Finding Text
FINDING 2025-007 Subject: Title I Grants to Local Educational Agencies - Special Tests and Provisions - Assessment System Security Federal Agency: Department of Education Federal Program: Title I Grants to Local Educational Agencies Assistance Listings Number: 84.010 Federal Award Numbers and Years (or Other Identifying Numbers): S010A220014, S010A230014, S010A240014 Pass-Through Entity: Indiana Department of Education Compliance Requirement: Special Tests and Provisions - Assessment System Security Audit Findings: Material Weakness, Other Matters INDIANA STATE BOARD OF ACCOUNTS 27 WAWASEE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Condition and Context State educational agencies (SEA), in consultation with local educational agencies (LEA), are required to establish and maintain an assessment security system that is valid, reliable, and consistent with relevant professional and technical standards. Within its assessment system, SEAs must have policies and procedures to maintain test security measures and ensure that LEAs implement those policies and procedures. As such, the Indiana Department of Education created and published the Indiana Assessments Policy Manual. As a part of the assessment security, any individual who administers, handles, or has access to secure test materials at the school or school corporation shall complete assessment training and sign a testing security and integrity statement that remains on file in the appropriate building-level office each year. Each individual required to sign the testing integrity agreement shall sign the form by an established date. The School Corporation had a process to provide assessment system security training and to ensure each employee that attended training signed the agreement indicating training was received. However, there was no process in place to ensure that all school employees required to be trained were trained. Due to the lack of internal controls over ensuring employees requiring training received training, some employees that should have been trained were not. A sample of 27 employees required to receive training was selected for testing from the School Corporation's roster. Of the 27 employees tested, 2 did not receive the training as required. Additionally, 1 employee completed the training and signed the agreement, but it was completed 37 days late. The lack of internal controls and noncompliance were systemic issues throughout the audit period. Criteria 2 CFR 200.303 states in part: "The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in 'Standards for Internal Control in the Federal Government' issued by the Comptroller General of the United States or the 'Internal Control Integrated Framework', issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). . . ." 511 IAC 5-5-5(b) states: "Any individual who administers, handles, or has access to secure test materials at the school or school corporation shall complete assessment training and sign a testing security and integrity agreement to remain on file in the appropriate building-level office each year." Cause There was not an internal control in place to ensure that all employees who were required to complete assessment training took the training and signed the agreement by the date established. The School Corporation was not aware that this was necessary, noting that they used a training platform to provide the training, which sends automated email reminders to employees to complete the training until it is completed. INDIANA STATE BOARD OF ACCOUNTS 28 WAWASEE COMMUNITY SCHOOL CORPORATION SCHEDULE OF FINDINGS AND QUESTIONED COSTS (Continued) Effect Without the proper implementation of an effectively designed system of internal controls, the School Corporation cannot ensure all employees required to complete the training and sign the testing security and integrity statement do so by the established date. As a result, not all employees required to complete the assessment training and sign the testing security and integrity statement did so. Additionally, not all employees who completed the assessment training and signed the testing security and integrity statement did so by the established date. Questioned Costs There were no questioned costs identified. Recommendation We recommended that management of the School Corporation establish and implement an effective system of internal control over security assessment training which ensures that all employees required to complete the training and sign the testing security and integrity statement do so by the established date. Views of Responsible Officials For the views of responsible officials, refer to the Corrective Action Plan that is part of this report.