FINDING 2023-009 Subject: COVID-19 - Education Stabilization Fund - Allowable Costs/Costs Principles Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Numbers: 84.425D, 84.425U, 84.425C, 84.425W Federal Award Numbers and Years (or Other Identifying Numbers): S425D200013, S425D210013, S425U210013, S425C200018, S425W210015 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Allowable Costs/Costs Principles Audit Findings: Material Weakness, Other Matters Condition and Context The COVID-19 - Education Stabilization Fund established by the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and further funded by the Coronavirus Response and Relief Supplemental Appropriations Act (CRSSA) and the American Rescue Plan (ARP) Act, was for the purpose of preventing, preparing for, or responding to the novel coronavirus. Based on information obtained during the audit, the scope of testing was expanded to include additional transactions in order to assess compliance with federal grant requirements. The expanded testing was necessary to obtain sufficient evidence regarding the allowability and documentation of grant expenditures. The following issues were noted during testing: Vendor Disbursements The School Corporation was unable to provide supporting documentation for three vendors tested: Mamas Against Violence, LTIA, and Kingdom Life. Although Memorandums of Understanding (MOUs) were initiated by the Treasurer, no evidence was provided to demonstrate that the MOUs were reviewed or approved by the School Board at the time of execution. Information provided was based on documentation generated by the School Corporation, including purchase orders, handwritten vendor claim forms, and copies of check payments. However, no itemized vendor invoices were submitted to substantiate the services provided or the payments made, nor to detail the nature of the services rendered. In addition, the School Corporation was unable to provide supporting documentation to verify student participation or substantiate any of the reported metrics associated with the MOU agreements. Payroll Records Out of ten additional payroll transactions tested, three employee pay rates could not be verified. One employee's pay rate did not agree with the salary ordinance, and the School Corporation was unable to provide documentation confirming School Board approval of the rate. The second employee's compensation could not be traced to specific work performed, as neither an hourly rate nor the number of hours worked was documented. The third employee's authorized salary was $30 per hour; however, the issued paycheck reflected $20 per hour. These issues combined resulted in known questioned costs of $38,400. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: INDIANA STATE BOARD OF ACCOUNTS 35 SOUTH BEND COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.403 states in part: "Except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: (a) Be necessary and reasonable for the performance of the Federal award and be allocable thereto under these principles. (b) Conform to any limitations or exclusions set forth in these principles or in the Federal award as to types or amount of cost items. . . . (g) Be adequately documented. . . ." 2 CFR 200.430(i) states in part: "Standards for documentation of Personnel Expenses (1) Charges to Federal awards for salaries and wages must be based on records that accurately reflect the work performed. These records must: (i) Be supported by a system of internal control which provides reasonable assurance that the charges are accurate, allowable, and properly allocated; (ii) Be incorporated into the official records of the non-Federal entity; (iii) Reasonably reflect the total activity for which the employee is compensated by the non-Federal entity, not exceeding 100% of compensated activities (for IHE, this per the IHE's definition of IBS); . . . (vii) Support the distribution of the employee's salary or wages among specific activities or cost objectives if the employee works on more than one Federal award; a Federal award and non-Federal award; an indirect cost activity and a direct cost activity; two or more indirect activities which are allocated using different allocation bases; or an unallowable activity and a direct or indirect cost activity. . . ." INDIANA STATE BOARD OF ACCOUNTS 36 SOUTH BEND COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Cause The School Corporation demonstrated weaknesses in documentation and compliance practices. Vendor contracts and payments lacked adequate supporting records, including evidence of the School Board approval for MOUs and itemized invoices. The School Board approved pay rates, hours worked, and reconciliation of authorized salaries to amounts paid, limiting the ability to verify the accuracy and appropriateness of expenditures. Effect Without proper documentation, the allowability of grant expenditures cannot be substantiated, creating a risk that unallowable costs may be charged to the federal grant. In addition, incomplete payroll records prevent verification of compensation, heightening the risk of inaccurate payments, unsupported variances, and potential misuse of federal funds. Questioned Costs Questioned costs in the amount of $38,400 were identified as described in the Condition and Context. Recommendation To address these deficiencies, the School Corporation should strengthen documentation practices by ensuring all vendor contracts, MOUs, and invoices are properly reviewed, approved by the School Board, and retained. Payroll internal controls should be improved by reconciling authorized salary ordinances to actual pay rates, documenting hours worked, and retaining evidence of the School Board approval for all compensation. In addition, periodic monitoring and internal reviews should be implemented to verify adherence to federal grant requirements and School Corporation policies, thereby reducing the risk of noncompliance and enhancing accountability. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2023-010 Subject: COVID-19 - Education Stabilization Fund - Reporting Federal Agency: Department of Education Federal Program: COVID-19 - Education Stabilization Fund Assistance Listings Numbers: 84.425D, 84.425U, 84.425C, 84.425W Federal Award Numbers and Years (or Other Identifying Numbers): S425D200013, S425D210013, S425U210013, S425C200018, S425W210015 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2022-007. INDIANA STATE BOARD OF ACCOUNTS 37 SOUTH BEND COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Condition and Context The School Corporation was required to submit an annual data report to the Indiana Department of Education (IDOE) via JotForm, a form/report builder. Data to be submitted included, but was not limited to, current period expenditures, prior period expenditures, and expenditures per activity. During the audit period the School Corporation submitted one ESSER I report, one ESSER II report, and one ESSER III report, for a total of three reports. An effective internal control system was not in place at the School Corporation to ensure these reports were accurate. As such, the annual data reports were prepared and submitted to the IDOE without an oversight or review process to prevent or detect and correct errors. All three reports submitted during the audit period were not supported by the School Corporation's records. The following errors were identified: The ESSER I, Year 3 report, which had an applicable reporting period of July 1, 2021 to June 30, 2022, reported $1,526,046 in expenditures. However, actual expenditures for the applicable reporting period totaled $1,601,347. The ESSER II, Year 2 report, which had an applicable reporting period of July 1, 2021 to June 30, 2022, reported $10,293,210 in expenditures. However, actual expenditures for the applicable reporting period totaled $9,750,555. The ESSER III, Year 2 report, which had an applicable reporting period of July 1, 2021 to June 30, 2022, reported $15,939,167 in expenditures. However, actual expenditures for the applicable reporting period totaled $17,220,521. During the audit period, the School Corporation also received eight total reimbursements related to the COVID-19 - Education Stabilization Fund grant. The School Corporation received two GEER reimbursements, two ESSER I reimbursements, two ESSER II reimbursements, two ESSER III reimbursements, and 2 ARP HCY reimbursements. All reimbursement request forms were tested against the School Corporations records for accuracy. Of the eight reimbursements requested, six forms tested were not supported by the School Corporation's records. The following errors were identified: GEER reimbursement requests forms were overstated by $3,580 compared to the School Corporation's records. ESSER I reimbursement request forms were $860,284 overstated compared to the School Corporation's records. ESSER II reimbursement request forms were overstated by $221,808 compared to the School Corporation's records. ESSER III reimbursement request forms were understated by $220,484 compared to the School Corporation's records. The lack of internal controls and noncompliance were systemic issues throughout the audit period. INDIANA STATE BOARD OF ACCOUNTS 38 SOUTH BEND COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for the Federal awards that are renewed quarterly or annual, from the date of submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 200.302(b) states in part: "The financial management system of each non-Federal entity must provide for the following. . . . (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in §§ 200.328 and 200.329. . . ." 34 CFR 76.722 states: "A State may require a subgrantee to submit reports in a manner and format that assists the State in complying with the requirements under 34 CFR 76.720 and in carrying out other responsibilities under the program." Cause The School Corporation did not establish or implement a properly designed internal control system, including appropriate segregation of duties, to ensure the accuracy and reliability of financial data submitted to the IDOE. The absence of formal review procedures, oversight mechanisms, and reconciliation processes resulted in the submission of materially misstated annual data reports and reimbursement requests. Contributing factors included inadequate staff training on federal reporting requirements, the lack of documented financial reporting policies, and insufficient allocation of resources to monitor compliance with grant guidelines. Effect As a result, the annual data reports submitted to the IDOE via JotForm were materially misstated and lacked proper support from the School Corporation's financial records. Additionally, six out of eight reimbursement request forms tested during the audit period were either overstated or understated, reflecting inconsistent and inaccurate financial reporting tied to federal grant activity. These systemic errors represent significant noncompliance and undermine the reliability of reporting used for state and federal oversight. INDIANA STATE BOARD OF ACCOUNTS 39 SOUTH BEND COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Questioned Costs There were no questioned costs identified Recommendation The School Corporation should strengthen its financial reporting processes related to federal grant activity by implementing a formal internal control system that ensures accuracy, consistency, and proper documentation. This includes reconciling financial records with data submitted through JotForm, establishing review procedures for reimbursement requests, and assigning qualified personnel to verify all reports prior to submission. Staff responsible for grant management and financial reporting should receive necessary support and resources regarding federal documentation standards and reporting requirements. The School Corporation should adopt standardized documentation policies and procedures across all departments to ensure compliance and oversight. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2022-003 Subject: CDBG - Entitlement Grants Cluster - Reporting Federal Agency: Department of Housing and Urban Development Federal Program: Community Development Block Grants/Entitlement Grants Assistance Listings Number: 14.218 Federal Award Numbers and Years (or Other Identifying Numbers): B-20-MC-0010, B-21-MC-18-0010, B-22-MC-18-0010, M-20-MW-18-0010 Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2021-003. Condition and Context The City had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties that would likely be effective in preventing, or detecting and correcting, noncompliance. Recipients are required to submit financial, performance, and special reports annually or quarterly depending on the specifics of their CDBG - Entitlement Grant. Financial reports are entered into the Integrated Disbursement and Information System (IDIS). Grantees may include reports generated by the IDIS as part of their annual performance and evaluation reports that must be submitted 90 days after the end of the grantee's program year. Information to be tested from the IDIS is in the following system-generated reports: PR-26 - CDBG Financial Summary Report, PR26 - CDBG-CV Financial Summary Report, PR-26 CDBG Activity Summary by Selected Grant, PR-29 CDBG Cash on Hand Quarterly Reporting, and the PR-29 CDBG-CV Cash on Hand Quarterly Report. In addition, under the Federal Funding Accountability and Transparency Act (FFATA) grantees are required to report first-tier subawards of $30,000 or more to the FFATA Subaward System. The City, based on the grants received, was required to submit the following reports during the audit period: the PR-29 CDBG Cash on Hand Quarterly Report, the PR-26 CDBG Financial Summary Report, and the FFATA reports. PR-29 CDBG CV Cash on Hand Reporting The City submitted the four required quarterly reports; however, a single employee prepared and submitted the reports without a review or oversight process in place to prevent, or detect and correct, errors. Federal Funding and Transparency Act (FFATA) Reporting The City submitted the two required FFATA reports for the two subaward recipients that received over $30,000. Although the reports were prepared by one individual and approved by another, the internal control was not effective and did not detect and allow correction of errors prior to submission. Due to the lack of effective internal controls the following key data elements were missing: Subawardee DUNS number, Subaward obligation/action date, and the date of report submission (report submitted timely). The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 170, Appendix A(I)(a) states in part: "Reporting of first-tier subawards. