FAC Explorer

Finding 12362 (2022-002)

Material Weakness
Requirement
AELN
Questioned Costs
-
Year
2022
Accepted
2023-09-26
Audit: 16759
Organization: Bjc Healthcare (MO)
Auditor: Ernst & Young LLP

AI Summary

  • Core Issue: BJC HealthCare failed to implement necessary logical access controls for the Banner application, impacting the reliability of information technology general controls (ITGCs).
  • Impacted Requirements: This finding violates Section 200.303(a) of the Uniform Guidance, which mandates effective internal controls over federal awards.
  • Recommended Follow-Up: Management should conduct a user access review and document user provisioning and termination processes to ensure compliance and reliability of the Banner application.

Finding Text

Finding 2022-002 ? Information Technology General Controls Identification of the federal program: Federal Program: Student Financial Assistance Cluster: Federal Pell Grant Program (Assistance Listing No. 84.063) and Federal Direct Student Loans (Assistance Listing No. 84.268) Federal Agency: United States Department of Education BJC HealthCare Location: Goldfarb School of Nursing Award Periods: January 1, 2022 through June 30, 2022 (included in award year July 1, 2021 through June 30, 2022), and July 1, 2022 through December 31, 2022 (included in award year July 1, 2022 through June 30, 2023) Criteria or specific requirement (including statutory, regulatory or other citation): Section 200.303(a) of the Uniform Guidance states the following regarding the auditee and internal control: ?The non-Federal entity must: (a) Establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations, and the terms and conditions of the Federal award. These internal controls should be in compliance with guidance in ?Standards for Internal Control in the Federal Government? issued by the Comptroller General of the United States or the ?Internal Control Integrated Framework,? issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).? Condition: BJC HealthCare did not implement all logical access controls that are required to be in place to support effective information technology general controls (ITGCs) for the Banner application. The controls that were not specifically implemented during the current period relate to user access review, user provisioning and user termination processes. As a result, Banner ITGCs, and therefore, Banner application controls, cannot be relied upon in the period of audit. Cause: Management did not appropriately implement a user access review for the period under audit. Effect or potential effect: There is a risk the data relevant to the Student Financial Assistance Cluster program stored within the student financial aid system may be inappropriately created or modified. Effective testing of the required logical access controls is to support effective ITGCs over the Banner application. As a result, the Banner application cannot be relied on for the audit period. Questioned costs: None. Context: Total expenditures for the Student Financial Assistance Cluster were $7,830,734 for the year ended December 31, 2022. Identification as a repeat finding, if applicable: This is a not a repeat finding from the prior year. Recommendation: Management should complete a user access review, including user provisioning and user termination processes, and retain documentation of the operation of controls. Views of responsible officials: Management agrees with the finding. GSON formalized a policy and procedure document regarding access controls to support effective ITGCs for the Banner application. A formal user access review will be completed semi-annually and results of the review, including actions taken, will be formally documented.

Corrective Action Plan

Finding 2022-002 ? Information Technology General Controls Identification of the federal program: Federal Program: Student Financial Assistance Cluster: Federal Pell Grant Program (Assistance Listing No. 84.063) and Federal Direct Student Loans (Assistance Listing No. 84.268) Federal Agency: United States Department of Education BJC HealthCare Location: Goldfarb School of Nursing Award Periods: January 1, 2022 through June 30, 2022 (included in award year July 1, 2021 through June 30, 2022), and July 1, 2022 through December 31, 2022 (included in award year July 1, 2022 through June 30, 2023) Views of responsible officials and planned corrective actions: BJC HealthCare agrees with the findings as reported. GSON is committed complying with program requirements and meeting program objectives as defined in Section 200.303(a) of the Uniform Guidance, regarding auditee internal controls. To facilitate these requirements, GSON formalized a policy and procedure document regarding access controls to support effective information technology general controls (ITGCs) for the Banner application. A formal user access review will be completed semi-annually and results of the review, including actions taken, will be formally documented. Responsible Parties: David Solovitz, Interim Director Information Technology, Goldfarb School of Nursing Completion Date: The corrective action plan was implemented in Q3 2023.

Categories

Matching / Level of Effort / Earmarking Student Financial Aid

Other Findings in this Audit

  • 12361 2022-001
    Significant Deficiency Repeat
  • 12363 2022-001
    Significant Deficiency Repeat
  • 12364 2022-002
    Material Weakness
  • 12365 2022-005
    Material Weakness
  • 12366 2022-003
    Material Weakness
  • 12367 2022-004
    Significant Deficiency Repeat
  • 12368 2022-003
    Material Weakness
  • 12369 2022-004
    Significant Deficiency Repeat
  • 588803 2022-001
    Significant Deficiency Repeat
  • 588804 2022-002
    Material Weakness
  • 588805 2022-001
    Significant Deficiency Repeat
  • 588806 2022-002
    Material Weakness
  • 588807 2022-005
    Material Weakness
  • 588808 2022-003
    Material Weakness
  • 588809 2022-004
    Significant Deficiency Repeat
  • 588810 2022-003
    Material Weakness
  • 588811 2022-004
    Significant Deficiency Repeat

Programs in Audit

ALN Program Name Expenditures
97.036 Covid-19 Disaster Grants - Public Assistance (presidentially Declared Disasters) $41.26M
93.498 Covid-19 Provider Relief Fund and American Rescue Plan (arp) Rural Distribution $33.21M
84.268 Federal Direct Student Loans $6.87M
32.006 Covid-19 Telehealth Program $996,722
93.399 Cancer Control $935,498
84.063 Federal Pell Grant Program $845,056
84.425 Covid-19 Education Stabilization Fund $772,347
93.889 National Bioterrorism Hospital Preparedness Program $573,948
93.788 Opioid Str $434,497
93.898 Cancer Prevention and Control Programs for State, Territorial and Tribal Organizations $166,782
93.153 Coordinated Services and Access to Research for Women, Infants, Children, and Youth $117,608
84.007 Federal Supplemental Educational Opportunity Grants $115,990
93.461 Covid-19 Hrsa Covid-19 Claims Reimbursement for the Uninsured Program and the Covid-19 Coverage Assistance Funding $109,704
93.155 Covid-19 Rural Health Research Centers $60,080
93.493 Congressional Directives $37,816
93.395 Cancer Treatment Research $21,783
93.124 Nurse Anesthetist Traineeships $15,896
21.027 Covid-19 Coronavirus State and Local Fiscal Recovery Funds $15,866
16.582 Crime Victim Assistance/discretionary Grants $15,706
93.173 Research Related to Deafness and Communication Disorders $13,366
93.732 Mental and Behavioral Health Education and Training Grants $11,136
93.301 Small Rural Hospital Improvement Grant Program $9,687
93.558 Temporary Assistance for Needy Families $9,423
93.671 Family Violence Prevention and Services/domestic Violence Shelter and Supportive Services $6,864
93.671 Covid-19 Family Violence Prevention and Services/domestic Violence Shelter and Supportive Services $3,196