Finding Text
Item 2022-003 - Software Access Restrictions Significant Deficiency Federal Program - Food Distribution Cluster CFDA Number - 10.569, 10.568, 10.565 Federal Award Numbers - 72208 Federal Award Year - June 30, 2022 Federal Agency - U.S. Department of Agriculture Pass-Through Entity - Oklahoma Department of Human Services Criteria: Uniform Administrative Requirements, Cost Principles and Audit Requirements for Federal Awards section 200.303 requires that organizations receiving federal awards must establish and maintain effective internal control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with Federal statutes, regulations and the terms and conditions of the Federal award. Condition/context: The Organization monitors subrecipient eligibility status for USDA commodity distributions through software. The monitoring software allows for restrictions to enable only certain users the ability to edit subrecipient's eligibility status. In one of five selections an employee was improperly granted authority to edit subrecipient eligibility status. Cause: Ineffective access management controls and turnover of personnel. Effect: An unauthorized employee could manipulate the software to allow ineligible agencies to receive USDA commodities. Questioned cost: Not applicable. Repeat finding: This is not a repeat finding. Recommendation: New employees should be evaluated for proper software access and authority. The ability to edit subrecipient eligibility status should be limited to key partner agency personnel, and the Organization should routinely review the list of authorized users for accuracy. View of responsible officials: Management's response is reported in "Corrective Action Plan" at the end of this report.