Finding 503482 (2023-004)

Requirement

Questioned Costs

Year

2023

Accepted

2024-10-23

Audit: 325613

Organization: Kansas City Area Transportation Authority (MO)

Auditor: Rsm US LLP

AI Summary

Core Issue: The Single Audit package was submitted late to the Federal Clearinghouse, missing the deadline.
Impacted Requirements: This violates Uniform Guidance 2 CFR 200.512(a), which mandates timely submission of audit reports.
Recommended Follow-Up: Ensure future audits are completed and submitted on time to avoid funding risks.

Finding Text

Finding 2023-004 All Assistance Listing numbers and Federal Agencies (and pass-through entities) included on the accompanying schedule of expenditures of federal awards for the year ended December 31, 2023 Finding: The Single Audit package was not submitted to the Federal Clearinghouse within the required time period. Criteria: Uniform Guidance 2 CFR 200.512(a) requires that organization’s audit must be completed and the data collection form and reporting package should be submitted within the earlier of 30 days after receipt of the auditor’s report or nine months after the end of the audit period. Condition: The Single Audit package for the Authority’s year ended December 31, 2023 should have been submitted to the Federal Audit Clearinghouse by September 30, 2024. Cause: The audit was not completed until October 2024 due to resource constraints at the Authority as a result of personnel turnover and a cyber incident in 2024. Effect or potential effect: Potential suspension of funding provided by federal agencies. Questioned costs: None Context: The December 31, 2023 Single Audit package. Identification as a repeat finding, if applicable: Not applicable. Recommendation: We recommend the Authority file the reporting package timely to the Federal Audit Clearinghouse. Views of responsible officials: Management agrees with this finding.

Corrective Action Plan

Identifying Number: 2023-004 Finding: The single audit package was not submitted to the Federal Clearinghouse within the time required. The Single Audit package for the Authority’s year ended December 31, 2023, should have been submitted to the Federal Clearinghouse by September 30, 2024. The delay was caused by the Cyber Incident in January 2024 which delayed the release of year end reporting to the external auditor to May 2024. Staffing shortages at the Authority contributed to the late filing. A further delay was the result of the availability of the audit staff. Corrective Actions Taken or Planned: On February 7,2024, the Authority completed all industry standard, minimum cybersecurity remediation and compliance requirements following the incident, as set forth by the National Institute of Standards and Technology (NIST) Cyber Security Framework and Dell Technologies. All hyper-converged infrastructure, network firewall, and networked components have been examined through a rigorous network remediation and data validation process, in order to significantly reduce the risk of further malicious exposure of its data and equipment to any/all entities separate from the organization. The Kansas City Area Transportation Authority has moreover, taken measures to secure and improve the overall security posture during the remediation period for all workstations, servers, and networked infrastructure, with the addition of continuous monitoring and next generation antivirus systems with endpoint detection response capabilities, firewalled intrusion detection and prevention measures, as well as the development and implementation of continuous identity access management and data loss prevention features and processes. In April 2024, the American Public Transit Association (APTA) performed a financial peer review on the Authority. Among the recommendations as best practice by the peer group was the replacement of the long-standing audit firm with a new firm. The Request for Purchase (RFP) was conducted, and a new audit firm has been selected. Approval of the new Audit firm contract is scheduled for approval by the Board of Commissions on October 22, 2024. KCATA will work with the new audit firm to develop a schedule to publish financial statements by April or May of each year which was the historical schedule in place. Contact person responsible for corrective action: Andrew Morse, Comptroller

Other Findings in this Audit

503483 2023-004

-
503484 2023-004

-
503485 2023-004

-
503486 2023-004

-
503487 2023-004

-
503488 2023-004

-
503489 2023-004

-
503490 2023-004

-
503491 2023-004

-
1079924 2023-004

-
1079925 2023-004

-
1079926 2023-004

-
1079927 2023-004

-
1079928 2023-004

-
1079929 2023-004

-
1079930 2023-004

-
1079931 2023-004

-
1079932 2023-004

-
1079933 2023-004

-

Programs in Audit

ALN	Program Name	Expenditures
20.507	Covid-19 - Federal Transit Formula Grants	$43.61M
20.507	Federal Transit Formula Grants	$21.04M
20.526	Buses and Bus Facilities Formula, Competitive, and Low Or No Emissions Programs	$1.84M
20.933	National Infrastructure Investments	$1.65M
20.513	Enhanced Mobility of Seniors and Individuals with Disabilities	$743,563
93.778	Medical Assistance Program	$153,662
20.525	State of Good Repair Grants Program	$54,619
20.530	Public Transportation Innovation	$50,195
20.500	Federal Transit Capital Investment Grants	$29,986
20.505	Metropolitan Transportation Planning and State and Non-Metropolitan Planning and Research	$6,544