FAC Explorer

Finding 1180855 (2025-001)

Material Weakness Repeat Finding
Requirement
P
Questioned Costs
-
Year
2025
Accepted
2026-03-18
Audit: 392499
Organization: Catawba County, North Carolina (NC)
Auditor: MARTIN STARNES & ASSOCIATES CPAS P A

AI Summary

  • Core Issue: Unattended workstations at the Division of Social Services pose a risk of unauthorized access to the state network.
  • Impacted Requirements: Compliance with the Division of Social Services Fiscal Manual regarding physical access control to network terminals.
  • Recommended Follow-up: Implement procedures for mandatory logout of workstations and conduct random checks to ensure compliance.

Finding Text

U.S. Department of Health and Human Services Passed-through N.C. Department of Health and Human Services Program Name: Medical Assistance Program (Medicaid; Title XIX) AL Number: 93.778 Grant Number: XIX-MAP24 Program Name: Foster Care, Adoption, & Guardianship AL Number: 93.658, 93.659, 93.090 Grant Number: 1701NCFOST, 1701NCADPT Finding 2025-001 Significant Deficiency Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe. Condition: Upon surprise inspection, two workstations of DSS employees were logged onto the state network without anyone attending to the workstation. Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition. Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building. Cause: Lack of proper internal controls over data security. Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable. Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended. View of Responsible Officials and Planned Corrective Actions: See Corrective Action Plan submitted with this report.

Corrective Action Plan

Finding: 2025-001 Name of Contact Person: Karen Harrington, DSS Director Corrective Action/Management’s Response: Agency agrees with finding. Corrective Action taken/to be taken below: Corrective Action: The Department will strengthen internal controls related to workstation security to prevent unattended access to state systems. Effective immediately, all DSS employees with access to state eligibility systems are required to lock their workstation when away from their desk or log out of the system entirely. Implementation Steps: 1. Policy Reinforcement: DSS management will reissue written guidance to all staff reminding them of the requirement to lock or log out of workstations when unattended, consistent with the DSS Fiscal Manual and county IT security standards. 2. Mandatory Staff Acknowledgment: All DSS employees with state system access will complete a brief acknowledgment confirming understanding of workstation security requirements. 3. IT Controls: In coordination with the County IT Department, automatic screen-lock settings will be verified on all DSS workstations accessing state systems. 4. Monitoring and Verification: Supervisors will conduct periodic unannounced walkthroughs to verify compliance with workstation security requirements. Results will be documented and reviewed by DSS management. 5. Corrective Follow-Up: Any noncompliance identified will be addressed promptly through retraining and, if necessary, progressive disciplinary action. Responsible Party: DSS Director, DSS Program Managers, and County DSS Staff Anticipated Completion Date: Immediately upon issuance of this CAP; monitoring will be ongoing. Plan to Prevent Recurrence: Ongoing supervisory monitoring, documented compliance checks, and annual refresher training will be used to ensure continued adherence to workstation security requirements.

Categories

Significant Deficiency Internal Control / Segregation of Duties

Other Findings in this Audit

  • 1180849 2025-001
    Material Weakness Repeat
  • 1180850 2025-001
    Material Weakness Repeat
  • 1180851 2025-001
    Material Weakness Repeat
  • 1180852 2025-001
    Material Weakness Repeat
  • 1180853 2025-001
    Material Weakness Repeat
  • 1180854 2025-001
    Material Weakness Repeat