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non- Federal entity or Federal agency . . . 2. Where and when to report. i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov. ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.) 3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify . . ." Cause A proper system of internal controls was not designed by management of the City, which would include segregation of key functions. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the City's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper design or implementation of the components of a system of internal controls, including policies and procedures that provide segregation of duties and additional oversight as needed, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, reports were not filed timely with all required key line items. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the City. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the City establish a proper system of internal controls, including strengthening their policies and procedures to ensure all required reports are filed and all required information is provided and supported by the City's records in a timely manner. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2022-003 Subject: Medicaid Cluster - Reporting Federal Agency: Department of Health and Human Services Federal Program: Medical Assistance Program Assistance Listings Number: 93.778 Federal Award Number and Year (or Other Identifying Number): FY2022 Pass-Through Entity: Indiana Family and Social Services Administration Compliance Requirement: Reporting Audit Findings: Material Weakness, Modified Opinion Condition and Context The Township had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties that would likely be effective in preventing, or detecting and correcting, material noncompliance related to expenditures made from the Medicaid Cluster. The Medicaid Cluster consists of three federal programs. However, the Township received funding from only one program, the Medicaid Assistance Program. The Medicaid Assistance Program grant funding is provided by the Indiana Family and Social Services Administration (FSSA) to Freestanding Governmental Ambulance Providers, such as the Township, based on a Cost Report for funding. The Cost Report for funding utilizes all costs associated with the operation of the Township's ambulance program in conjunction with other metrics such as ambulance runs, total charges, and Medicaid charges to determine the federal ambulance payment adjustment, the amount received by the Township. The Township utilized its Fire Operations fund to account for both fire and ambulance services. Costs were allocated between fire and ambulance services as necessary. Expenditures related to ambulance services were included in the Township's Cost Report to determine the reimbursement due to the Township. The funding received during the audit period was based on expenditures and data from January 1, 2019 to December 31, 2019, and as such, internal controls for that period were reviewed. The Cost Report for the Medicaid Program was prepared by the Township's contracted CPA firm using information provided by the Township. The Township provided reports detailing run data, expenditures, and charges (both Medicaid and non-Medicaid) to the CPA firm. The CPA firm prepared the report and submitted it to the Indiana FSSA. The Township did not participate in the preparation or submission process, nor complete a review of the report prior to submission. As such, the Township could not ensure that the information provided was properly utilized or that the report was accurate. Additionally, for five of the seven key line items tested, the Township could not provide supporting documentation. The lack of supporting documentation for Ambulance Runs, Fire Runs, EMT Salaries, Fire Salaries, and Total Ambulance Cost on the 2019 Cost Report prevented the determination of the accuracy of these line items. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. . . ." Cause A proper system of internal controls over the Medicaid Cluster expenditures was not designed by management of the Township, which would include segregation of key functions to ensure the Medicaid Cluster funds were appropriately reported. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the Township's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, including policies and procedures that provide segregation of duties and additional oversight as needed, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the Township. In addition, not supporting key line items increases the likelihood that information is not accurate and properly reported to FSSA and the public. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the Township design and implement a proper system of internal controls that would provide segregation of duties for the preparation of the Cost Report for Reimbursement for the Medicaid Cluster awards. Additionally, policies and procedures should be implemented to ensure appropriate reviews, approvals, and oversight are taking place. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2022-004 Subject: Staffing for Adequate Fire and Emergency Response (SAFER) - Cash Management Federal Agency: Department of Homeland Security Federal Program: Staffing for Adequate Fire and Emergency Response (SAFER) Assistance Listings Number: 97.083 Federal Award Number and Year (or Other Identifying Number): EMW-2019-FF-00944 Compliance Requirement: Cash Management Audit Findings: Material Weakness, Modified Opinion Condition and Context The Township submits request for reimbursements to the Federal Emergency Management Agency of the Department of Homeland Security. The reimbursement method of cash management requires the Township to retain supporting documentation that shows the costs for which reimbursement was requested were paid prior to the reimbursement date. The Township was awarded a SAFER grant to increase the number of firefighters and was approved for personnel and fringe benefits costs, which includes health insurance, for nine additional firefighters. The Township is self-insured and would make payments to third-party administrators and other benefit coordinators. The Township would pay a large dollar amount at the end of each year to its selfinsurance benefit coordinators for the next year's benefit, and then additional payments throughout the year as needed for employee's medical claim coverage. These payments were made from various Township funds and the Payroll Deductions fund. Additionally, the payroll deductions for health insurance, including those for employees paid from the grant, would accumulate in the Payroll Deductions fund, and be used for payments to the benefit coordinators as needed and the payment of the next year's required funding. The amount submitted for reimbursement for health insurance benefits were based upon a calculation. The Township did not have supporting documentation for the calculation of those benefits that were claimed. In addition, the health insurance benefits claimed for reimbursement were not paid out of the SAFER Grant Fund and were not at a transaction level in the ledger. The health insurance benefit submitted for reimbursement could not be tied to a specific payment; thus, we were unable to determine the Township's compliance for the health benefit reimbursements being incurred and paid prior to the Township's request for reimbursement. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.302 states in part: "(a) Each state must expend and account for the Federal award in accordance with state laws and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. See also ? 200.450. (b) The financial management system of each non-Federal entity must provide for the following (see also ?? 200.334, 200.335, 200.336, and 200.337): (1) Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, Federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any. (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Similarly, a pass-through entity must not require a subrecipient to establish an accrual accounting system and must allow the subrecipient to develop accrual data for its reports on the basis of an analysis of the documentation on hand. (3) Records that identify adequately the source and application of funds for federallyfunded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. (4) Effective control over, and accountability for, all funds, property, and other assets. The non-Federal entity must adequately safeguard all assets and assure that they are used solely for authorized purposes. See ? 200.303. . . ." Cause A system of internal controls was not designed or implemented by management of the Township which would include segregation of key functions. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect management's expectation of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, health insurance benefits were requested for reimbursement without adequate supporting documentation that the amount was paid prior to the request. Noncompliance with the grant agreement and the cash management compliance requirement could result in the loss of future federal funds to the Township. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the Township establish a proper system of internal controls and develop policies and procedures to ensure expenses are paid prior to requesting reimbursement. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2022-003 Filing system and document retention. CURRENT CONDITION: The Housing Authority of the City of Greeley was unable to efficiently locate documents for the audit. CFDA#: 14.850, 14.871 CRITERIA: 24 CFR section 200.334 requires the retention of supporting documentation. CAUSE: The Authority did not have procedures or controls in place to systematically file information. EFFECT: Documents could not be located in a timely fashion. RECOMMENDATION: The Authority should standardize procedures and employee responsibilities. VIEWS OF RESPONSIBLE OFFICIALS: We will comply with the Auditor?s recommendation. DISCUSSED WITH: Tom Teixeira, September 15, 2022
FINDING 2022-001 DOCUMENT RETENTION SIGNIFICANT DEFICIENCY Federal Program: Child Care Development Block Grant Assistance Listing Number: 93.575 Criteria Per 7 CFR 200.334, ?Financial records, supporting documents, statistical records, and all other non- Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient.? Condition Salary expenses were included in the administrative costs applied to the program. Employees were to be applied to the program based on percentages set in the grant budget. IAN did not maintain documentation to support the amounts for each employee applied to the program during the year. Total payroll costs were provided for these employees. It was determined that total salary expenses applied to the grant were within the budget allotment, and no questioned costs were identified. Cause IAN did not maintain documentation to show amounts applied to the program by individual employees. Effect We were unable to see how much of each employee?s salary was specifically applied to the grant. Recommendation We recommend IAN develop internal controls requiring the maintenance of documentation to support employee allocations to federal programs. Views of Responsible Officials The School?s Corrective Action Plan is included on page 25.
#2022-011 - Major Federal Award Finding - Document Retention Nature of Finding: Compliance Finding - Uniform Guidance Administrative Requirements and Material Weakness in Internal Controls Over Compliance Criteria/Condition: Federal regulations 2 CFR 200.334 provides that a non-federal entity must retain all records pertinent to a federal award for a minimum period of three years from the date of submission of the annual financial report. We noted during testing that records were not consistently being maintained. Cause/Context: For 2 of the 40 expenditures selected for testing, the Organization was unable to provide appropriate invoice documentation supporting the amount charged to the grant. Effect: Federal expenditures could be charged to the grant at incorrect amounts or for unallowable costs. Recommendation: We recommend the Organization implement a document retention policy that is consistent with the federal document retention requirements. Views of Responsible Officials and Planned Corrective Actions: MARR will retain a CPA consultant to implement a document retention policy that is consistent with federal document retention requirements.
#2022-011 - Major Federal Award Finding - Document Retention Nature of Finding: Compliance Finding - Uniform Guidance Administrative Requirements and Material Weakness in Internal Controls Over Compliance Criteria/Condition: Federal regulations 2 CFR 200.334 provides that a non-federal entity must retain all records pertinent to a federal award for a minimum period of three years from the date of submission of the annual financial report. We noted during testing that records were not consistently being maintained. Cause/Context: For 2 of the 40 expenditures selected for testing, the Organization was unable to provide appropriate invoice documentation supporting the amount charged to the grant. Effect: Federal expenditures could be charged to the grant at incorrect amounts or for unallowable costs. Recommendation: We recommend the Organization implement a document retention policy that is consistent with the federal document retention requirements. Views of Responsible Officials and Planned Corrective Actions: MARR will retain a CPA consultant to implement a document retention policy that is consistent with federal document retention requirements.
