institution management should review the Loss of Revenue claims and/or analysis performed by any employee or consultant that was designated to perform such a task. The Institution?s management should verify and ascertain that the analysis performed using the Institution?s financial information agree with the Institution?s audited financial statements. ? The Institution?s management should consult with the US Department of Education program coordinator when questions or concerns arise, especially if management is not familiar with program regulations and/or the federal program is new. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Earmarking Condition and context We inquired the Institution?s management on the amount of institutional funds assigned to: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA, and how the Institution documented how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. However, this information was not available for our examination. Criteria The Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021 and updated on May 24, 2021 and October 25, 2022 in questions number 21, 28 and 35, respectively, establish that the ARP has added two new required uses of HEERF III institutional portion grant funds for public and private nonprofit institutions. Namely, a portion of their institutional funds must: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA. This provision of ARP requires institutions to use some of their ARP (a)(1) Institutional Portion funds to help fight the spread and transmission of COVID-19 on their campuses and among their student, faculty, and staff community members. This provision also applies to future ARP awards the Department will make under (a)(2) and (a)(3). It is critical that institutions take steps to prevent and mitigate the spread of coronavirus on their campuses and local communities. Institutions should document how they implemented these two required activities consistent with 2 CFR ? 200.334. Specifically, institutions should document (1) the strategies used to monitor and suppress COVID-19, (2) the evidence to support those strategies, (3) how those strategies were in accordance with public health guidelines, (4) the manner and extent of the direct outreach the institution conducted to financial aid applicants, and (5) how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The Institution?s management was not familiar with this requirement. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Questioned costs Unable to determine. Identification as a Repeat Finding No repeated finding. Recommendation We recommend that the Institution management review this compliance requirement and verify if the Institution assigned and expended funds related to these activities. It is important that the Institution management ascertain that expenditures identified comply with the characteristics and requirements as explained in the Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021, as subsequently updated. Also, the Institution must document and maintain an audit trail of the transactions incurred to comply with this requirement. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Procurement, and suspension and debarment Condition and context In testing compliance and internal controls over the procurement, and suspension and debarment requirement, we tested the procurement documentation related to the expenditures selected for the allowable cost / cost principles test (see Finding No. 2022-006). Of the ten (10) transactions selected, nine (9) transactions required compliance with this requirement. We noted that those nine (9) transactions, which amounted to $164,592, were related to seven (7) procurement transactions. Our sample was not a statistically valid sample. During our test, we noted the following deficiencies: a) In one of seven (7) procurement transactions tested (14%), no quotes were available for examination. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In one of seven (7) procurement transactions tested (14%), only two quotes were available for examination. As per inquiry to the Institution?s management no other quotes were requested. c) In five of seven (7) procurement transactions tested (72%), only one quote was available for examination. As per inquiry to the Institution?s management no other quotes were requested. Condition and context d) For five (5) of the seven (7) procurement transactions tested (71%), a suspension and debarred verification requirement was applicable. For 100% of those five (5) transactions no evidence was provided that the Institution verified the contractors were not debarred, suspended, or otherwise excluded (2 CFR sections 200.212 and 200.318(h); 2 CFR section 180.300; 48 CFR section 52.209-6). However, on March 20, 2023 we performed an inquiry in the Sam system and no records of exclusion were found for those contractors. Criteria 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.318 (i) establishes that the non-Federal entity must maintain records sufficient to detail the history of procurement. These records will include, but are not necessarily limited to, the following: Rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.319 (a) establishes that all procurement transactions for the acquisition of property or services required under a Federal award must be conducted in a manner providing full and open competition consistent with the standards of this section and ? 200.320. 