Programs in Audit

ALN Program Name Expenditures
21.027 COVID-19 CORONAVIRUS STATE AND LOCAL FISCAL RECOVERY FUNDS $5.52M
93.778 MEDICAL ASSISTANCE PROGRAM $5.49M
93.558 TEMPORARY ASSISTANCE FOR NEEDY FAMILIES $2.29M
10.561 STATE ADMINISTRATIVE MATCHING GRANTS FOR THE SUPPLEMENTAL NUTRITION ASSISTANCE PROGRAM $2.00M
93.667 SOCIAL SERVICES BLOCK GRANT $801,463
10.557 WIC SPECIAL SUPPLEMENTAL NUTRITION PROGRAM FOR WOMEN, INFANTS, AND CHILDREN $754,699
93.556 MARYLEE ALLEN PROMOTING SAFE AND STABLE FAMILIES PROGRAM $595,428
93.767 CHILDREN'S HEALTH INSURANCE PROGRAM $554,627
93.658 FOSTER CARE TITLE IV-E $485,565
93.569 COMMUNITY SERVICES BLOCK GRANT $336,730
93.596 CHILD CARE MANDATORY AND MATCHING FUNDS OF THE CHILD CARE AND DEVELOPMENT FUND $248,934
93.563 CHILD SUPPORT SERVICES $247,950
16.043 VETERANS TREATMENT COURT DISCRETIONARY GRANT PROGRAM $215,901
16.838 COMPREHENSIVE OPIOID, STIMULANT, AND OTHER SUBSTANCES USE PROGRAM $213,049
16.922 EQUITABLE SHARING PROGRAM $181,737
16.585 TREATMENT COURT DISCRETIONARY GRANT PROGRAM $173,137
20.513 ENHANCED MOBILITY OF SENIORS AND INDIVIDUALS WITH DISABILITIES $156,098
93.045 SPECIAL PROGRAMS FOR THE AGING, TITLE III, PART C, NUTRITION SERVICES $126,647
93.568 LOW-INCOME HOME ENERGY ASSISTANCE $104,488
11.032 STATE DIGITAL EQUITY PLANNING AND CAPACITY GRANT $100,061
97.036 DISASTER GRANTS - PUBLIC ASSISTANCE (PRESIDENTIALLY DECLARED DISASTERS) $93,423
93.994 MATERNAL AND CHILD HEALTH SERVICES BLOCK GRANT TO THE STATES $92,956
93.217 FAMILY PLANNING SERVICES $77,353
14.228 COMMUNITY DEVELOPMENT BLOCK GRANTS/STATE'S PROGRAM AND NON-ENTITLEMENT GRANTS IN HAWAII $74,238
21.016 EQUITABLE SHARING $60,238
93.967 CENTERS FOR DISEASE CONTROL AND PREVENTION COLLABORATION WITH ACADEMIA TO STRENGTHEN PUBLIC HEALTH $49,929
45.310 GRANTS TO STATES $48,772
93.645 STEPHANIE TUBBS JONES CHILD WELFARE SERVICES PROGRAM $37,556
93.069 COVID-19 PUBLIC HEALTH EMERGENCY PREPAREDNESS $36,933
97.042 EMERGENCY MANAGEMENT PERFORMANCE GRANTS $35,000
93.268 IMMUNIZATION COOPERATIVE AGREEMENTS $34,744
93.991 PREVENTIVE HEALTH AND HEALTH SERVICES BLOCK GRANT $34,526
93.917 HIV CARE FORMULA GRANTS $27,299
93.268 COVID-19 IMMUNIZATION COOPERATIVE AGREEMENTS $18,223
97.137 STATE AND LOCAL CYBERSECURITY GRANT PROGRAM TRIBAL CYBERSECURITY GRANT PROGRAM $17,705
93.421 STRENGTHENING PUBLIC HEALTH SYSTEMS AND SERVICES THROUGH NATIONAL PARTNERSHIPS TO IMPROVE AND PROTECT THE NATION’S HEALTH $16,500
93.898 CANCER PREVENTION AND CONTROL PROGRAMS FOR STATE, TERRITORIAL AND TRIBAL ORGANIZATIONS $16,350
93.053 NUTRITION SERVICES INCENTIVE PROGRAM $15,969
93.044 SPECIAL PROGRAMS FOR THE AGING, TITLE III, PART B, GRANTS FOR SUPPORTIVE SERVICES AND SENIOR CENTERS $15,572
93.659 ADOPTION ASSISTANCE $11,544
93.674 JOHN H. CHAFEE FOSTER CARE PROGRAM FOR SUCCESSFUL TRANSITION TO ADULTHOOD $7,874
93.977 SEXUALLY TRANSMITTED DISEASES (STD) PREVENTION AND CONTROL GRANTS $100