FINDING 2022-003 Subject: CDBG - Entitlement Grants Cluster - Reporting Federal Agency: Department of Housing and Urban Development Federal Program: Community Development Block Grants/Entitlement Grants Assistance Listings Number: 14.218 Federal Award Numbers and Years (or Other Identifying Numbers): B-20-MC-0010, B-21-MC-18-0010, B-22-MC-18-0010, M-20-MW-18-0010 Compliance Requirement: Reporting Audit Findings: Material Weakness, Other Matters Repeat Finding This is a repeat finding from the immediately prior audit report. The prior audit finding number was 2021-003. Condition and Context The City had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties that would likely be effective in preventing, or detecting and correcting, noncompliance. Recipients are required to submit financial, performance, and special reports annually or quarterly depending on the specifics of their CDBG - Entitlement Grant. Financial reports are entered into the Integrated Disbursement and Information System (IDIS). Grantees may include reports generated by the IDIS as part of their annual performance and evaluation reports that must be submitted 90 days after the end of the grantee's program year. Information to be tested from the IDIS is in the following system-generated reports: PR-26 - CDBG Financial Summary Report, PR26 - CDBG-CV Financial Summary Report, PR-26 CDBG Activity Summary by Selected Grant, PR-29 CDBG Cash on Hand Quarterly Reporting, and the PR-29 CDBG-CV Cash on Hand Quarterly Report. In addition, under the Federal Funding Accountability and Transparency Act (FFATA) grantees are required to report first-tier subawards of $30,000 or more to the FFATA Subaward System. The City, based on the grants received, was required to submit the following reports during the audit period: the PR-29 CDBG Cash on Hand Quarterly Report, the PR-26 CDBG Financial Summary Report, and the FFATA reports. PR-29 CDBG CV Cash on Hand Reporting The City submitted the four required quarterly reports; however, a single employee prepared and submitted the reports without a review or oversight process in place to prevent, or detect and correct, errors. Federal Funding and Transparency Act (FFATA) Reporting The City submitted the two required FFATA reports for the two subaward recipients that received over $30,000. Although the reports were prepared by one individual and approved by another, the internal control was not effective and did not detect and allow correction of errors prior to submission. Due to the lack of effective internal controls the following key data elements were missing: Subawardee DUNS number, Subaward obligation/action date, and the date of report submission (report submitted timely). The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. . . ." 2 CFR 170, Appendix A(I)(a) states in part: "Reporting of first-tier subawards. Applicability. Unless you are exempt as provided in paragraph d. of this award term, you must report each action that equals or exceeds $30,000 in Federal funds for a subaward to a non- Federal entity or Federal agency . . . 2. Where and when to report. i. The non-Federal entity or Federal agency must report each obligating action described in paragraph a.1. of this award term to http://www.fsrs.gov. ii. For subaward information, report no later than the end of the month following the month in which the obligation was made. (For example, if the obligation was made on November 7, 2010, the obligation must be reported by no later than December 31, 2010.) 3. What to report. You must report the information about each obligating action that the submission instructions posted at http://www.fsrs.gov specify . . ." Cause A proper system of internal controls was not designed by management of the City, which would include segregation of key functions. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the City's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper design or implementation of the components of a system of internal controls, including policies and procedures that provide segregation of duties and additional oversight as needed, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, reports were not filed timely with all required key line items. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the City. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the City establish a proper system of internal controls, including strengthening their policies and procedures to ensure all required reports are filed and all required information is provided and supported by the City's records in a timely manner. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2022-003 Subject: Medicaid Cluster - Reporting Federal Agency: Department of Health and Human Services Federal Program: Medical Assistance Program Assistance Listings Number: 93.778 Federal Award Number and Year (or Other Identifying Number): FY2022 Pass-Through Entity: Indiana Family and Social Services Administration Compliance Requirement: Reporting Audit Findings: Material Weakness, Modified Opinion Condition and Context The Township had not properly designed or implemented a system of internal controls, which would include appropriate segregation of duties that would likely be effective in preventing, or detecting and correcting, material noncompliance related to expenditures made from the Medicaid Cluster. The Medicaid Cluster consists of three federal programs. However, the Township received funding from only one program, the Medicaid Assistance Program. The Medicaid Assistance Program grant funding is provided by the Indiana Family and Social Services Administration (FSSA) to Freestanding Governmental Ambulance Providers, such as the Township, based on a Cost Report for funding. The Cost Report for funding utilizes all costs associated with the operation of the Township's ambulance program in conjunction with other metrics such as ambulance runs, total charges, and Medicaid charges to determine the federal ambulance payment adjustment, the amount received by the Township. The Township utilized its Fire Operations fund to account for both fire and ambulance services. Costs were allocated between fire and ambulance services as necessary. Expenditures related to ambulance services were included in the Township's Cost Report to determine the reimbursement due to the Township. The funding received during the audit period was based on expenditures and data from January 1, 2019 to December 31, 2019, and as such, internal controls for that period were reviewed. The Cost Report for the Medicaid Program was prepared by the Township's contracted CPA firm using information provided by the Township. The Township provided reports detailing run data, expenditures, and charges (both Medicaid and non-Medicaid) to the CPA firm. The CPA firm prepared the report and submitted it to the Indiana FSSA. The Township did not participate in the preparation or submission process, nor complete a review of the report prior to submission. As such, the Township could not ensure that the information provided was properly utilized or that the report was accurate. Additionally, for five of the seven key line items tested, the Township could not provide supporting documentation. The lack of supporting documentation for Ambulance Runs, Fire Runs, EMT Salaries, Fire Salaries, and Total Ambulance Cost on the 2019 Cost Report prevented the determination of the accuracy of these line items. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.334 states in part: "Financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. . . ." Cause A proper system of internal controls over the Medicaid Cluster expenditures was not designed by management of the Township, which would include segregation of key functions to ensure the Medicaid Cluster funds were appropriately reported. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect the Township's management statements of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, including policies and procedures that provide segregation of duties and additional oversight as needed, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. Noncompliance with the provisions of federal statutes, regulations, and the terms and conditions of the federal award could result in the loss of future federal funding to the Township. In addition, not supporting key line items increases the likelihood that information is not accurate and properly reported to FSSA and the public. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the Township design and implement a proper system of internal controls that would provide segregation of duties for the preparation of the Cost Report for Reimbursement for the Medicaid Cluster awards. Additionally, policies and procedures should be implemented to ensure appropriate reviews, approvals, and oversight are taking place. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
FINDING 2022-004 Subject: Staffing for Adequate Fire and Emergency Response (SAFER) - Cash Management Federal Agency: Department of Homeland Security Federal Program: Staffing for Adequate Fire and Emergency Response (SAFER) Assistance Listings Number: 97.083 Federal Award Number and Year (or Other Identifying Number): EMW-2019-FF-00944 Compliance Requirement: Cash Management Audit Findings: Material Weakness, Modified Opinion Condition and Context The Township submits request for reimbursements to the Federal Emergency Management Agency of the Department of Homeland Security. The reimbursement method of cash management requires the Township to retain supporting documentation that shows the costs for which reimbursement was requested were paid prior to the reimbursement date. The Township was awarded a SAFER grant to increase the number of firefighters and was approved for personnel and fringe benefits costs, which includes health insurance, for nine additional firefighters. The Township is self-insured and would make payments to third-party administrators and other benefit coordinators. The Township would pay a large dollar amount at the end of each year to its selfinsurance benefit coordinators for the next year's benefit, and then additional payments throughout the year as needed for employee's medical claim coverage. These payments were made from various Township funds and the Payroll Deductions fund. Additionally, the payroll deductions for health insurance, including those for employees paid from the grant, would accumulate in the Payroll Deductions fund, and be used for payments to the benefit coordinators as needed and the payment of the next year's required funding. The amount submitted for reimbursement for health insurance benefits were based upon a calculation. The Township did not have supporting documentation for the calculation of those benefits that were claimed. In addition, the health insurance benefits claimed for reimbursement were not paid out of the SAFER Grant Fund and were not at a transaction level in the ledger. The health insurance benefit submitted for reimbursement could not be tied to a specific payment; thus, we were unable to determine the Township's compliance for the health benefit reimbursements being incurred and paid prior to the Township's request for reimbursement. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 2 CFR 200.302 states in part: "(a) Each state must expend and account for the Federal award in accordance with state laws and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. See also ? 200.450. (b) The financial management system of each non-Federal entity must provide for the following (see also ?? 200.334, 200.335, 200.336, and 200.337): (1) Identification, in its accounts, of all Federal awards received and expended and the Federal programs under which they were received. Federal program and Federal award identification must include, as applicable, the Assistance Listings title and number, Federal award identification number and year, name of the Federal agency, and name of the pass-through entity, if any. (2) Accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Similarly, a pass-through entity must not require a subrecipient to establish an accrual accounting system and must allow the subrecipient to develop accrual data for its reports on the basis of an analysis of the documentation on hand. (3) Records that identify adequately the source and application of funds for federallyfunded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income and interest and be supported by source documentation. (4) Effective control over, and accountability for, all funds, property, and other assets. The non-Federal entity must adequately safeguard all assets and assure that they are used solely for authorized purposes. See ? 200.303. . . ." Cause A system of internal controls was not designed or implemented by management of the Township which would include segregation of key functions. Embedded within a properly designed and implemented internal control system should be internal controls consisting of policies and procedures. Policies reflect management's expectation of what should be done to effect internal controls, and procedures should consist of actions that would implement these policies. Effect Without the proper implementation of an effectively designed system of internal controls, the internal control system cannot be capable of effectively preventing, or detecting and correcting, material noncompliance. As a result, health insurance benefits were requested for reimbursement without adequate supporting documentation that the amount was paid prior to the request. Noncompliance with the grant agreement and the cash management compliance requirement could result in the loss of future federal funds to the Township. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the Township establish a proper system of internal controls and develop policies and procedures to ensure expenses are paid prior to requesting reimbursement. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.
2022-003 Filing system and document retention. CURRENT CONDITION: The Housing Authority of the City of Greeley was unable to efficiently locate documents for the audit. CFDA#: 14.850, 14.871 CRITERIA: 24 CFR section 200.334 requires the retention of supporting documentation. CAUSE: The Authority did not have procedures or controls in place to systematically file information. EFFECT: Documents could not be located in a timely fashion. RECOMMENDATION: The Authority should standardize procedures and employee responsibilities. VIEWS OF RESPONSIBLE OFFICIALS: We will comply with the Auditor?s recommendation. DISCUSSED WITH: Tom Teixeira, September 15, 2022
FINDING 2022-001 DOCUMENT RETENTION SIGNIFICANT DEFICIENCY Federal Program: Child Care Development Block Grant Assistance Listing Number: 93.575 Criteria Per 7 CFR 200.334, ?Financial records, supporting documents, statistical records, and all other non- Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient.? Condition Salary expenses were included in the administrative costs applied to the program. Employees were to be applied to the program based on percentages set in the grant budget. IAN did not maintain documentation to support the amounts for each employee applied to the program during the year. Total payroll costs were provided for these employees. It was determined that total salary expenses applied to the grant were within the budget allotment, and no questioned costs were identified. Cause IAN did not maintain documentation to show amounts applied to the program by individual employees. Effect We were unable to see how much of each employee?s salary was specifically applied to the grant. Recommendation We recommend IAN develop internal controls requiring the maintenance of documentation to support employee allocations to federal programs. Views of Responsible Officials The School?s Corrective Action Plan is included on page 25.
#2022-011 - Major Federal Award Finding - Document Retention Nature of Finding: Compliance Finding - Uniform Guidance Administrative Requirements and Material Weakness in Internal Controls Over Compliance Criteria/Condition: Federal regulations 2 CFR 200.334 provides that a non-federal entity must retain all records pertinent to a federal award for a minimum period of three years from the date of submission of the annual financial report. We noted during testing that records were not consistently being maintained. Cause/Context: For 2 of the 40 expenditures selected for testing, the Organization was unable to provide appropriate invoice documentation supporting the amount charged to the grant. Effect: Federal expenditures could be charged to the grant at incorrect amounts or for unallowable costs. Recommendation: We recommend the Organization implement a document retention policy that is consistent with the federal document retention requirements. Views of Responsible Officials and Planned Corrective Actions: MARR will retain a CPA consultant to implement a document retention policy that is consistent with federal document retention requirements.
#2022-011 - Major Federal Award Finding - Document Retention Nature of Finding: Compliance Finding - Uniform Guidance Administrative Requirements and Material Weakness in Internal Controls Over Compliance Criteria/Condition: Federal regulations 2 CFR 200.334 provides that a non-federal entity must retain all records pertinent to a federal award for a minimum period of three years from the date of submission of the annual financial report. We noted during testing that records were not consistently being maintained. Cause/Context: For 2 of the 40 expenditures selected for testing, the Organization was unable to provide appropriate invoice documentation supporting the amount charged to the grant. Effect: Federal expenditures could be charged to the grant at incorrect amounts or for unallowable costs. Recommendation: We recommend the Organization implement a document retention policy that is consistent with the federal document retention requirements. Views of Responsible Officials and Planned Corrective Actions: MARR will retain a CPA consultant to implement a document retention policy that is consistent with federal document retention requirements.