2 CFR 200.319 (d) establishes that the non-Federal entity must have written procedures for procurement transactions. These procedures must ensure that all solicitations: incorporate a clear and accurate description of the technical requirements for the material, product, or service to be procured. Such description must not, in competitive procurements, contain features which unduly restrict competition. The description may include a statement of the qualitative nature of the material, product, or service to be procured and, when necessary, must set forth those minimum essential characteristics and standards to which it must conform if it is to satisfy its intended use. Detailed product specifications should be avoided if at all possible. When it is impractical or uneconomical to make a clear and accurate description of the technical requirements, a ?brand name or equivalent? description may be used as a means to define the performance or other salient requirements of procurement. The specific features of the named brand which must be met by offers must be clearly stated; and identify all requirements which the offerors must fulfill and all other factors to be used in evaluating bids or proposals. 2 CFR 200.319 (f) establishes that noncompetitive procurements can only be awarded in accordance with ? 200.320(c). 2 CFR 200.320 establishes that the non-Federal entity must have and use documented procurement procedures, consistent with the standards of this section and ?? 200.317, 200.318, and 200.319 for any of the methods of procurement used for the acquisition of property or services required under a Federal award or sub-award. 2 CFR 200.320 (a) (1) (ii) and (a) (2) (i) establish that micro-purchases may be awarded without soliciting competitive price or rate quotations if the non-Federal entity considers the price to be reasonable based on research, experience, purchase history or other information and documents it files accordingly. The acquisition of property or services, the aggregate dollar amount of which is higher than the micro-purchase threshold but does not exceed the simplified acquisition threshold. If small purchase procedures are used, price or rate quotations must be obtained from an adequate number of qualified sources as determined appropriate by the non-Federal entity. 2 CFR 200.320 (c) establishes that there are specific circumstances in which noncompetitive procurement can be used. Noncompetitive procurement can only be awarded if one or more of the following circumstances apply: (1) the acquisition of property or services, the aggregate dollar amount of which does not exceed the micro-purchase threshold (see paragraph (a)(1) of this section); (2) the item is available only from a single source; (3) the public exigency or emergency for the requirement will not permit a delay resulting from publicizing a competitive solicitation; (4) the Federal awarding agency or pass-through entity expressly authorizes a noncompetitive procurement in response to a written request from the non-Federal entity; or (5) after solicitation of a number of sources, competition is determined inadequate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.318 (h) establishes that the non-Federal entity must award contracts only to responsible contractors possessing the ability to perform successfully under the terms and conditions of a proposed procurement. Consideration will be given to such matters as contractor integrity, compliance with public policy, record of past performance, and financial and technical resources. 2 CFR 200.214 establishes that non-Federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR part 180. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Cause Lack of written policies and procedures did not provide the Institution?s personnel responsible for the procurement process a guidance on how to perform and document the procurement transactions under this federal program. Also, the failure to implement adequate internal control procedures, such as thorough management review, which should detect and correct, on a timely basis, instances where controls are not being followed. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, above conditions could result in the reimbursement of federal funds to the grantors for those transactions not properly supported and/or in compliance with regulations. Questioned costs $158,693 Identification as a Repeat Finding No repeated finding. Recommendations The Institution should verify that its policies and procedures are in accordance with federal regulations requirements. In addition, the Institution should develop written procedures before entering into new federal programs or before incurring transactions subject to compliance with federal regulations to prevent and reduce the risk of non-compliance. Also, all procurement transactions must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. The Institution?s personnel responsible for the management and processing of procurement transactions subject to federal regulations must be provided adequate training and supervision. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Allowed Cost / Cost Principles Condition and context In testing compliance and internal controls over cost allowability / cost principles, we selected a sample of ten (10) transactions which amounted to $445,522 of HEERF Institutional aid funds expenditures. Our sample was a statistically valid sample. During our expenditure test, we noted the following deficiencies: a) In one transaction of a sample of ten (10) disbursements (10%) the vendor quote was not available for examination. The transaction amounted to $5,899. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In two (2) transactions of our sample (20%) the cost per quote did not agree with the amount of the invoice. The amount invoiced in excess of the quote cost was $1,090. c) In three (3) transactions of our sample (30%) we did not find documentation that the equipment was received (date and the employee who received the item). We inquired the Institution?s Management about this matter, and they explained that the Institution does not have a formal procedure or form to document the receipt of goods. Management confirmed and represented us that the items were properly received. d) In one transaction of our sample (10%) the expenditure was related to the amount of lost revenue claimed by the Institution in the fiscal year 2021-22. Upon examination of the Institution analysis, we noted that the lost revenue was not properly determined because the following situations: 1. For the loss of revenue calculation, the Institution used the unaudited figures for the fiscal year ended July 31, 2021. 