FAC Explorer

Finding 503593 (2023-004)

Significant Deficiency
Requirement
N
Questioned Costs
-
Year
2023
Accepted
2024-10-24
Audit: 325760
Organization: Transylvania County (NC)
Auditor: Martin Starnes & Associates CPAS P A

AI Summary

  • Core Issue: An unattended workstation was found logged into the state network, posing a risk of unauthorized access.
  • Impacted Requirements: Compliance with the Division of Social Services Fiscal Manual regarding physical access control to state network terminals.
  • Recommended Follow-Up: Implement procedures for automatic logout on unattended workstations and conduct random checks to ensure compliance.

Finding Text

U.S. Department of Health and Human Services Passed through the N.C. Dept. of Health and Human Services Program Name: Medical Assistance Program AL# 93.778 Grant Number: XIX-MAP23 Significant Deficiency Finding 2023-004 Criteria: In accordance with the Division of Social Services Fiscal Manual, DSS employees should control physical access to the state network terminals or personal computers that are connected to the state mainframe. Condition: Upon surprise inspection, one unattended workstation of a DSS employee was logged onto the state network. Context: While performing testing of internal control over compliance related to the Division of Social Services, we noted the above condition. Effect: Unauthorized access to the state system could be obtained due to the unattended logon to the system throughout the DSS building. Cause: Lack of proper internal controls over data security. Questioned Costs: None. The finding represents an internal control issue; therefore, no questioned costs are applicable. Recommendation: Require the County Data Processing Department to implement procedures to require logout of workstations where access to the state DSS system is granted. The control procedures should include random verification of logout in instances where offices are unattended. Name of Contact Person: Meagan O’Neal, Finance Director. Views of Responsible Officials and Planned Corrective Actions: Management concurs with this finding and will adhere to the Corrective Action Plan in this audit report.

Corrective Action Plan

Finding 2023-004: Name of Contact Person: Nathanael Carver Management Response: Information Technology implemented a new procedure related to the County’s Computer and Internet Use Policy to ensure County and State data is always secure and safe. This new procedure includes restrictions on non-used network ports, non-county technology devices accessing the network, new password requirements and a ticketing system for all IT related support. Staff were also reminded of the importance of securing workstations during their absence. Random verification of logout confirmation occurs by DSS supervisors as well as IT staff to ensure procedures are being followed. Proposed Completion Date: Immediately.

Categories

Significant Deficiency Internal Control / Segregation of Duties

Other Findings in this Audit

  • 503592 2023-003
    Significant Deficiency
  • 1080034 2023-003
    Significant Deficiency
  • 1080035 2023-004
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
21.027 Covid-19-Coronavirus State and Local Fiscal Recovery Funds Arpa $2.21M
93.778 Medical Assistance Program $1.03M
93.354 Public Health Emergency Response: Cooperative Agreement for Emergency Response: Public Health Crisis Response $461,598
93.558 Temporary Assistance for Needy Families $319,197
23.011 Appalachian Research, Technical Assistance, and Demonstration Projects $270,000
21.032 Local Assistance and Tribal Consistency Fund $213,572
10.561 State Administrative Matching Grants for the Supplemental Nutrition Assistance Program $204,078
93.667 Social Services Block Grant $183,827
93.323 Epidemiology and Laboratory Capacity for Infectious Diseases (elc) $149,847
10.557 Special Supplemental Nutrition Program for Women, Infants, and Children $143,770
16.838 Comprehensive Opioid Abuse Site-Based Program $141,464
93.658 Foster Care_title IV-E $141,428
93.563 Child Support Enforcement $126,568
10.691 Good Neighbor Authority $95,684
93.276 Drug-Free Communities Support Program Grants $88,132
93.044 Special Programs for the Aging_title Iii, Part B_grants for Supportive Services and Senior Centers $80,187
20.509 Formula Grants for Rural Areas and Tribal Transit Program $70,584
93.645 Stephanie Tubbs Jones Child Welfare Services Program $67,534
93.596 Child Care Mandatory and Matching Funds of the Child Care and Development Fund $65,562
93.568 Covid-19-Low-Income Home Energy Assistance Arpa $53,353
10.923 Emergency Watershed Protection Program $45,170
10.561 Covid-19-State Administrative Matching Grants for the Supplemental Nutrition Assistance Program Arpa $40,645
93.045 Special Programs for the Aging_title Iii, Part C_nutrition Services $39,641
16.575 Crime Victim Assistance $38,492
93.217 Family Planning_services $32,707
93.069 Public Health Emergency Preparedness $30,783
93.991 Preventive Health and Health Services Block Grant $30,608
93.994 Maternal and Child Health Services Block Grant to the States $28,331
93.568 Low-Income Home Energy Assistance $25,119
93.767 Children's Health Insurance Program $24,037
97.042 Emergency Management Performance Grants $20,625
16.606 State Criminal Alien Assistance Program $16,512
93.268 Covid-19-Immunization Cooperative Agreements $13,562
20.513 Enhanced Mobility of Seniors and Individuals with Disabilities $12,627
93.556 Promoting Safe and Stable Families $12,274
93.674 John H. Chafee Foster Care Program for Successful Transition to Adulthood $11,954
93.052 National Family Caregiver Support, Title Iii, Part E $8,963
93.268 Immunization Cooperative Agreements $8,598
93.053 Nutrition Services Incentive Program $8,558
93.116 Project Grants and Cooperative Agreements for Tuberculosis Control Programs $3,313
93.659 Adoption Assistance $2,947
93.898 Cancer Prevention and Control Programs for State, Territorial and Tribal Organizations $1,330
93.977 Preventive Health Services_sexually Transmitted Diseases Control Grants $42