Finding 2022-005: Insufficient Support for Costs Charged to Federal Award Programs Federal Agency: U.S. Department of the Treasury Assistance Listing Number: 21.027 Federal Program Name: Coronavirus State and Local Fiscal Recovery Funds Pass-through Entity: Snohomish County Human Services Pass-through Award Number: EL-22-AR-11-394 Criteria: Under 2 CFR 200.334, financial records and other supporting documents must be retained for a period of three years from the date of the submission of the annual financial report. Condition: Invoices, check copies, and other source documents could not be located to support the allowability of the costs charged to the major federal award program. Cause: The Organization had limited management and administrative staff and did not utilize a formal recordkeeping system during the year ended December 31, 2022. Further, as described in finding 2022-001, there were no written policies and procedures in place. Effect: Inadequate source documentation for costs charged to federal award programs may lead to findings in monitoring performed by oversight agencies and potential disallowed costs and/or decreases in future federal funding. Questioned Costs: Source documents could not be located for costs totaling $99,444, which represents 50% of our sample of transactions tested. Recommendation: We recommend that management implements and follows a formal record retention policy and retains receipts, invoices, and other source documents for costs charged to federal awards for a period of at least three years from the date the final financial report is submitted. Views of Responsible Officials: There is no disagreement with the finding.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
Federal Agency: U.S. Department of Health and Human Services Federal Program Name: Health Center Program Assistance Listing Number: 93.224/93.527 Federal Award Identification Number: H80CS04200-17-01 and H80CS04200-18.01 Award Periods: May 1, 2021 ? April 30, 2022; May 1, 2022 ? April 30, 2023 Type of Finding: Compliance and Significant deficiency in internal control over compliance Criteria: 2 CFR 200.329(b) requires the Federal awarding agency to use OMB approved common information collections, when providing financial and performance reporting information. As appropriate and in accordance with above mentioned information collections, the Federal awarding agency must require the recipient to relate financial data and accomplishments to performance goals and objectives of the Federal award. In addition, OMB Compliance Supplement Part IV for assistance listing number 93.224/93.527 has designated key line items within the Uniform Data System (UDS) report. 2 CFR 200.334 indicates that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency. Condition: The organization was not able to provide sufficient supporting documentation for amounts reported in Table 8A of the UDS report for calendar year 2021. Questioned Costs: None. Context: Two (2) of Seven (7) key line items tested. Cause: During the time in which the UDS report was being prepared, the organization experienced a flood at its corporate headquarters resulting in disruption of operations. As the preparation of the UDS report occurred during the aforementioned disruption, the applicable supporting documentation for two of the key line items within the UDS report, were not saved and/or maintained in electronic format in order to allow for ease of recovery.
FINDING 2022-032 Pandemic EBT Food Benefits, ALN 10.542, Reporting ? Report of Disaster Supplemental Nutrition Assistance Benefit Issuance See Schedule of Findings and Questioned Costs for chart/table. Condition MDHHS did not have a process in place to ensure it maintained documentation to support the submitted Report of Disaster Supplemental Nutrition Assistance Benefit Issuance (FNS-292B). For all 3 sampled reports, MDHHS did not retain auditable submitted information, such as copies or screen prints of submitted reports. Rather, MDHHS provided us an e-mail disclosing the information which it represented as submitted. Criteria Federal regulation 2 CFR 200.334 requires financial records, supporting documents, statistical records, and all other nonfederal entity records pertinent to a federal award must be retained for a period of three years from the date of submission of the final expenditure report. Federal Register 86:89 (11 May 2021) page 25,837 requires state agencies to report the number of eligible children and households receiving P-EBT benefits and total value of the benefits monthly. Cause MDHHS informed us it electronically submitted the FNS-292B using the Food Program Reporting System (FPRS), but it did not retain copies of the submitted reports and the submitted reports were not available in FPRS. Effect We were unable to validate the information submitted to USDA on the FNS-292B. The federal grantor agency could issue sanctions or disallowances related to noncompliance. Known Questioned Costs None. Recommendation We recommend MDHHS establish a process to ensure it maintains documentation to support submitted FNS-292B reports. Management Views MDHHS disagrees that federal regulations require MDHHS to maintain copies or screenshots of FNS-292B information reported on the federal website. MDHHS normally has the ability to access the information on the federal system. However, during audit fieldwork, the FNS-292B information MDHHS submitted on the federal website was not viewable to the auditors because the reports were under federal review. MDHHS did not a retain a copy or screen prints of the submitted reports; however, MDHHS did maintain the underlying reports used to compile the submitted FNS-292B reports and this was provided to the auditors during fieldwork. Auditor's Comments to Management View MDHHS acknowledges it did not maintain a copy or screen prints of submitted reports. Documentation of submitted reports is necessary to provide auditable information to validate the accuracy of the report submission. MDHHS provided a spreadsheet and an e-mail disclosing the information which it represented as submitted; however, this information did not substantiate the FNS-292B was accurately submitted. Therefore, the finding stands as written.
FINDING 2022-032 Pandemic EBT Food Benefits, ALN 10.542, Reporting ? Report of Disaster Supplemental Nutrition Assistance Benefit Issuance See Schedule of Findings and Questioned Costs for chart/table. Condition MDHHS did not have a process in place to ensure it maintained documentation to support the submitted Report of Disaster Supplemental Nutrition Assistance Benefit Issuance (FNS-292B). For all 3 sampled reports, MDHHS did not retain auditable submitted information, such as copies or screen prints of submitted reports. Rather, MDHHS provided us an e-mail disclosing the information which it represented as submitted. Criteria Federal regulation 2 CFR 200.334 requires financial records, supporting documents, statistical records, and all other nonfederal entity records pertinent to a federal award must be retained for a period of three years from the date of submission of the final expenditure report. Federal Register 86:89 (11 May 2021) page 25,837 requires state agencies to report the number of eligible children and households receiving P-EBT benefits and total value of the benefits monthly. Cause MDHHS informed us it electronically submitted the FNS-292B using the Food Program Reporting System (FPRS), but it did not retain copies of the submitted reports and the submitted reports were not available in FPRS. Effect We were unable to validate the information submitted to USDA on the FNS-292B. The federal grantor agency could issue sanctions or disallowances related to noncompliance. Known Questioned Costs None. Recommendation We recommend MDHHS establish a process to ensure it maintains documentation to support submitted FNS-292B reports. Management Views MDHHS disagrees that federal regulations require MDHHS to maintain copies or screenshots of FNS-292B information reported on the federal website. MDHHS normally has the ability to access the information on the federal system. However, during audit fieldwork, the FNS-292B information MDHHS submitted on the federal website was not viewable to the auditors because the reports were under federal review. MDHHS did not a retain a copy or screen prints of the submitted reports; however, MDHHS did maintain the underlying reports used to compile the submitted FNS-292B reports and this was provided to the auditors during fieldwork. Auditor's Comments to Management View MDHHS acknowledges it did not maintain a copy or screen prints of submitted reports. Documentation of submitted reports is necessary to provide auditable information to validate the accuracy of the report submission. MDHHS provided a spreadsheet and an e-mail disclosing the information which it represented as submitted; however, this information did not substantiate the FNS-292B was accurately submitted. Therefore, the finding stands as written.
Finding No.: 2022-023 Federal Agency: U.S. Department of Education AL Program: 84.425 Education Stabilization Fund AL Sub-Program: 84.425E Higher Education Emergency Relief Fund (HEERF) - Student Aid Portion Federal Award No.: COVID-19 P425E204126 AL Sub-Program: 84.425F HEERF - Institutional Portion Federal Award No.: COVID-19 P425F202732 AL Sub-Program: 84.425L HEERF - Minority Serving Institution Federal Award No.: COVID-19 P425L200219 Area: Reporting Questioned Costs: $0 Criteria: Annual Reporting - Per OMB Compliance Supplement Addendum April 2022, ED will be collecting an annual report for HEERF grantees in April 2022. ED will require institutions to report on their uses of HEERF I CARES Act funds, HEERF II CRRSAA funds, and HEERF III ARP funds in advance of the ARP annual reporting deadline. Quarterly Public Reporting for (a)(1) Student Aid Portion - Per OMB Compliance Supplement Addendum April 2022, institutions that received a HEERF 18004(a)(1) Student Aid Portion award are required to publicly post certain information on their website no later than 30 days after award and update that information every 45 days thereafter. On August 31, 2020, the frequency of reporting after the initial 30-day period decreased from every 45 days thereafter to every calendar quarter. On May 13, 2021, ED published an additional notice for student aid public reporting under CRRSAA and ARP, which requires that institution publicly post certain information on their website. Institutions must publicly post their report as soon as possible, but no later than 30 days after the publication of the notice or 30 days after the date ED first obligated funds under HEERF I, II, or III to the institution for Emergency Financial Aid Grants to Students, whichever comes later. The report must be updated no later than 10 days after the end of each calendar quarter. Quarterly Public Reporting for (a)(1) Institutional Portion and (a)(2), and (a)(3) funds - Per OMB Compliance Supplement Addendum April 2022, Quarterly Budget and Expenditure form must be conspicuously posted on the institution’s primary website on the same page the reports of the IHE’s activities as to the emergency financial aid grants to students (Student Aid Portion) are posted. The form must be posted covering each quarterly reporting period no later than 10 days after the end of each calendar quarter. Any changes or updates after initial posting must be conspicuously noted after initial posting and the date of the change must be noted in the “Date of Report” line. Furthermore, as required by 2 CFR 200.334, regardless of the need to submit an audit, all financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a federal award must be retained for a period of three years from the date of submission of the last HEERF grant’s final expenditure report. Furthermore, 2 CFR 200.303(a) states that the subrecipient must establish, document, and maintain effective internal control over the Federal award that provides reasonable assurance that the subrecipient is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should align with the guidance in “Standards for Internal Control in the Federal Government” issued by the Comptroller General of the United States or the “Internal Control-Integrated Framework” issued by the COSO. Conditions: 1. Total annual expenditures per the Annual Report Data Collection System differ from cumulative expenditures from 01/01/21 through 12/31/21 per underlying accounting records, as follows: Annual Expenditures Student Portion Institution Portion Minority Serving Institution Annual Data Collection System $2,628,200 $2,223,328 $ --- Underlying accounting records 2,554,416 1,917,546 338,297 Over (under) reporting $ 73,784 $ 305,782 $(338,297) 2. ALN 84.425E COVID-19 HEERF-Student Aid Portion A. Quarterly reports for quarters ended 12/31/2021 and 03/31/2022 that were publicly posted in the website, along with relevant documentation evidencing compliance (i.e., webmaster logs, or other relevant documentation establishing good-faith indication that the institution posted the required information at approximately timelines established by the public reporting requirements) on whether the College was timely in publicly posting its quarterly report could not be provided. B. Relevant documentation evidencing compliance (i.e., webmaster logs, or other relevant documentation establishing good-faith indication that the institution posted the required information at approximately timelines established by the public reporting requirements) on whether the College was timely in publicly posting its quarterly report for quarters ended 06/30/2022 and 09/30/2022, could not be provided. 3. 84.425F COVID-19 HEERF-Institutional Portion 84.425L COVID-19 HEERF-Minority Serving Institution A. Relevant documentation evidencing compliance (i.e., webmaster logs, or other relevant documentation establishing good-faith indication that the institution posted the required information at approximately timelines established by the public reporting requirements) on whether the College was timely in publicly posting its quarterly report for quarters ended 12/31/2021, 03/31/2022, 06/30/2022 and 09/30/2022, could not be provided. Cause: The College lacks adequate internal controls over the timely and accurate preparation and review of required reports as stipulated in the Compliance Supplement. Furthermore, the College lacks adequate internal controls regarding retaining sufficient documentation to support all reported transactions. Effect: The College is not in compliance with the applicable reporting requirements. No questioned costs are presented as the identified reporting differences do not represent overpayments, and we are unable to quantify the impact of late reporting on the program. Identified as a Repeat Finding: 2021-017 Recommendation: College management should strengthen controls so that required reports are timely and accurately prepared and reviewed and submitted within the specified timeframes to evidence compliance with the applicable reporting requirements and retain sufficient documentation to support all reported transactions. Views of Auditee and Planned Corrective Actions: The College agrees with the finding and provides details in its Corrective Action Plan.