2. We noted that the Institution considered in its analysis revenue that was not in accordance with the program guidelines (transactions that were not reimbursable under the HEERF grant program). 3. We noted that the lost revenue determined by the Institution was incorrectly determined (lost revenue claimed was understated by approximately $80,000) as result of the net effect of the deficiencies 1 and 2, above. Criteria 2 CFR 200.302 (b) (3) and (7) require records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.400 (a) to (d) establish that the application of these cost principles is based on the fundamental premises that: (a) The non-Federal entity is responsible for the efficient and effective administration of the Federal award through the application of sound management practices. (b) The non-Federal entity assumes responsibility for administering Federal funds in a manner consistent with underlying agreements, program objectives, and the terms and conditions of the Federal award. (c) The non-Federal entity, in recognition of its own unique combination of staff, facilities, and experience, has the primary responsibility for employing whatever form of sound organization and management techniques may be necessary in order to assure proper and efficient administration of the Federal award. (d) The application of these cost principles should require no significant changes in the internal accounting policies and practices of the non-Federal entity. However, the accounting practices of the non-Federal entity must be consistent with these cost principles and support the accumulation of costs as required by the principles and must provide for adequate documentation to support costs charged to the Federal awards. 2 CFR 200.403, related to factors affecting allowability of cost, (c) and (g) establish that except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: be consistent with policies and procedures that apply uniformly to both federally-financed and other activities of the non-Federal entity, and be adequately documented. 2 CFR 200.404 establishes that a cost is reasonable if, in its nature and amount, it does not exceed that which would be incurred by a prudent person under the circumstances prevailing at the time the decision was made to incur the cost. The question of reasonableness is particularly important when the non-Federal entity is predominantly federally-funded. In determining reasonableness of a given cost, consideration must be given to: (a) whether the cost is of a type generally recognized as ordinary and necessary for the operation of the non-Federal entity or the proper and efficient performance of the Federal award; (b) the restraints or requirements imposed by such factors as: sound business practices; arm's-length bargaining; Federal, state, local, tribal, and other laws and regulations; and terms and conditions of the Federal award; (c) market prices for comparable goods or services for the geographic area; (d) whether the individuals concerned acted with prudence in the circumstances considering their responsibilities to the non-Federal entity, its employees, where applicable its students or membership, the public at large, and the Federal Government; and (e) whether the non-Federal entity significantly deviates from its established practices and policies regarding the incurrence of costs, which may unjustifiably increase the Federal award's cost. 2 CFR 200.406 (a) establishes that applicable credits refer to those receipts or reduction-of-expenditure-type transactions that offset or reduce expense items allocable to the Federal awards as direct or indirect (F&A) costs. Examples of such transactions are: purchase discounts, rebates or allowances, recoveries or indemnities on losses, insurance refunds or rebates, and adjustments of overpayments or erroneous charges. To the extent that such credits accruing to or received by the non-Federal entity relate to allowable costs, they must be credited to the Federal award either as a cost reduction or cash refund, as appropriate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.337 (a) establishes that the Federal awarding agency, Inspectors General, the Comptroller General of the United States, and the pass-through entity, or any of their authorized representatives, must have the right of access to any documents, papers, or other records of the non-Federal entity which are pertinent to the Federal award, in order to make audits, examinations, excerpts, and transcripts. The right also includes timely and reasonable access to the non-Federal entity's personnel for the purpose of interview and discussion related to such documents. The Higher Education Emergency Relief Fund (HEERF I, II, and III) Lost Revenue Frequently Asked Questions (FAQs) published on March 19, 2021, in question number four establishes that sources of lost revenue that are not reimbursable under the HEERF grant programs include the following: capital outlays associated with facilities related to athletics (including fees assessed for capital athletic facility construction), acquisition of real property (including bond revenue), contributions or donations to the institution, marketing or recruitment activities, revenue related to sectarian instruction or religious worship, alcohol sales, and investment income (including endowment and quasi-endowment revenue. Cause The cause of the deficiencies noted were the result of the following situations: a) Lack of written policies and procedures did not provide the Institution?s personnel responsible for the purchasing process a guidance on how to perform and document the purchase transactions under this federal program. b) The vendor invoice was not compared to the quote and no inquiries were made and/or documented explaining the cause of the difference. c) The Institution does not have formal and written procedures to document when materials and/or equipment are received by the Institution?s personnel. d) The Institution management did not consult or requested assistance from the Department of Education program coordinator to ascertain that the request was properly performed and to clarify questions related to the allowable revenue to be considered in the analysis. Also, the Institution failed to review the financial figures of the audited trial balance for 2021. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, the above conditions could result in the reimbursement of federal funds to the grantors for those disbursements not properly supported and reviewed by the Institution?s management. Questioned costs Refer to finding 2022-010. Identification as a Repeat Finding No repeated finding. Recommendations We recommend the Institution to establish adequate procedures and controls, which shall consider, among others, the following: ? Maintain adequate documentation to support the allowability of its expenditures. ? Purchases must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. ? Improve its policies and procedures, and internal controls to incorporate the comparison of the vendor invoices with the quotes after the invoice is received to ascertain that expenses and liabilities are properly recorded. Instruct personnel of accounts payable to contact the vendor when discrepancies are identified and document in writing the inquiry performed, the results, and conclusions. ? Implement a formal process with receiving reports or checklist where upon receipt of equipment and/or materials purchased could detail description, amount received, date of receipt, and a reference to the invoice. Copies of the receiving reports and invoices should then be forwarded to the accounting department for processing. Payment of a vendor?s invoice should not be made unless a copy of a receiving report is attached. ? The Institution management should review the Loss of Revenue claims and/or analysis performed by any employee or consultant that was designated to perform such a task. The Institution?s management should verify and ascertain that the analysis performed using the Institution?s financial information agree with the Institution?s audited financial statements. ? The Institution?s management should consult with the US Department of Education program coordinator when questions or concerns arise, especially if management is not familiar with program regulations and/or the federal program is new. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Earmarking Condition and context We inquired the Institution?s management on the amount of institutional funds assigned to: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA, and how the Institution documented how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. However, this information was not available for our examination. Criteria The Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021 and updated on May 24, 2021 and October 25, 2022 in questions number 21, 28 and 35, respectively, establish that the ARP has added two new required uses of HEERF III institutional portion grant funds for public and private nonprofit institutions. Namely, a portion of their institutional funds must: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA. This provision of ARP requires institutions to use some of their ARP (a)(1) Institutional Portion funds to help fight the spread and transmission of COVID-19 on their campuses and among their student, faculty, and staff community members. This provision also applies to future ARP awards the Department will make under (a)(2) and (a)(3). It is critical that institutions take steps to prevent and mitigate the spread of coronavirus on their campuses and local communities. Institutions should document how they implemented these two required activities consistent with 2 CFR ? 200.334. Specifically, institutions should document (1) the strategies used to monitor and suppress COVID-19, (2) the evidence to support those strategies, (3) how those strategies were in accordance with public health guidelines, (4) the manner and extent of the direct outreach the institution conducted to financial aid applicants, and (5) how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The Institution?s management was not familiar with this requirement. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Questioned costs Unable to determine. Identification as a Repeat Finding No repeated finding. Recommendation We recommend that the Institution management review this compliance requirement and verify if the Institution assigned and expended funds related to these activities. It is important that the Institution management ascertain that expenditures identified comply with the characteristics and requirements as explained in the Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021, as subsequently updated. Also, the Institution must document and maintain an audit trail of the transactions incurred to comply with this requirement. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Procurement, and suspension and debarment Condition and context In testing compliance and internal controls over the procurement, and suspension and debarment requirement, we tested the procurement documentation related to the expenditures selected for the allowable cost / cost principles test (see Finding No. 2022-006). Of the ten (10) transactions selected, nine (9) transactions required compliance with this requirement. We noted that those nine (9) transactions, which amounted to $164,592, were related to seven (7) procurement transactions. Our sample was not a statistically valid sample. During our test, we noted the following deficiencies: a) In one of seven (7) procurement transactions tested (14%), no quotes were available for examination. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In one of seven (7) procurement transactions tested (14%), only two quotes were available for examination. As per inquiry to the Institution?s management no other quotes were requested. c) In five of seven (7) procurement transactions tested (72%), only one quote was available for examination. As per inquiry to the Institution?s management no other quotes were requested. Condition and context d) For five (5) of the seven (7) procurement transactions tested (71%), a suspension and debarred verification requirement was applicable. For 100% of those five (5) transactions no evidence was provided that the Institution verified the contractors were not debarred, suspended, or otherwise excluded (2 CFR sections 200.212 and 200.318(h); 2 CFR section 180.300; 48 CFR section 52.209-6). However, on March 20, 2023 we performed an inquiry in the Sam system and no records of exclusion were found for those contractors. Criteria 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.318 (i) establishes that the non-Federal entity must maintain records sufficient to detail the history of procurement. These records will include, but are not necessarily limited to, the following: Rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.319 (a) establishes that all procurement transactions for the acquisition of property or services required under a Federal award must be conducted in a manner providing full and open competition consistent with the standards of this section and ? 200.320. 2 CFR 200.319 (d) establishes that the non-Federal entity must have written procedures for procurement transactions. These procedures must ensure that all solicitations: incorporate a clear and accurate description of the technical requirements for the material, product, or service to be procured. Such description must not, in competitive procurements, contain features which unduly restrict competition. The description may include a statement of the qualitative nature of the material, product, or service to be procured and, when necessary, must set forth those minimum essential characteristics and standards to which it must conform if it is to satisfy its intended use. Detailed product specifications should be avoided if at all possible. When it is impractical or uneconomical to make a clear and accurate description of the technical requirements, a ?brand name or equivalent? description may be used as a means to define the performance or other salient requirements of procurement. The specific features of the named brand which must be met by offers must be clearly stated; and identify all requirements which the offerors must fulfill and all other factors to be used in evaluating bids or proposals. 2 CFR 200.319 (f) establishes that noncompetitive procurements can only be awarded in accordance with ? 200.320(c). 2 CFR 200.320 establishes that the non-Federal entity must have and use documented procurement procedures, consistent with the standards of this section and ?? 200.317, 200.318, and 200.319 for any of the methods of procurement used for the acquisition of property or services required under a Federal award or sub-award. 2 CFR 200.320 (a) (1) (ii) and (a) (2) (i) establish that micro-purchases may be awarded without soliciting competitive price or rate quotations if the non-Federal entity considers the price to be reasonable based on research, experience, purchase history or other information and documents it files accordingly. The acquisition of property or services, the aggregate dollar amount of which is higher than the micro-purchase threshold but does not exceed the simplified acquisition threshold. If small purchase procedures are used, price or rate quotations must be obtained from an adequate number of qualified sources as determined appropriate by the non-Federal entity. 2 CFR 200.320 (c) establishes that there are specific circumstances in which noncompetitive procurement can be used. Noncompetitive procurement can only be awarded if one or more of the following circumstances apply: (1) the acquisition of property or services, the aggregate dollar amount of which does not exceed the micro-purchase threshold (see paragraph (a)(1) of this section); (2) the item is available only from a single source; (3) the public exigency or emergency for the requirement will not permit a delay resulting from publicizing a competitive solicitation; (4) the Federal awarding agency or pass-through entity expressly authorizes a noncompetitive procurement in response to a written request from the non-Federal entity; or (5) after solicitation of a number of sources, competition is determined inadequate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.318 (h) establishes that the non-Federal entity must award contracts only to responsible contractors possessing the ability to perform successfully under the terms and conditions of a proposed procurement. Consideration will be given to such matters as contractor integrity, compliance with public policy, record of past performance, and financial and technical resources. 2 CFR 200.214 establishes that non-Federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR part 180. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Cause Lack of written policies and procedures did not provide the Institution?s personnel responsible for the procurement process a guidance on how to perform and document the procurement transactions under this federal program. Also, the failure to implement adequate internal control procedures, such as thorough management review, which should detect and correct, on a timely basis, instances where controls are not being followed. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, above conditions could result in the reimbursement of federal funds to the grantors for those transactions not properly supported and/or in compliance with regulations. Questioned costs $158,693 Identification as a Repeat Finding No repeated finding. Recommendations The Institution should verify that its policies and procedures are in accordance with federal regulations requirements. In addition, the Institution should develop written procedures before entering into new federal programs or before incurring transactions subject to compliance with federal regulations to prevent and reduce the risk of non-compliance. Also, all procurement transactions must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. The Institution?s personnel responsible for the management and processing of procurement transactions subject to federal regulations must be provided adequate training and supervision. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance Listings number and name: 12.401 National Guard Military Operations and Maintenance (O&M) Projects Award numbers and years: W912L2-21-2-1000, October 1, 2020 through September 30, 2021; W912L2-22-2-1000, October 1, 2021 through September 30, 2022 Federal agency: U.S. Department of Defense Compliance requirements: Activities allowed or unallowed and allowable costs/cost principles Questioned costs: $125,288 Condition—Contrary to federal regulations and its policies, the Department of Emergency Military Affairs (Department) did not always retain documentation supporting the payroll costs it charged to the program. Specifically, the Department had not retained the personnel action forms supporting and approving employees’ pay rates and authorizing them to work on the program for 4 of 21 employees we tested, as follows: • $123,968 for 3 employees’ annual payroll costs and employee-related expenses for which each employee’s salaries and wages and authorization to work on the program were not supported by documented personnel action forms. • $1,320 for 1 employee whose previous personnel action form authorized their working on the program but whose most recent pay rate increase was not supported by a documented personnel action form. Effect—The Department’s failure to retain documentation supporting payroll costs could potentially result in the Department being required to return monies spent on unallowable costs to the federal agency or adjust its program’s costs so that monies are spent for allowable costs.1 During fiscal year 2022, the Department paid 323 employees $15,486,984 of salaries and wages, including employee-related expenses, that were charged to the program. There is a risk that the Department could have potentially charged additional payroll costs to the program without maintaining the required supporting documentation. Finally, the Department is at risk that this finding applies to other federal programs it administers. Cause—The Department’s Administrative Services Office (Office) was not adequately trained to follow the documentation and record retention policy. Specifically, the Office reported that it did not retain the personnel action records as they were unaware that all employee personnel records were required to be retained for 5 years after an employee’s termination. Instead, the Office interpreted the policy to only require these documents to be retained for 5 years after the documents were originally created. Criteria—The Department’s record retention policies require its Administrative Services Office to retain for 5 years after an employee’s termination all the employee’s employment records, including personnel action forms authorizing employee pay rate changes and program assignments.2 Federal regulation requires the Department to retain all records related to a federal program for a period of 3 years from the date the program’s final report was submitted to the federal awarding agency or pass-through grantor (2 CFR §200.334). Also, federal regulation requires the Department to maintain records for salaries and wages charged to federal awards that accurately reflect the work performed and are supported by policies and internal controls to ensure they are accurate, allowable, and properly allocated (2 CFR §200.430[i][1][i]). Further, federal regulation requires establishing and maintaining effective internal control over federal awards that provides reasonable assurance that federal programs are being managed in compliance with all applicable laws, regulations, and award terms (2 CFR §200.303). Recommendations—The Department should: 1. Ensure documentation is retained for all personnel actions to demonstrate employees’ salaries and wages, including employee-related expenses, are authorized to be charged to the program. 2. Review all employee personnel files for employees currently paid under the program to ensure the required documentation has been retained. If the documentation has not been retained, program management should review the employees’ activities to ensure they are allowable under the program and prepare and retain the required documentation. Further, if employee activities are determined to be unallowable, coordinate with the U.S. Department of Defense to adjust future federal reimbursement requests or repay any unallowable costs the Department charged to the program. 3. Train its Administrative Services Office and Department employees who are responsible for administering federal programs on the documentation and record retention requirements for payroll costs charged to federal programs. The State’s corrective action plan at the end of this report includes the views and planned corrective action of its responsible officials. We are not required to and have not audited these responses and planned corrective actions and therefore provide no assurances as to their accuracy. 1 Federal Uniform Guidance requires federal awarding agencies to follow up on audit findings and issue a management decision to ensure the recipient, the Office, takes appropriate and timely corrective action (2 CFR §200.513[c]). Further, it requires that federal awarding agencies’ management decisions clearly state whether or not the audit finding is sustained, the reasons for the decision, and the expected auditee action to repay disallowed costs, make financial adjustments, or take other action, as directed by the federal awarding agencies (2 CFR §200.521). 2 Arizona Department of Emergency Military Affairs (DEMA), State Human Resources Administration. (2007, October). DEMA Directive 20.1, section 1.3. Retrieved 9/13/2023 from https://dema.az.gov/sites/default/files/2023-08/20.1_State_Human_Resources_Administration_20071001.pdf.