FAC Explorer

Finding 525921 (2023-001)

Material Weakness
Requirement
AB
Questioned Costs
-
Year
2023
Accepted
2025-03-06
Audit: 345096
Organization: Hawkeye Area Community Action Program (IA)
Auditor: Wipfli LLP

AI Summary

  • Core Issue: HACAP faced a security breach that compromised access to electronic financial information, impacting their ability to complete the audit.
  • Impacted Requirements: This situation violates 2 CFR part 200, which mandates effective control and accountability over financial assets.
  • Recommended Follow-Up: HACAP should implement stronger security measures and backup procedures to protect electronic records and ensure data recovery.

Finding Text

Internal Controls over Electronic Financial Information Criteria or Specific Requirement: 2 CFR part 200 (Uniform Guidance) requires grantees to have effective control over, and accountability for, all funds, property, and other assets. Condition: Subsequent to the fiscal year end, HACAP experienced a security breach of their electronic financial information by an outside party which denied HACAP access to their computer servers. Although several attempts were made to recover the financial information, HAPCAP was unable to retrieve essential electronic financial information needed to complete the audit. With the inability to retrieve the information, HACAP had to recreate the financial information manually causing significant delays in reconciling accounts and completion of the audit. Effect: As a result of the deficiencies in adequately safeguarding of electronic financial information and the inability to recreate the electronic financial information using back-ups systems, a material weakness in internal control over financial reporting exists. Cause: HACAP's internal controls over their electronic financial information did not adequately safeguard their financial information and prevent access from outside parties. In addition, HACAP's back-ups of the electronic financial information were not effective in recreating the financial information necessary to complete the audit. Repeat: No Auditor's Recommendations: We recommend HACAP implement procedures to ensure electronic records are secured and adequately backed-up. View of Responsible Officials: Management agrees with the finding and has developed a written corrective action plan.No findings related to the the financial statements.

Corrective Action Plan

Hawkeye Area Community Action Program, Inc. (HACAP) has migrated our financial accounting software to a data center managed by a 3'' party. A full backup of the database is done daily to both the cloud and to a hard drive that is securely stored. Person(s) Responsible: Paula Mahan, Jim McGoldrock Timing for Implementation: Immediate action was taken, and the change was made as soon as the data breach was discovered in October 2023.

Categories

Material Weakness Reporting Internal Control / Segregation of Duties

Other Findings in this Audit

  • 525922 2023-002
    Significant Deficiency
  • 525923 2023-001
    Material Weakness
  • 525924 2023-002
    Significant Deficiency
  • 525925 2023-001
    Material Weakness
  • 525926 2023-002
    Significant Deficiency
  • 525927 2023-001
    Material Weakness
  • 525928 2023-002
    Significant Deficiency
  • 525929 2023-001
    Material Weakness
  • 525930 2023-002
    Significant Deficiency
  • 525931 2023-001
    Material Weakness
  • 525932 2023-002
    Significant Deficiency
  • 1102363 2023-001
    Material Weakness
  • 1102364 2023-002
    Significant Deficiency
  • 1102365 2023-001
    Material Weakness
  • 1102366 2023-002
    Significant Deficiency
  • 1102367 2023-001
    Material Weakness
  • 1102368 2023-002
    Significant Deficiency
  • 1102369 2023-001
    Material Weakness
  • 1102370 2023-002
    Significant Deficiency
  • 1102371 2023-001
    Material Weakness
  • 1102372 2023-002
    Significant Deficiency
  • 1102373 2023-001
    Material Weakness
  • 1102374 2023-002
    Significant Deficiency

Programs in Audit

ALN Program Name Expenditures
10.569 Emergency Food Assistance Program (food Commodities) $2.05M
10.557 Special Supplemental Nutrition Program for Women, Infants, and Children $1.81M
93.569 Community Services Block Grant $1.65M
10.558 Child and Adult Care Food Program $1.64M
64.033 Va Supportive Services for Veteran Families Program $1.58M
81.042 Weatherization Assistance for Low-Income Persons $859,123
93.575 Child Care and Development Block Grant $818,937
14.267 Continuum of Care Program $759,975
93.600 Head Start $614,586
93.499 Low Income Household Water Assistance Program $557,928
93.994 Maternal and Child Health Services Block Grant to the States $355,603
10.568 Emergency Food Assistance Program (administrative Costs) $348,678
93.778 Medical Assistance Program $238,942
21.024 Community Development Financial Institutions Rapid Response Program (cdfi Rrp) $148,129
93.568 Low-Income Home Energy Assistance $123,776
14.231 Emergency Solutions Grant Program $42,952
14.239 Home Investment Partnerships Program $22,096
14.218 Community Development Block Grants/entitlement Grants $22,000