FAC Explorer

Finding 1216365 (2025-001)

Material Weakness Repeat Finding
Requirement
A
Questioned Costs
-
Year
2025
Accepted
2026-06-02
Audit: 402905
Organization: American Samoa Medical Center Authority Lbj Medical Center (AS)
Auditor: LARSON & COMPANY PC

AI Summary

  • Core Issue: Employees outside of HR have access to sensitive employee information, including pay rates, which poses a risk to data security.
  • Impacted Requirements: This situation violates 2 CFR 200.514, which mandates proper internal controls and segregation of duties to ensure expenditures are allowable.
  • Recommended Follow-Up: Implement stricter access controls to limit employee information access to authorized HR personnel only.

Finding Text

2 CFR 200.514 of the Uniform Guidance requires entities to have internal controls in place to monitor that expenditures are only for allowable activities and that services charged to the federal award are allowable per the applicable cost principles. In addition, a fundamental concept in a good system of internal controls is the segregation of duties; segregating access, custody, and authorization of transactions. These controls aid in mitigating risk in monitoring. Through inquiry and internal control testing, it was noted that the employees outside of the HR department have access to employee information within the system. This includes potential access to pay rates and other protected information inside the system. Payroll costs represent the majority of Federal award expenditures for the Medical Center.

Corrective Action Plan

Corrective actions were delayed due to the anticipated implementation of a new system that ws expected to address access and segregation of duties concerns. Since the new system will not be imiplemented immediately, management is proceeding with corrective action under the current system. Management is working to define and separate HR and Payroll rolls and access responsibilities so that employee information, pay rates, and payroll related functions are restricted to authorized personnel based on job duties. In the interim, periodic reviews of employee information, user access, and payroll related transactions will be performed. Any unauthorized changes will be documented and retained.

Categories

Internal Control / Segregation of Duties Subrecipient Monitoring Allowable Costs / Cost Principles

Programs in Audit

ALN Program Name Expenditures
21.027 CORONAVIRUS STATE AND LOCAL FISCAL RECOVERY FUNDS $41.98M
15.875 ECONOMIC, SOCIAL, AND POLITICAL DEVELOPMENT OF THE TERRITORIES $14.99M
10.855 DISTANCE LEARNING AND TELEMEDICINE GRANTS $677,000
93.217 FAMILY PLANNING SERVICES $299,097