FAC Explorer

Finding 606580 (2022-002)

Significant Deficiency Repeat Finding
Requirement
P
Questioned Costs
-
Year
2022
Accepted
2023-02-20
Audit: 33926
Organization: The Medical College of Wisconsin, INC (WI)
Auditor: Kpmg LLP

AI Summary

  • Core Issue: Ineffective general IT controls in the student information system, particularly around change management and user access, could lead to improper disbursement of student financial aid.
  • Impacted Requirements: Compliance with 2 CFR Section 200.303, which mandates strong internal controls for managing federal awards.
  • Recommended Follow-Up: MCW should enhance monitoring policies for system changes and user access to ensure compliance and safeguard against unauthorized changes.

Finding Text

Finding 2022-02 General Information Technology Controls Federal Agency: U.S. Department of Education Program Name: Student Financial Aid Cluster CFDA Number: Various Grant Identification Number: Various Grant Award Period: July 1, 2021 through June 30, 2022 Criteria The 2 CFR Section 200.303 requires that non federal entities receiving federal awards establish and maintain internal control over the federal awards that provides reasonable assurance that the non federal entity is managing the federal awards in compliance with federal statutes, regulations, and the terms and conditions of the federal awards. Condition Found During test work performed over the Student Financial Aid Cluster, we noted that within the student information system (the system), certain general information technology controls surrounding change management and user access appeared to be missing or ineffectively designed. Specifically, users with certain administrative access rights have access to the underlying source code of the system and could implement changes directly in the system. There were no monitoring controls over these accounts regarding source code changes. In addition, the password to certain administrative accounts that are used to provision/de provision user access is not routinely changed, and thus could result in employees with inappropriate access. Cause A new student information system was implemented resulting in controls which previously were manual in nature, being replaced with automated controls within the system. As automated control reliance on the system increased, monitoring of system changes and policies surrounding access to administrator and super user accounts were not adequately considered or developed consistent with overall information technology policies and procedures in place at MCW. Effect If controls surrounding change management and user access are ineffectively designed, student financial aid may be disbursed in the incorrect amount or to a student who does not meet the eligibility requirements as stated in the Compliance Supplement. Questioned Costs None Statistically Valid Sample The sample was not intended to be, and was not, a statistically valid sample Repeat Finding Yes Recommendation We recommend MCW implement policies and procedures over monitoring of student financial aid system changes and user access. Management?s Response While manual controls mitigated the disbursement of an incorrect amount or disbursement to a student who does not meet the eligibility requirements, MCW concurs and has put significant effort into adding additional change management and user access controls to the student information system. As stated above, these conditions occurred when MCW changed student information systems and began relying more heavily on automated controls within the student information system, instead of solely relying on manual controls outside of the system. Two areas that needed to be addressed were related to general information technology controls: 1. Users with certain administrative access rights have access to the underlying source code of the system and lack monitoring controls over these accounts regarding source code changes. 2. Password requirements for certain administrative accounts were not routinely changed. As of May 10, 2022, MCW implemented controls to address the matters noted above.

Categories

Subrecipient Monitoring Eligibility Internal Control / Segregation of Duties

Other Findings in this Audit

  • 30137 2022-002
    Significant Deficiency Repeat
  • 30138 2022-002
    Significant Deficiency Repeat
  • 30139 2022-002
    Significant Deficiency Repeat
  • 606579 2022-002
    Significant Deficiency Repeat
  • 606581 2022-002
    Significant Deficiency Repeat

