Department of Medical Assistance Services Report on Audit for the Year Ended June 30, 2024
Learn how the AI-generated research projects were createdOverall Conclusion
Medical Assistance Services properly stated, in all material respects, the amounts recorded and reported in the Commonwealth’s accounting and financial reporting system, Medical Assistance Services’ financial systems, and supplemental information and attachments submitted to the Department of Accounts. The audit identified internal control and compliance findings that require management’s attention and corrective action, including one material weakness and several significant deficiencies. Management has taken adequate corrective action with respect to two prior audit findings identified as complete in the Findings Summary in the Appendix.
Source Document
Audit Scope
Audit of the Department of Medical Assistance Services (DMAS), including the Medicaid Cluster and Coronavirus State and Local Fiscal Recovery Funds federal grant programs, for the fiscal year ended June 30, 2024. The scope covered DMAS’s financial transactions, internal control over financial reporting, and compliance with applicable laws, regulations, contracts, and grant agreements. It included controls over accounts payable, accounts receivable, contract procurement and management, general fund revenues (drug rebates) and expenses, federal revenues/expenses and compliance for the Medicaid Cluster and CSLFRF, provider assessment revenues and expenses, and information system security (including access controls). The audit assessed the reliability of DMAS’s financial reporting as presented in the Commonwealth of Virginia’s Annual Comprehensive Financial Report and its compliance with the Department of Accounts and the federal single audit; it also examined corrective actions related to prior-year findings and risk alerts related to unpatched software and centralized audit log information. The audit considered DMAS’s relationships with its fiscal agent and IT third-party service providers, and used nonstatistical sampling; the Single Audit Report will be available in February 2025.
Key Findings Summary
Improve Information Security Program and Controls
Improve Vulnerability Remediation Efforts
Improve IT Third-Party Oversight Process
View the Findings tab to see all 7 findings
AI-Assisted
AI Scope Summary
To assess the accuracy of DMAS’s financial transactions and federal program compliance for FY2024, evaluate the adequacy of internal controls and compliance with laws and grants, and review corrective actions from prior audits, with emphasis on IT security and third‑party oversight in the Medicaid Cluster and Coronavirus State and Local Fiscal Recovery Funds programs.
AI-Generated Insight
The Virginia APA audit of DMAS highlights significant IT security weaknesses and gaps in third‑party oversight that could affect Medicaid program integrity and data protection. While financial reporting is sound, vulnerabilities in information security controls, vulnerability management, and oversight of the fiscal agent and IT service providers require sustained action and coordination with the Virginia Information Technologies Agency (VITA) to reduce cyber risk and ensure compliance with Security Standards.