Finding No. 2022-011 Federal Agency: U.S. Department of Agriculture AL Program: 10.542 Pandemic EBT Food Benefits (P-EBT) Federal Award No.: 7NM400NM2 Area: Activities Allowed or Unallowed Questioned Costs: $-0- Criteria: 1. In accordance with Section 1101(b)(f)(2) of the Families First Coronavirus Response Act, as amended, a State agency may develop and use simplifying assumptions (including a State or local public health ordinance developed in response to COVID-19) and the best feasibly available data to determine the status of a school or covered child care facility as opened, closed, or operating with a reduced number of days or hours, establish State or regionally-based benefits levels, identify eligible children, and establish eligibility periods for eligible children. 2. In accordance with the CNMI State Plan, the Nutrition Assistance Program (NAP) will receive data from the CNMI Department of Education, Child Nutrition Program, the agency which shall receive all school information from the public schools, the private schools, and childcare centers. 3. In accordance with the April 2022 Compliance Supplement, the state agency is to instruct schools and school districts appropriately in order to collect the data necessary to set benefit levels consistent with the terms of the state plan. In addition, use of funds made available for P-EBT must also comply with government accounting and record keeping requirements in 2 CFR 200.334, for which the recipient and subrecipient must retain all Federal award records for three years from the date of submission of their final financial report. For awards that are renewed quarterly or annually, the recipient and subrecipient must retain records for three years from the date of submission of their quarterly or annual financial report, respectively. Records to be retained include but are not limited to financial records, supporting documentation, and statistical records. Condition: Documentation of the instructions provided to schools and school districts in order for the CNMI NAP to appropriately collect the necessary data to set benefit levels consistent with the terms of the state plan, was not provided. Cause: The CNMI did not provide instructions appropriately to schools and school districts in order to collect the data necessary to set benefit levels consistent with the terms of the state plan. Effect: The CNMI is in noncompliance with applicable activities allowed or unallowed compliance requirements. Recommendation: The CNMI should implement and enforce monitoring over the required instructions that state agency is to provide to schools and school districts appropriately in order to collect the data necessary to set benefit levels consistent with the terms of the CNMI’s P-EBT State Plan. Views of Responsible Officials: CNMI NAP disagrees with this finding. The 2022 Compliance Supplement states that the LEA, in this instance, the CNMI Public School System (PSS), is responsible for verifying the current free and reduced-price eligibility of households, unless the LEA is exempt from the verification requirement. PSS is not exempt from the verification requirement and the CNMI NAP has never given instructions to PSS for data collection as it is the PSS’ responsibility to supply the data to CNMI NAP for P-EBT. CNMI NAP’s role is to distribute the benefits only. Similar to the SUN Bucks (S-EBT) program, PSS furnishes the student listing to CNMI NAP, after which CNMI NAP distributes the benefits according to the listing provided by PSS. Refer to CNMI’s Corrective Action Plan for additional information. Auditor Response: The 2022 Compliance Supplement being referenced by CNMI NAP pertains to ALN 10.551 Supplemental Nutrition Assistance Program (SNAP). CNMI NAP should refer to the April 2022 Compliance Supplement specifically for ALN 10.542 Pandemic EBT Food Benefits (P-EBT). In addition, documentation that CNMI NAP is not required to provide instructions to schools and school district were not provided.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
2022-014 Special Tests and Provisions ? Provider Eligibility ? Lack of Documentation Federal Agency: U.S. Department of Health and Human Services Federal Program Title: Medicaid Cluster ALN: 93.775, 93.777, 93.778 Pass-Through Agency: N/A Pass-Through Number(s): N/A Award Number and Period: 2105TX5ADM, 2105TX5MAP, 2105TXIMPL, 2105TXINCT; 2205TX5ADM, 2205TX5MAP, 2205TXIMPL, 2205TXINCT October 1, 2020 ? September 30, 2021, October 1, 2021 ? September 30, 2022 Statistically Valid Sample: No, and not intended to be a statistically valid sample Type of Finding: Material Weakness in Internal Control over Compliance and Material Noncompliance Criteria or specific requirement: Per 2 CFR 200.303, Health and Human Services Commission (HHSC) must establish and maintain effective internal controls over federal awards that provide reasonable assurance they are managing federal awards in compliance with federal statutes, regulations, and the provisions of contracts or grant agreements that could have a material effect on each of its federal programs. Per 2 CFR 200.334, financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Federal awarding agencies and pass-through entities must not impose any other record retention requirements upon non-Federal entities. In order to comply with federal provider eligibility requirements, HHSC must adhere to various subsections of 42 CFR Section 455 including but not limited to: ? 455.104 ? HHSC must require that disclosing entities, fiscal agents, and managed care entities provide the following disclosures: ? The name and address of any person (individual or corporation) with an ownership or control interest in the disclosing entity, fiscal agent, or managed care entity. The address for corporate entities must include as applicable primary business address, every business location, and P.O. Box address. ? Date of birth and Social Security Number (in the case of an individual) ? Other tax identification number (in the case of a corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) or in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest. ? Whether the person (individual or corporation) with an ownership or control interest in the disclosing entity (or fiscal agent or managed care entity) is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling; or whether the person (individual or corporation) with an ownership or control interest in any subcontractor in which the disclosing entity (or fiscal agent or managed care entity) has a 5 percent or more interest is related to another person with ownership or control interest in the disclosing entity as a spouse, parent, child, or sibling. ? The name of any other disclosing entity (or fiscal agent or managed care entity) in which an owner of the disclosing entity (or fiscal agent or managed care entity) has an ownership or control interest. ? The name, address, date of birth, and Social Security Number of any managing employee of the disclosing entity (or fiscal agent or managed care entity). ? 455.105 ? HHSC must enter into an agreement with each provider under which the provider agrees to furnish to it the following information related to business transactions within 35 days of request: ? The ownership of any subcontractor with whom the provider has had business transactions totaling more than $25,000 during the 12-month period ending on the date of the request; and ? Any significant business transactions between the provider and any wholly owned supplier, or between the provider and any subcontractor, during the 5-year period ending on the date of the request. ? 455.106 ? Before HHSC enters into or renews a provider agreement, or at any time upon written request by HHSC, the provider must disclose to HHSC the identity of any person who: ? Has ownership or control interest in the provider, or is an agent or managing employee of the provider; and ? Has been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the title XX services program since the inception of those programs. ? 455.410 ? HHSC must require all ordering or referring physicians or other professionals providing services under the State plan or under a waiver of the plan to be enrolled as participating providers. ? 455.412 ? HHSC must: ? Have a method for verifying that any provider purporting to be licensed in accordance with the laws of any State is licensed by such State ? Confirm that the provider's license has not expired and that there are no current limitations on the provider's license ? 455.414 ? HHSC must revalidate the enrollment of all providers regardless of provider type at least every five years. ? 455.432 ? HHSC must: ? Conduct pre-enrollment and post-enrollment site visits of providers who are designated as ?moderate? or ?high? categorical risks to the Medicaid program. ? Require any enrolled provider to permit CMS, its agents, its designated contractors, or HHSC to conduct unannounced on-site inspections of any and all provider locations. ? 455.434 ? HHSC must: ? Require providers to consent to criminal background checks including fingerprinting when required to do so under State law or by the level of screening based on risk of fraud, waste or abuse as determined for that category of provider.? Establish categorical risk levels for providers and provider categories who pose an increased financial risk of fraud, waste or abuse to the Medicaid program. ? Upon HHSC determining that a provider, or a person with a 5 percent or more direct or indirect ownership interest in the provider, meets HHSC's criteria hereunder for criminal background checks as a ?high? risk to the Medicaid program, HHSC will require that each such provider or person submit fingerprints, in a form and manner to be determined by HHSC, within 30 days upon request from CMS or HHSC. ? 455.436 ? HHSC must confirm the identity and determine the exclusion status of providers and any person with an ownership or control interest or who is an agent or managing employee of the provider through routine checks of Federal databases. Upon enrollment and reenrollment, HHSC must check the Social Security Administration's Death Master File (SSADMF), the National Plan and Provider Enumeration System (NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded Parties List System (EPLS), and any such other databases as the Secretary may prescribe. During the period the provider is enrolled, HHSC must check the LEIE and EPLS no less frequently than monthly. ? 455.434 ? HHSC must screen all initial applications, including applications for a new practice location, and any applications received in response to a re-enrollment or revalidation of enrollment request based on a categorical risk level of ?limited,? ?moderate,? or ?high.? If a provider could fit within more than one risk level described in this section, the highest level of screening is applicable. Condition: Various departments within and contractors of HHSC are responsible for ensuring medical providers are properly licensed, screened, and enrolled in the Medicaid Program including Contract Administration and Provider Monitoring (CAPM), Access and Eligibility Services (AES), Procurement and Contracting Services, and the Texas Medicaid and Healthcare Partnership. Audit procedures included a review of 40 long-term care providers, which resulted in the following: ? For 11 samples, a copy of the completed Medicaid application was not included in the file. ? For 12 samples, enrollment of the provider was not completed within the last 5 years. ? For 20 samples, verification of the provider?s license was not included in the file. ? For 15 samples, required information on ownership and control was not disclosed. ? For 20 samples, supporting documentation was not included in the file indicating the SSADMF database was checked at the time of the most recent enrollment. ? For 16 samples, supporting documentation was not included in the file indicating the NPPES database was checked at the time of the most recent enrollment. ? For 11 samples, supporting documentation was not included in the file indicating the LEIE database was checked at the time of the most recent enrollment. ? For 14 samples, supporting documentation was not included in the file indicating the EPLS database was checked at the time of the most recent enrollment. ? For 20 samples, supporting documentation was not included in the file indicating the LEIE and EPLS databases were checked at least monthly during the enrollment period. ? For 20 samples, supporting documentation was not included in the file indicating the provider was categorized during screening as limited, moderate, or high risk. ? For 19 samples, a copy of the provider agreement was not included in the files. ? For 20 samples, supporting documentation was not included indicating a pre- or post-enrollment site visit was conducted as required for providers designated as moderate or high risk. ? For 11 samples, supporting documentation was not included indicating the provider disclosed the identity of any person who had been convicted of a criminal offense related to that person's involvement in any program under Medicare, Medicaid, or the Title XX services program since the inception of those programs. Questioned costs: NoneContext: See ?Condition.? Cause: HHSC does not have adequate procedures in place to ensure required documentation is obtained and maintained to comply with federal provider eligibility requirements. Effect: Failure to obtain and maintain adequate documentation during the provider screening and enrollment process may result in otherwise ineligible or fraudulent providers receiving Medicaid funds. Repeat Finding: 2021-008 Recommendation: HHSC should implement controls to ensure: ? Documentation is maintained for at least the length of the providers? current enrollment period or three years, whichever is greater in accordance with 2 CFR 200.334. ? Provider licenses are verified during enrollment. ? Providers are re-enrolled at least once every five years. ? Provider agreements are obtained, and the proper disclosures are made. ? Providers are categorized according to risk level and pre- and post-enrollment site visits are conducted as required for those deemed moderate or high risk. ? Relevant federal databases are checked during initial enrollment and at least monthly for all providers currently enrolled in Medicaid. Views of responsible officials: Agree.