Programs in Audit

ALN Program Name Expenditures
84.268 Federal Direct Student Loans $49.06M
93.498 Provider Relief Fund $33.08M
93.837 Cardiovascular Diseases Research $21.76M
93.839 Blood Diseases and Resources Research $14.90M
93.847 Diabetes, Digestive, and Kidney Diseases Extramural Research $10.05M
93.395 Cancer Treatment Research $8.69M
93.342 Health Professions Student Loans, Including Primary Care Loans/loans for Disadvantaged Students $8.36M
93.853 Extramural Research Programs in the Neurosciences and Neurological Disorders $5.61M
93.859 Biomedical Research and Research Training $5.42M
93.867 Vision Research $4.26M
12.420 Military Medical Research and Development $3.24M
93.310 Trans-Nih Research Support $3.08M
93.279 Drug Abuse and Addiction Research Programs $2.72M
93.394 Cancer Detection and Diagnosis Research $2.67M
93.242 Mental Health Research Grants $2.57M
93.865 Child Health and Human Development Extramural Research $2.53M
93.393 Cancer Cause and Prevention Research $2.34M
93.396 Cancer Biology Research $2.33M
84.038 Federal Perkins Loan Program $2.10M
93.838 Lung Diseases Research $1.82M
93.353 21st Century Cures Act - Beau Biden Cancer Moonshot $1.63M
93.361 Nursing Research $972,233
93.866 Aging Research $933,309
93.173 Research Related to Deafness and Communication Disorders $927,533
20.RD National Highway Traffic Safety Administration (nhtsa) $801,245
93.RD Substance Abuse and Mental Health Services Administration $729,731
93.398 Cancer Research Manpower $624,033
43.003 Exploration $596,291
93.RD Centers for Medicare and Medicaid Services $591,262
93.247 Advanced Nursing Education Grant Program $529,985
12.431 Basic Scientific Research $513,775
93.233 National Center on Sleep Disorders Research $465,647
93.307 Minority Health and Health Disparities Research $452,293
93.137 Community Programs to Improve Minority Health Grant Program $385,734
12.RD Department of the Navy $328,807
16.RD Bureau of Justice Assistance $246,830
12.RD Uniformed Services University of the Health Sciences $233,833
93.959 Block Grants for Prevention and Treatment of Substance Abuse $229,574
93.186 National Research Service Award in Primary Care Medicine $223,539
93.213 Research and Training in Complementary and Integrative Health $214,624
93.286 Discovery and Applied Research for Technological Innovations to Improve Human Health $211,595
93.121 Oral Diseases and Disorders Research $206,388
93.994 Maternal and Child Health Services Block Grant to the States $202,854
14.218 Community Development Block Grants/entitlement Grants $200,052
93.113 Environmental Health $185,894
93.080 Blood Disorder Program: Prevention, Surveillance, and Research $181,092
93.855 Allergy, Immunology and Transplantation Research $176,660
93.RD Agency for Healthcare Research and Quality $168,128
93.846 Arthritis, Musculoskeletal and Skin Diseases Research $156,889
21.019 Coronavirus Relief Fund $133,494
47.075 Social, Behavioral, and Economic Sciences $113,242
93.134 Grants to Increase Organ Donations $109,766
93.RD Centers for Disease Control and Prevention $84,636
16.RD U.s. Department of Justice $84,302
93.RD Office of the Secretary $82,021
93.092 Affordable Care Act (aca) Personal Responsibility Education Program $80,486
64.RD U.s. Department of Veterans Affairs $73,465
93.461 Covid-19 Testing for the Uninsured $71,799
93.977 Preventive Health Services_sexually Transmitted Diseases Control Grants $66,872
47.049 Mathematical and Physical Sciences $61,998
93.243 Substance Abuse and Mental Health Services_projects of Regional and National Significance $61,995
93.576 Refugee and Entrant Assistance_discretionary Grants $52,388
93.350 National Center for Advancing Translational Sciences $51,516
21.027 Coronavirus State and Local Fiscal Recovery Funds $49,222
93.889 National Bioterrorism Hospital Preparedness Program $48,860
10.310 Agriculture and Food Research Initiative (afri) $46,683
93.351 Research Infrastructure Programs $42,770
45.162 Promotion of the Humanities_teaching and Learning Resources and Curriculum Development $38,675
64.034 Va Assistance to United States Paralympic Integrated Adaptive Sports Program $37,000
93.426 Improving the Health of Americans Through Prevention and Management of Diabetes and Heart Disease and Stroke $34,109
20.108 Aviation Research Grants $32,517
93.074 Hospital Preparedness Program (hpp) and Public Health Emergency Preparedness (phep) Aligned Cooperative Agreements $29,664
16.817 Byrne Criminal Justice Innovation Program $29,655
93.110 Maternal and Child Health Federal Consolidated Programs $29,244
12.RD U.s. Army Medical Command $27,291
93.136 Injury Prevention and Control Research and State and Community Based Programs $23,556
84.425 Education Stabilization Fund $21,679
93.RD Food and Drug Administration $19,458
47.076 Education and Human Resources $17,629
93.RD Health Resources and Services Administration (hrsa) $8,674
93.RD Administration for Community Living $6,464
93.778 Medical Assistance Program $6,179
93.153 Coordinated Services and Access to Research for Women, Infants, Children, and Youth $6,172
93.RD National Institutes of Health (nih) $3,522
93.940 Hiv Prevention Activities_health Department Based $2,676
47.074 Biological Sciences $1,696
93.566 Refugee and Entrant Assistance_state Administered Programs $1,131
93.917 Hiv Care Formula Grants $668
98.001 Usaid Foreign Assistance for Programs Overseas $594
47.RD National Science Foundation $-7,263