This report summarizes our fiscal year 2023 audit results for the following four agencies under the Secretary of Health and Human Resources. Collectively, these four agencies spent $28.2 billion or 98 percent of the total expenses for agencies within this secretariat.

• Department of Behavioral Health and Developmental Services (DBHDS)
• Department of Health (Health)
• Department of Medical Assistance Services (Medical Assistance Services)
• Department of Social Services (Social Services)

Our audits of these agencies for the year ended June 30, 2023, found:

• proper recording and reporting of all transactions, in all material respects, in the Commonwealth’s accounting and financial reporting system, each agency’s internal accounting and financial reporting system, and supplemental information and attachments submitted to the Department of Accounts, after Health and Social Services made adjustments to their attachments for material misstatements as noted in the section titled “Internal Control and Compliance Findings and Recommendations;”

• 55 findings involving internal control and its operation necessary to bring to management’s attention; six of which are considered to be material weaknesses; 

• 46 of the 55 findings to be instances of noncompliance with applicable laws and regulations 
or other matters that are required to be reported; and

• adequate corrective action with respect to 16 prior audit findings and recommendations
identified as complete in the Findings Summaries included in the Appendix.

We identified the Low-Income Household Water Assistance Program (LIHWAP) and the Temporary Assistance for Needy Families (TANF) federal grant programs as high-risk major federal programs at Social Services and included them within the Commonwealth’s Single Audit scope. We conduct our audits under the assumption that management has designed, implemented, and maintained internal controls that provide reasonable assurance that it managed the federal award in compliance with federal statutes, regulations, and the terms and conditions of the federal award.

 
During the LIHWAP audit, we determined that management did not implement internal controls to comply with the federal regulations at Title 2 U.S. Code of Federal Regulations (CFR) § 200.303(a) and 2 CFR § 200.501(g), which require Social Services to maintain internal controls to provide reasonable assurance over contractor compliance. Due to the significance of the matters described in the finding titled “Obtain Reasonable Assurance Over Contractor Compliance with Program Regulations” in the “Internal Control and Compliance Findings and Recommendations” section of our report, we were unable to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion on compliance for the LIHWAP federal grant program. As a result, we issued a disclaimer of opinion for the LIHWAP federal grant program in the Commonwealth’s Single Audit report for the year ended June 30, 2023.

For our audit of the TANF federal grant program, the Office of Management and Budget’s (OMB) 
Compliance Supplement requires us to audit Social Services’ Administration for Children and Families 
(ACF) 199 TANF Data Report (ACF-199) and 209 Separate State Programs – Maintenance-of-Effort (SSPMOE) Data Report (ACF-209) report submissions. During the audit, we determined that Social Services had not implemented internal controls to comply with the federal regulations at 45 CFR § 265.7(b), which require States to have complete and accurate reports that accurately reflect information available in 
case records are free of computational errors and are internally consistent. As a result, we communicated this matter to Social Services’ management through the audit finding titled “Implement Internal Controls over TANF Federal Performance Reporting,” which is included in the section of our report titled “Internal Control and Compliance Findings and Recommendations.” Additionally, we issued a qualified opinion on the reporting type of compliance requirement for the TANF federal grant program because Social Services did not materially comply with the provisions at 45 CFR § 265.7(b), as compliance with this requirement is necessary for the Commonwealth to materially comply with the reporting compliance requirement applicable to the program.

In the section titled “Internal Control and Compliance Findings and Recommendations,” we have included our assessment of the conditions and causes resulting in the internal control and compliance findings identified through our audits as well as recommendations for addressing those findings. Our assessment does not remove management’s responsibility to perform a thorough assessment of the conditions and causes of the findings and develop and appropriately implement adequate corrective actions to resolve the findings as required by the Department of Accounts in Topic 10205 – Agency Response to APA Audit of the Commonwealth Accounting Policies and Procedures Manual. Those corrective actions may include additional items beyond our recommendations.

Our report also includes two risk alerts that require the action and cooperation of the applicable agency’s management and the Virginia Information Technologies Agency. The risk alerts are applicable to DBHDS, Health, and Medical Assistance Services. In addition, our report includes one operational matter as a comment to management applicable to DBHDS.