Condition: The District has not retained transaction support for all expenditures related to federal programs. Auditor substantively tested 29 expenditures across all major programs noting that 10 items did not have proper supporting documentation. Criteria: 2 CFR 200.334. Cause of Condition: Records retention procedures were not sufficient to ensure fiscal year 2022 transactions were retained through October 2025. Effect of Condition: Records supporting expenditures of federal awards were not located. Consequently, the auditors could not adequately test these items. Questioned Cost: $ 35,017.55 Recommendation: Draft and adopt policies and procedures to ensure compliance with record retention requirements. Corrective Action Plan: The District will adopt updated record retention policies. Procedures will require all supporting documentation for federal expenditures to be retained for a minimum of five years after final closeout, in both electronic and hard-copy form. Contact Person: Grant Accounting Specialist Anticipated Completion Date: 01/31/2026
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Allowed Cost / Cost Principles Condition and context In testing compliance and internal controls over cost allowability / cost principles, we selected a sample of ten (10) transactions which amounted to $445,522 of HEERF Institutional aid funds expenditures. Our sample was a statistically valid sample. During our expenditure test, we noted the following deficiencies: a) In one transaction of a sample of ten (10) disbursements (10%) the vendor quote was not available for examination. The transaction amounted to $5,899. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In two (2) transactions of our sample (20%) the cost per quote did not agree with the amount of the invoice. The amount invoiced in excess of the quote cost was $1,090. c) In three (3) transactions of our sample (30%) we did not find documentation that the equipment was received (date and the employee who received the item). We inquired the Institution?s Management about this matter, and they explained that the Institution does not have a formal procedure or form to document the receipt of goods. Management confirmed and represented us that the items were properly received. d) In one transaction of our sample (10%) the expenditure was related to the amount of lost revenue claimed by the Institution in the fiscal year 2021-22. Upon examination of the Institution analysis, we noted that the lost revenue was not properly determined because the following situations: 1. For the loss of revenue calculation, the Institution used the unaudited figures for the fiscal year ended July 31, 2021. 2. We noted that the Institution considered in its analysis revenue that was not in accordance with the program guidelines (transactions that were not reimbursable under the HEERF grant program). 3. We noted that the lost revenue determined by the Institution was incorrectly determined (lost revenue claimed was understated by approximately $80,000) as result of the net effect of the deficiencies 1 and 2, above. Criteria 2 CFR 200.302 (b) (3) and (7) require records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.400 (a) to (d) establish that the application of these cost principles is based on the fundamental premises that: (a) The non-Federal entity is responsible for the efficient and effective administration of the Federal award through the application of sound management practices. (b) The non-Federal entity assumes responsibility for administering Federal funds in a manner consistent with underlying agreements, program objectives, and the terms and conditions of the Federal award. (c) The non-Federal entity, in recognition of its own unique combination of staff, facilities, and experience, has the primary responsibility for employing whatever form of sound organization and management techniques may be necessary in order to assure proper and efficient administration of the Federal award. (d) The application of these cost principles should require no significant changes in the internal accounting policies and practices of the non-Federal entity. However, the accounting practices of the non-Federal entity must be consistent with these cost principles and support the accumulation of costs as required by the principles and must provide for adequate documentation to support costs charged to the Federal awards. 2 CFR 200.403, related to factors affecting allowability of cost, (c) and (g) establish that except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: be consistent with policies and procedures that apply uniformly to both federally-financed and other activities of the non-Federal entity, and be adequately documented. 2 CFR 200.404 establishes that a cost is reasonable if, in its nature and amount, it does not exceed that which would be incurred by a prudent person under the circumstances prevailing at the time the decision was made to incur the cost. The question of reasonableness is particularly important when the non-Federal entity is predominantly federally-funded. In determining reasonableness of a given cost, consideration must be given to: (a) whether the cost is of a type generally recognized as ordinary and necessary for the operation of the non-Federal entity or the proper and efficient performance of the Federal award; (b) the restraints or requirements imposed by such factors as: sound business practices; arm's-length bargaining; Federal, state, local, tribal, and other laws and regulations; and terms and conditions of the Federal award; (c) market prices for comparable goods or services for the geographic area; (d) whether the individuals concerned acted with prudence in the circumstances considering their responsibilities to the non-Federal entity, its employees, where applicable its students or membership, the public at large, and the Federal Government; and (e) whether the non-Federal entity significantly deviates from its established practices and policies regarding the incurrence of costs, which may unjustifiably increase the Federal award's cost. 2 CFR 200.406 (a) establishes that applicable credits refer to those receipts or reduction-of-expenditure-type transactions that offset or reduce expense items allocable to the Federal awards as direct or indirect (F&A) costs. Examples of such transactions are: purchase discounts, rebates or allowances, recoveries or indemnities on losses, insurance refunds or rebates, and adjustments of overpayments or erroneous charges. To the extent that such credits accruing to or received by the non-Federal entity relate to allowable costs, they must be credited to the Federal award either as a cost reduction or cash refund, as appropriate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.337 (a) establishes that the Federal awarding agency, Inspectors General, the Comptroller General of the United States, and the pass-through entity, or any of their authorized representatives, must have the right of access to any documents, papers, or other records of the non-Federal entity which are pertinent to the Federal award, in order to make audits, examinations, excerpts, and transcripts. The right also includes timely and reasonable access to the non-Federal entity's personnel for the purpose of interview and discussion related to such documents. The Higher Education Emergency Relief Fund (HEERF I, II, and III) Lost Revenue Frequently Asked Questions (FAQs) published on March 19, 2021, in question number four establishes that sources of lost revenue that are not reimbursable under the HEERF grant programs include the following: capital outlays associated with facilities related to athletics (including fees assessed for capital athletic facility construction), acquisition of real property (including bond revenue), contributions or donations to the institution, marketing or recruitment activities, revenue related to sectarian instruction or religious worship, alcohol sales, and investment income (including endowment and quasi-endowment revenue. Cause The cause of the deficiencies noted were the result of the following situations: a) Lack of written policies and procedures did not provide the Institution?s personnel responsible for the purchasing process a guidance on how to perform and document the purchase transactions under this federal program. b) The vendor invoice was not compared to the quote and no inquiries were made and/or documented explaining the cause of the difference. c) The Institution does not have formal and written procedures to document when materials and/or equipment are received by the Institution?s personnel. d) The Institution management did not consult or requested assistance from the Department of Education program coordinator to ascertain that the request was properly performed and to clarify questions related to the allowable revenue to be considered in the analysis. Also, the Institution failed to review the financial figures of the audited trial balance for 2021. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, the above conditions could result in the reimbursement of federal funds to the grantors for those disbursements not properly supported and reviewed by the Institution?s management. Questioned costs Refer to finding 2022-010. Identification as a Repeat Finding No repeated finding. Recommendations We recommend the Institution to establish adequate procedures and controls, which shall consider, among others, the following: ? Maintain adequate documentation to support the allowability of its expenditures. ? Purchases must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. ? Improve its policies and procedures, and internal controls to incorporate the comparison of the vendor invoices with the quotes after the invoice is received to ascertain that expenses and liabilities are properly recorded. Instruct personnel of accounts payable to contact the vendor when discrepancies are identified and document in writing the inquiry performed, the results, and conclusions. ? Implement a formal process with receiving reports or checklist where upon receipt of equipment and/or materials purchased could detail description, amount received, date of receipt, and a reference to the invoice. Copies of the receiving reports and invoices should then be forwarded to the accounting department for processing. Payment of a vendor?s invoice should not be made unless a copy of a receiving report is attached. ? The Institution management should review the Loss of Revenue claims and/or analysis performed by any employee or consultant that was designated to perform such a task. The Institution?s management should verify and ascertain that the analysis performed using the Institution?s financial information agree with the Institution?s audited financial statements. ? The Institution?s management should consult with the US Department of Education program coordinator when questions or concerns arise, especially if management is not familiar with program regulations and/or the federal program is new. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Earmarking Condition and context We inquired the Institution?s management on the amount of institutional funds assigned to: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA, and how the Institution documented how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. However, this information was not available for our examination. Criteria The Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021 and updated on May 24, 2021 and October 25, 2022 in questions number 21, 28 and 35, respectively, establish that the ARP has added two new required uses of HEERF III institutional portion grant funds for public and private nonprofit institutions. Namely, a portion of their institutional funds must: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA. This provision of ARP requires institutions to use some of their ARP (a)(1) Institutional Portion funds to help fight the spread and transmission of COVID-19 on their campuses and among their student, faculty, and staff community members. This provision also applies to future ARP awards the Department will make under (a)(2) and (a)(3). It is critical that institutions take steps to prevent and mitigate the spread of coronavirus on their campuses and local communities. Institutions should document how they implemented these two required activities consistent with 2 CFR ? 200.334. Specifically, institutions should document (1) the strategies used to monitor and suppress COVID-19, (2) the evidence to support those strategies, (3) how those strategies were in accordance with public health guidelines, (4) the manner and extent of the direct outreach the institution conducted to financial aid applicants, and (5) how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The Institution?s management was not familiar with this requirement. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Questioned costs Unable to determine. Identification as a Repeat Finding No repeated finding. Recommendation We recommend that the Institution management review this compliance requirement and verify if the Institution assigned and expended funds related to these activities. It is important that the Institution management ascertain that expenditures identified comply with the characteristics and requirements as explained in the Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021, as subsequently updated. Also, the Institution must document and maintain an audit trail of the transactions incurred to comply with this requirement. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Procurement, and suspension and debarment Condition and context In testing compliance and internal controls over the procurement, and suspension and debarment requirement, we tested the procurement documentation related to the expenditures selected for the allowable cost / cost principles test (see Finding No. 2022-006). Of the ten (10) transactions selected, nine (9) transactions required compliance with this requirement. We noted that those nine (9) transactions, which amounted to $164,592, were related to seven (7) procurement transactions. Our sample was not a statistically valid sample. During our test, we noted the following deficiencies: a) In one of seven (7) procurement transactions tested (14%), no quotes were available for examination. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In one of seven (7) procurement transactions tested (14%), only two quotes were available for examination. As per inquiry to the Institution?s management no other quotes were requested. c) In five of seven (7) procurement transactions tested (72%), only one quote was available for examination. As per inquiry to the Institution?s management no other quotes were requested. Condition and context d) For five (5) of the seven (7) procurement transactions tested (71%), a suspension and debarred verification requirement was applicable. For 100% of those five (5) transactions no evidence was provided that the Institution verified the contractors were not debarred, suspended, or otherwise excluded (2 CFR sections 200.212 and 200.318(h); 2 CFR section 180.300; 48 CFR section 52.209-6). However, on March 20, 2023 we performed an inquiry in the Sam system and no records of exclusion were found for those contractors. Criteria 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.318 (i) establishes that the non-Federal entity must maintain records sufficient to detail the history of procurement. These records will include, but are not necessarily limited to, the following: Rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.319 (a) establishes that all procurement transactions for the acquisition of property or services required under a Federal award must be conducted in a manner providing full and open competition consistent with the standards of this section and ? 200.320. 2 CFR 200.319 (d) establishes that the non-Federal entity must have written procedures for procurement transactions. These procedures must ensure that all solicitations: incorporate a clear and accurate description of the technical requirements for the material, product, or service to be procured. Such description must not, in competitive procurements, contain features which unduly restrict competition. The description may include a statement of the qualitative nature of the material, product, or service to be procured and, when necessary, must set forth those minimum essential characteristics and standards to which it must conform if it is to satisfy its intended use. Detailed product specifications should be avoided if at all possible. When it is impractical or uneconomical to make a clear and accurate description of the technical requirements, a ?brand name or equivalent? description may be used as a means to define the performance or other salient requirements of procurement. The specific features of the named brand which must be met by offers must be clearly stated; and identify all requirements which the offerors must fulfill and all other factors to be used in evaluating bids or proposals. 2 CFR 200.319 (f) establishes that noncompetitive procurements can only be awarded in accordance with ? 200.320(c). 2 CFR 200.320 establishes that the non-Federal entity must have and use documented procurement procedures, consistent with the standards of this section and ?? 200.317, 200.318, and 200.319 for any of the methods of procurement used for the acquisition of property or services required under a Federal award or sub-award. 2 CFR 200.320 (a) (1) (ii) and (a) (2) (i) establish that micro-purchases may be awarded without soliciting competitive price or rate quotations if the non-Federal entity considers the price to be reasonable based on research, experience, purchase history or other information and documents it files accordingly. The acquisition of property or services, the aggregate dollar amount of which is higher than the micro-purchase threshold but does not exceed the simplified acquisition threshold. If small purchase procedures are used, price or rate quotations must be obtained from an adequate number of qualified sources as determined appropriate by the non-Federal entity. 2 CFR 200.320 (c) establishes that there are specific circumstances in which noncompetitive procurement can be used. Noncompetitive procurement can only be awarded if one or more of the following circumstances apply: (1) the acquisition of property or services, the aggregate dollar amount of which does not exceed the micro-purchase threshold (see paragraph (a)(1) of this section); (2) the item is available only from a single source; (3) the public exigency or emergency for the requirement will not permit a delay resulting from publicizing a competitive solicitation; (4) the Federal awarding agency or pass-through entity expressly authorizes a noncompetitive procurement in response to a written request from the non-Federal entity; or (5) after solicitation of a number of sources, competition is determined inadequate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.318 (h) establishes that the non-Federal entity must award contracts only to responsible contractors possessing the ability to perform successfully under the terms and conditions of a proposed procurement. Consideration will be given to such matters as contractor integrity, compliance with public policy, record of past performance, and financial and technical resources. 2 CFR 200.214 establishes that non-Federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR part 180. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Cause Lack of written policies and procedures did not provide the Institution?s personnel responsible for the procurement process a guidance on how to perform and document the procurement transactions under this federal program. Also, the failure to implement adequate internal control procedures, such as thorough management review, which should detect and correct, on a timely basis, instances where controls are not being followed. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, above conditions could result in the reimbursement of federal funds to the grantors for those transactions not properly supported and/or in compliance with regulations. Questioned costs $158,693 Identification as a Repeat Finding No repeated finding. Recommendations The Institution should verify that its policies and procedures are in accordance with federal regulations requirements. In addition, the Institution should develop written procedures before entering into new federal programs or before incurring transactions subject to compliance with federal regulations to prevent and reduce the risk of non-compliance. Also, all procurement transactions must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. The Institution?s personnel responsible for the management and processing of procurement transactions subject to federal regulations must be provided adequate training and supervision. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Allowed Cost / Cost Principles Condition and context In testing compliance and internal controls over cost allowability / cost principles, we selected a sample of ten (10) transactions which amounted to $445,522 of HEERF Institutional aid funds expenditures. Our sample was a statistically valid sample. During our expenditure test, we noted the following deficiencies: a) In one transaction of a sample of ten (10) disbursements (10%) the vendor quote was not available for examination. The transaction amounted to $5,899. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In two (2) transactions of our sample (20%) the cost per quote did not agree with the amount of the invoice. The amount invoiced in excess of the quote cost was $1,090. c) In three (3) transactions of our sample (30%) we did not find documentation that the equipment was received (date and the employee who received the item). We inquired the Institution?s Management about this matter, and they explained that the Institution does not have a formal procedure or form to document the receipt of goods. Management confirmed and represented us that the items were properly received. d) In one transaction of our sample (10%) the expenditure was related to the amount of lost revenue claimed by the Institution in the fiscal year 2021-22. Upon examination of the Institution analysis, we noted that the lost revenue was not properly determined because the following situations: 1. For the loss of revenue calculation, the Institution used the unaudited figures for the fiscal year ended July 31, 2021. 2. We noted that the Institution considered in its analysis revenue that was not in accordance with the program guidelines (transactions that were not reimbursable under the HEERF grant program). 3. We noted that the lost revenue determined by the Institution was incorrectly determined (lost revenue claimed was understated by approximately $80,000) as result of the net effect of the deficiencies 1 and 2, above. Criteria 2 CFR 200.302 (b) (3) and (7) require records that identify adequately the source and application of funds for federally funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Written procedures for determining the allowability of costs in accordance with subpart E of this part and the terms and conditions of the Federal award. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.400 (a) to (d) establish that the application of these cost principles is based on the fundamental premises that: (a) The non-Federal entity is responsible for the efficient and effective administration of the Federal award through the application of sound management practices. (b) The non-Federal entity assumes responsibility for administering Federal funds in a manner consistent with underlying agreements, program objectives, and the terms and conditions of the Federal award. (c) The non-Federal entity, in recognition of its own unique combination of staff, facilities, and experience, has the primary responsibility for employing whatever form of sound organization and management techniques may be necessary in order to assure proper and efficient administration of the Federal award. (d) The application of these cost principles should require no significant changes in the internal accounting policies and practices of the non-Federal entity. However, the accounting practices of the non-Federal entity must be consistent with these cost principles and support the accumulation of costs as required by the principles and must provide for adequate documentation to support costs charged to the Federal awards. 2 CFR 200.403, related to factors affecting allowability of cost, (c) and (g) establish that except where otherwise authorized by statute, costs must meet the following general criteria in order to be allowable under Federal awards: be consistent with policies and procedures that apply uniformly to both federally-financed and other activities of the non-Federal entity, and be adequately documented. 2 CFR 200.404 establishes that a cost is reasonable if, in its nature and amount, it does not exceed that which would be incurred by a prudent person under the circumstances prevailing at the time the decision was made to incur the cost. The question of reasonableness is particularly important when the non-Federal entity is predominantly federally-funded. In determining reasonableness of a given cost, consideration must be given to: (a) whether the cost is of a type generally recognized as ordinary and necessary for the operation of the non-Federal entity or the proper and efficient performance of the Federal award; (b) the restraints or requirements imposed by such factors as: sound business practices; arm's-length bargaining; Federal, state, local, tribal, and other laws and regulations; and terms and conditions of the Federal award; (c) market prices for comparable goods or services for the geographic area; (d) whether the individuals concerned acted with prudence in the circumstances considering their responsibilities to the non-Federal entity, its employees, where applicable its students or membership, the public at large, and the Federal Government; and (e) whether the non-Federal entity significantly deviates from its established practices and policies regarding the incurrence of costs, which may unjustifiably increase the Federal award's cost. 2 CFR 200.406 (a) establishes that applicable credits refer to those receipts or reduction-of-expenditure-type transactions that offset or reduce expense items allocable to the Federal awards as direct or indirect (F&A) costs. Examples of such transactions are: purchase discounts, rebates or allowances, recoveries or indemnities on losses, insurance refunds or rebates, and adjustments of overpayments or erroneous charges. To the extent that such credits accruing to or received by the non-Federal entity relate to allowable costs, they must be credited to the Federal award either as a cost reduction or cash refund, as appropriate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.337 (a) establishes that the Federal awarding agency, Inspectors General, the Comptroller General of the United States, and the pass-through entity, or any of their authorized representatives, must have the right of access to any documents, papers, or other records of the non-Federal entity which are pertinent to the Federal award, in order to make audits, examinations, excerpts, and transcripts. The right also includes timely and reasonable access to the non-Federal entity's personnel for the purpose of interview and discussion related to such documents. The Higher Education Emergency Relief Fund (HEERF I, II, and III) Lost Revenue Frequently Asked Questions (FAQs) published on March 19, 2021, in question number four establishes that sources of lost revenue that are not reimbursable under the HEERF grant programs include the following: capital outlays associated with facilities related to athletics (including fees assessed for capital athletic facility construction), acquisition of real property (including bond revenue), contributions or donations to the institution, marketing or recruitment activities, revenue related to sectarian instruction or religious worship, alcohol sales, and investment income (including endowment and quasi-endowment revenue. Cause The cause of the deficiencies noted were the result of the following situations: a) Lack of written policies and procedures did not provide the Institution?s personnel responsible for the purchasing process a guidance on how to perform and document the purchase transactions under this federal program. b) The vendor invoice was not compared to the quote and no inquiries were made and/or documented explaining the cause of the difference. c) The Institution does not have formal and written procedures to document when materials and/or equipment are received by the Institution?s personnel. d) The Institution management did not consult or requested assistance from the Department of Education program coordinator to ascertain that the request was properly performed and to clarify questions related to the allowable revenue to be considered in the analysis. Also, the Institution failed to review the financial figures of the audited trial balance for 2021. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, the above conditions could result in the reimbursement of federal funds to the grantors for those disbursements not properly supported and reviewed by the Institution?s management. Questioned costs Refer to finding 2022-010. Identification as a Repeat Finding No repeated finding. Recommendations We recommend the Institution to establish adequate procedures and controls, which shall consider, among others, the following: ? Maintain adequate documentation to support the allowability of its expenditures. ? Purchases must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. ? Improve its policies and procedures, and internal controls to incorporate the comparison of the vendor invoices with the quotes after the invoice is received to ascertain that expenses and liabilities are properly recorded. Instruct personnel of accounts payable to contact the vendor when discrepancies are identified and document in writing the inquiry performed, the results, and conclusions. ? Implement a formal process with receiving reports or checklist where upon receipt of equipment and/or materials purchased could detail description, amount received, date of receipt, and a reference to the invoice. Copies of the receiving reports and invoices should then be forwarded to the accounting department for processing. Payment of a vendor?s invoice should not be made unless a copy of a receiving report is attached. ? The Institution management should review the Loss of Revenue claims and/or analysis performed by any employee or consultant that was designated to perform such a task. The Institution?s management should verify and ascertain that the analysis performed using the Institution?s financial information agree with the Institution?s audited financial statements. ? The Institution?s management should consult with the US Department of Education program coordinator when questions or concerns arise, especially if management is not familiar with program regulations and/or the federal program is new. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Earmarking Condition and context We inquired the Institution?s management on the amount of institutional funds assigned to: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA, and how the Institution documented how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. However, this information was not available for our examination. Criteria The Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021 and updated on May 24, 2021 and October 25, 2022 in questions number 21, 28 and 35, respectively, establish that the ARP has added two new required uses of HEERF III institutional portion grant funds for public and private nonprofit institutions. Namely, a portion of their institutional funds must: (a) implement evidence-based practices to monitor and suppress coronavirus in accordance with public health guidelines; and (b) conduct direct outreach to financial aid applicants about the opportunity to receive a financial aid adjustment due to the recent unemployment of a family member or independent student, or other circumstances, described in section 479A of the HEA. This provision of ARP requires institutions to use some of their ARP (a)(1) Institutional Portion funds to help fight the spread and transmission of COVID-19 on their campuses and among their student, faculty, and staff community members. This provision also applies to future ARP awards the Department will make under (a)(2) and (a)(3). It is critical that institutions take steps to prevent and mitigate the spread of coronavirus on their campuses and local communities. Institutions should document how they implemented these two required activities consistent with 2 CFR ? 200.334. Specifically, institutions should document (1) the strategies used to monitor and suppress COVID-19, (2) the evidence to support those strategies, (3) how those strategies were in accordance with public health guidelines, (4) the manner and extent of the direct outreach the institution conducted to financial aid applicants, and (5) how the amount of the HEERF grant spent on these two required activities was reasonable and necessary given the unique needs and circumstances of the institution. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The Institution?s management was not familiar with this requirement. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Questioned costs Unable to determine. Identification as a Repeat Finding No repeated finding. Recommendation We recommend that the Institution management review this compliance requirement and verify if the Institution assigned and expended funds related to these activities. It is important that the Institution management ascertain that expenditures identified comply with the characteristics and requirements as explained in the Higher Education Emergency Relief Fund III frequently asked questions published on May 11, 2021, as subsequently updated. Also, the Institution must document and maintain an audit trail of the transactions incurred to comply with this requirement. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425F Award identification number: P425F204999 Award period: September 29, 2020 to June 30, 2023 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Procurement, and suspension and debarment Condition and context In testing compliance and internal controls over the procurement, and suspension and debarment requirement, we tested the procurement documentation related to the expenditures selected for the allowable cost / cost principles test (see Finding No. 2022-006). Of the ten (10) transactions selected, nine (9) transactions required compliance with this requirement. We noted that those nine (9) transactions, which amounted to $164,592, were related to seven (7) procurement transactions. Our sample was not a statistically valid sample. During our test, we noted the following deficiencies: a) In one of seven (7) procurement transactions tested (14%), no quotes were available for examination. The Institution indicated that they followed the micro purchase threshold of $10,000 as defined in 48CFR Part 2, subpart 2.1. However, this determination was not properly documented. b) In one of seven (7) procurement transactions tested (14%), only two quotes were available for examination. As per inquiry to the Institution?s management no other quotes were requested. c) In five of seven (7) procurement transactions tested (72%), only one quote was available for examination. As per inquiry to the Institution?s management no other quotes were requested. Condition and context d) For five (5) of the seven (7) procurement transactions tested (71%), a suspension and debarred verification requirement was applicable. For 100% of those five (5) transactions no evidence was provided that the Institution verified the contractors were not debarred, suspended, or otherwise excluded (2 CFR sections 200.212 and 200.318(h); 2 CFR section 180.300; 48 CFR section 52.209-6). However, on March 20, 2023 we performed an inquiry in the Sam system and no records of exclusion were found for those contractors. Criteria 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.318 (i) establishes that the non-Federal entity must maintain records sufficient to detail the history of procurement. These records will include, but are not necessarily limited to, the following: Rationale for the method of procurement, selection of contract type, contractor selection or rejection, and the basis for the contract price. 2 CFR 200.319 (a) establishes that all procurement transactions for the acquisition of property or services required under a Federal award must be conducted in a manner providing full and open competition consistent with the standards of this section and ? 200.320. 2 CFR 200.319 (d) establishes that the non-Federal entity must have written procedures for procurement transactions. These procedures must ensure that all solicitations: incorporate a clear and accurate description of the technical requirements for the material, product, or service to be procured. Such description must not, in competitive procurements, contain features which unduly restrict competition. The description may include a statement of the qualitative nature of the material, product, or service to be procured and, when necessary, must set forth those minimum essential characteristics and standards to which it must conform if it is to satisfy its intended use. Detailed product specifications should be avoided if at all possible. When it is impractical or uneconomical to make a clear and accurate description of the technical requirements, a ?brand name or equivalent? description may be used as a means to define the performance or other salient requirements of procurement. The specific features of the named brand which must be met by offers must be clearly stated; and identify all requirements which the offerors must fulfill and all other factors to be used in evaluating bids or proposals. 2 CFR 200.319 (f) establishes that noncompetitive procurements can only be awarded in accordance with ? 200.320(c). 2 CFR 200.320 establishes that the non-Federal entity must have and use documented procurement procedures, consistent with the standards of this section and ?? 200.317, 200.318, and 200.319 for any of the methods of procurement used for the acquisition of property or services required under a Federal award or sub-award. 2 CFR 200.320 (a) (1) (ii) and (a) (2) (i) establish that micro-purchases may be awarded without soliciting competitive price or rate quotations if the non-Federal entity considers the price to be reasonable based on research, experience, purchase history or other information and documents it files accordingly. The acquisition of property or services, the aggregate dollar amount of which is higher than the micro-purchase threshold but does not exceed the simplified acquisition threshold. If small purchase procedures are used, price or rate quotations must be obtained from an adequate number of qualified sources as determined appropriate by the non-Federal entity. 2 CFR 200.320 (c) establishes that there are specific circumstances in which noncompetitive procurement can be used. Noncompetitive procurement can only be awarded if one or more of the following circumstances apply: (1) the acquisition of property or services, the aggregate dollar amount of which does not exceed the micro-purchase threshold (see paragraph (a)(1) of this section); (2) the item is available only from a single source; (3) the public exigency or emergency for the requirement will not permit a delay resulting from publicizing a competitive solicitation; (4) the Federal awarding agency or pass-through entity expressly authorizes a noncompetitive procurement in response to a written request from the non-Federal entity; or (5) after solicitation of a number of sources, competition is determined inadequate. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. 2 CFR 200.318 (h) establishes that the non-Federal entity must award contracts only to responsible contractors possessing the ability to perform successfully under the terms and conditions of a proposed procurement. Consideration will be given to such matters as contractor integrity, compliance with public policy, record of past performance, and financial and technical resources. 2 CFR 200.214 establishes that non-Federal entities are subject to the non-procurement debarment and suspension regulations implementing Executive Orders 12549 and 12689, 2 CFR part 180. The regulations in 2 CFR part 180 restrict awards, subawards, and contracts with certain parties that are debarred, suspended, or otherwise excluded from or ineligible for participation in Federal assistance programs or activities. Cause Lack of written policies and procedures did not provide the Institution?s personnel responsible for the procurement process a guidance on how to perform and document the procurement transactions under this federal program. Also, the failure to implement adequate internal control procedures, such as thorough management review, which should detect and correct, on a timely basis, instances where controls are not being followed. Effect Noncompliance with the above-mentioned requirements could lead to administrative actions by the grantor. It could also be interpreted as a failure to manage federal awards in compliance with laws, regulations, and provisions of contracts and grant agreements. Also, above conditions could result in the reimbursement of federal funds to the grantors for those transactions not properly supported and/or in compliance with regulations. Questioned costs $158,693 Identification as a Repeat Finding No repeated finding. Recommendations The Institution should verify that its policies and procedures are in accordance with federal regulations requirements. In addition, the Institution should develop written procedures before entering into new federal programs or before incurring transactions subject to compliance with federal regulations to prevent and reduce the risk of non-compliance. Also, all procurement transactions must be properly documented to provide the appropriate audit trail of the transactions and allow proper review of the transactions. Adequate documentation should be sufficient to explain the Institution?s analysis and determination. The Institution?s personnel responsible for the management and processing of procurement transactions subject to federal regulations must be provided adequate training and supervision. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.
Assistance listing program: Education Stabilization Fund - Higher Education Emergency Relief Fund (HEERF) Assistance Listing Number: 84.425E / 84.425F Award identification number: P425F204999 / P425E205418 Award period: September 29, 2020 to June 30, 2023 and July 23, 2020 to May 23, 2022 Federal agency: U.S. Department of Education Pass-through entity: N/A Category: Internal Control / Compliance Finding Type: Material Weakness Compliance requirement: Reporting Condition and context For testing internal controls and compliance with reporting requirements applicable to the HEERF programs, we inquired the Institution about the internal controls and procedures for determining the criteria and methodology used in compiling and reporting the data to be included in the annual and quarterly special reports. We requested a copy of the annual report for the calendar year 2021 and the quarterly reports for the quarter ended on December 31, 2021 related to the institutional aid portion and the student aid portion. As part of our procedures, we tested the method of distribution of grants to ascertain consistency with the method that was actually employed by the Institution to distribute emergency financial aid grants to students. After our examination and tests performed, we noted the following: a) The methodology used to compile the information in the annual report was based on the funds drawdowns which were based on disbursements rather than the actual program expenditures for the Institutional aid funds in accordance with GAAP. b) After examination of the institutional aid portion expenditures amounts reported in the annual special report for the calendar year ended December 31, 2021 to the support provided by the Institution, we noted that the total of institutional annual expenditures was understated by $7,160. c) From the sample of enrollment statistical data selected for verification to the source documents and/or information we noted several differences and were unable to identify some of the information in the source documents in nineteen (19) out of a sample of thirty (30) statistical data lines examined in the annual special report. The exceptions were as follows: d) After examination of the quarterly special report of the student aid portion for the quarter ended December 31, 2021, we noted a difference in the Item #5: ?The total number of students who have received an Emergency Financial Aid Grant to students under the CARES (a)(1) subprogram and the CRRSAA and ARP (a)(1) subprograms?. The total of students that received assistance aid reported was 443; however, the number per the student aid payroll reports examined was 460. Additionally, no support was available to determine if the Institution was timely and accurate in publicly posting the quarterly Student Aid Portion Report selected for testing. e) In one out of a sample of forty (40) disbursements of financial aid to students (2.5%) we noted that the payment made did not agree with the Institution's fund distribution plan to prioritize students with financial need. The aid in excess disbursed to that student was $200. Criteria 2 CFR 200.302 (a) establishes that each state must expend and account for the Federal award in accordance with state laws, and procedures for expending and accounting for the state's own funds. In addition, the state's and the other non-Federal entity's financial management systems, including records documenting compliance with Federal statutes, regulations, and the terms and conditions of the Federal award, must be sufficient to permit the preparation of reports required by general and program-specific terms and conditions; and the tracing of funds to a level of expenditures adequate to establish that such funds have been used according to the Federal statutes, regulations, and the terms and conditions of the Federal award. 2 CFR 200.302 (b) (2) to (4) establish that accurate, current, and complete disclosure of the financial results of each Federal award or program in accordance with the reporting requirements set forth in ?? 200.328 and 200.329. If a Federal awarding agency requires reporting on an accrual basis from a recipient that maintains its records on other than an accrual basis, the recipient must not be required to establish an accrual accounting system. This recipient may develop accrual data for its reports on the basis of an analysis of the documentation on hand. Records that identify adequately the source and application of funds for federally-funded activities. These records must contain information pertaining to Federal awards, authorizations, financial obligations, unobligated balances, assets, expenditures, income, and interest and be supported by source documentation. Effective control over, and accountability for, all funds, property, and other assets. 2 CFR 200.303 (a) to (d) establish that the non-Federal entity must: (a) Establish and maintain effective internal control over the Federal awards that provides reasonable assurance that the non-Federal entity is managing the Federal awards in compliance with Federal statutes, regulations, and the terms and conditions of the Federal awards. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). (b) Comply with the U.S. Constitution, Federal statutes, regulations, and the terms and conditions of the Federal awards. (c) Evaluate and monitor the non-Federal entity's compliance with statutes, regulations and the terms and conditions of Federal awards. (d) Take prompt action when instances of noncompliance are identified including noncompliance identified in audit findings. 2 CFR 200.334 establishes that financial records, supporting documents, statistical records, and all other non-Federal entity records pertinent to a Federal award must be retained for a period of three years from the date of submission of the final expenditure report or, for Federal awards that are renewed quarterly or annually, from the date of the submission of the quarterly or annual financial report, respectively, as reported to the Federal awarding agency or pass-through entity in the case of a subrecipient. Cause The cause of the deficiencies noted were due to the following situations: a) The source of information provided by the Institution related to the financial information was the G5 report. Such information is on a cash basis; therefore, financial information was not reported on an accrual basis of accounting which is the basis of accounting followed by the Institution. Additionally, the Institution did not appropriately design and maintained documentation and/or analysis performed to prepare and complete the financial information required to be reported in the quarterly and annual reports. b) Lack of recordkeeping controls and procedures to document and maintain the source of information used for the financial and statistical data required in the annual and quarterly special reports. c) The Institution used the student EFC per the ISIR/SAR available at the time of the distribution, even though, an ISIR with a valid EFC was not available since the student FAFSA application was selected for verification by USDE. After the Institution completed the verification the student EFC increased from 0 to 3676. Effect Noncompliance with the reporting requirements could lead to significant administrative actions by the grantor, including a reduction in the amounts to be awarded. It could also be interpreted as a failure to achieve the programs objectives. Questioned costs Likely questioned costs are less than $25,000. Identification as a Repeat Finding No repeated finding. Recommendation We recommend the Institution to establish adequate procedures and controls to ensure that financial and statistical data information is properly supported and detailed to allow adequate audit trail of the information. Establish adequate supervisory procedures to identify, in a reasonable period of time, deficiencies or possible deficiencies in the procedures or guidance established by management to ascertain that the Institution reports the information as required by grantors, and that accurate and adequate support is properly maintained. Views of Responsible Officials Refer to the Institutional comments included in the Corrective Action Plan.