State of Arizona Department of Economic Security management letter

              State of Arizona
Department of Economic Security
Management Letter
Year Ended June 30, 2001
2910 NORTH 44 th STREET • SUITE 410 • PHOENIX, ARIZONA 85018 • (602) 553 -0333 • FAX (602) 553 -0051
DEBRA K. DAVENPORT, CPA
AUDITOR GENERAL
STATE OF ARIZONA
OFFICE OF THE
AUDITOR GENERAL
WILLIAM THOMSON
DEPUTY AUDITOR GENERAL
June 3, 2002
John L. Clayton, Director
State of Arizona
Department of Economic Security
1717 West Jefferson Street
Phoenix, AZ 85007
Subje ct: Management Letter
Dear Mr. Clayton:
In planning and conducting our financial statement audit of the Department of Economic Security and our
single audit of the State of Arizona for the year ended June 30, 2001, we performed the following as required
by Government Auditing Standards (GAS) and Office of Management and Budget (OMB) Circular A-133:
§ Considered the Department’s internal controls over financial reporting,
§ Tested its internal controls over major federal programs, and
§ Tested its compliance with laws and regulations that could have a direct and material effect on the
Department’s financial statements or the State’s financial statements and major federal programs.
All audit findings that are required to be reported by GAS and OMB Circular A-133 have been included in
the State of Arizona’s Single Audit Reporting Package for the year ended June 30, 2001, and have been
communicated to your staff. In addition, our audit disclosed internal control weaknesses and instances of
noncompliance with laws and regulations that do not meet the reporting criteria. Management should correct
these deficiencies to ensure that it fulfills its responsibility to establish and maintain adequate internal
controls and comply with laws and regulations. Our recommendations are described in the accompanying
summary.
This letter is intended solely for the information of the Department of Economic Security and is not intended
to be and should not be used by anyone other than the specified party. However, this letter is a matter of
public record and its distribution is not limited.
Should you have any questions concerning its contents, please let us know.
Sincerely,
Dennis L. Mattheisen, CPA
Financial Audit Director
Attachment
Table of Contents
Recommendation I:
The Arizona Industries for the Blind should
improve its controls over its accounting
records and assets
Recommendation II:
The Division of Developmental Disabilities
should properly reconcile its fiduciary
accounts
Recommendation III:
The Department needs to improve its
controls over fixed assets to ensure that they
are safeguarded and its listing is accurate
Recommendation IV:
The Department should protect its
information system from damage and
equipment failure
Recommendation V:
The Department’s personnel files should
contain current employee data
Recommendation VI:
The Department needs to comply with
federal laws and regulations
1
2
2
3
3
4
Department Response 6
1
The Arizona Industries for the Blind should improve its controls over its
accounting records and assets
The Arizona Industries for the Blind (AIB) provides employment and
rehabilitation for the blind. The AIB is responsible for maintaining its
own accounting records and preparing its own financial statements.
However, AIB lacked adequate internal controls over its accounting
records and assets. Consequently, AIB could not ensure that its records or
reports were accurate and fixed assets were safeguarded. The following
deficiencies illustrate this lack of control.
· One employee was responsible for preparing, approving, and recording
manual journal entries, transfers, and the correction of errors. This
employee was also an authorized signer for all bank accounts.
· Documentation supporting three disbursements could not be located.
· The invoice number or amount for four accounts payable and one
account receivable was incorrectly posted to the accounts payable or
receivable aging reports.
· Depreciation expense was calculated incorrectly for numerous capital
assets.
· The unit cost for six items recorded on the inventory listing was
incorrect.
· A capital asset recorded on the assets listing could not be located.
· Two capital assets located on the AIB premises were not included on
the assets listing.
· Six capital assets lacked a property control tag.
A finding similar to this one was reported previously.
The AIB should improve its existing controls over its accounting records
and assets. Specifically, the AIB should:
ü Separate accounting responsibilities among its employees to ensure
that no one person can sign checks as well as prepare, approve, and
modify the records of financial transactions.
ü Retain documentation that supports expenditures and complies with
the State’s record retention policy.
ü Report accounts receivable and payable transactions accurately on its
subsidiary systems.
ü Calculate depreciation expense properly.
ü Value its inventory items at actual cost.
ü Record all assets valued over $5,000 accurately on its assets listing.
ü Control all capital assets with a property control tag.
Recommended procedures for
controls over accounting
records and assets
2
The Division of Developmental Disabilities should properly reconcile its fiduciary
accounts
The Division of Developmental Disabilities has six regional offices that
administer the financial activity for individuals with developmental
disabilities who are unable to handle their own finances. Each regional
office maintains the financial activity records for disabled individuals on
its personal computer. Each regional office also maintains a fiduciary
bank account for depositing socia l security, Arizona Long-Term Care
System, and other benefit cash receipts and issuing checks for disabled
individuals’ expenses.
In December 1999, the Division changed the software on its personal
computer and did not provide adequate training to its emp loyees on the
new system. Subsequently, several regional offices incorrectly recorded
the financial activity onto the new system and were unable to reconcile
their accounting records to the banks’ statements.
The Division should immediately correct the erroneous financial
information recorded on the new system, then reconcile the accounting
records to the bank statements. Performing proper monthly reconciliations
will help ensure that accurate and complete financial information is
maintained for each of its disabled clients.
The Department needs to improve its controls over fixed assets to ensure that
they are safeguarded and its listing is accurate
The Department cannot ensure that it is adequately safeguarding its assets
unless it has an accurate listing of those assets. However, the Department
lacked controls to ensure that fixed assets were properly tagged and
accurately recorded in its fixed assets control system. As a result, the
following errors occurred:
· Some capital equipment items did not have a property control tag.
· Several fixed assets included on the listing could not be located.
· One asset was recorded on the fixed assets listing twice.
· Numerous assets recorded on the system had an incorrect property
control tag number, model number, serial number, or location
recorded.
· Several assets were recorded on the fixed assets listing at an estimated
value; however, this estimated value exceeded the actual value by
$24,296.
· The disposal forms for deleted assets were incomplete and contained
numerous errors. Specifically, the property description,
manufacturer’s serial number, property tag number, acquisition date,
funding source, and reporting categories were excluded from the
disposal forms. As a result, assets could have been incorrectly deleted
from the listing.
3
A finding similar to this one was reported previously.
To help ensure the integrity and accuracy of the information provided by
the fixed assets control system, the Department should follow internal
control policies and procedures outlined in the State of Arizona
Accounting Manual, Section G. Specifically, the Department should issue
each asset a property control number and record the number, model
number, serial number, location, and actual cost on the fixed assets control
system. Further, the Department should properly report all required
information on disposal forms.
The Department should protect its information system from damage and
equipment failure
The Department’s disaster recovery plan for its financial management
control systems had not been updated or tested since 1988. In addition,
the Department kept the plan with its computer system. Further, the
Department’s plan did not include a list of employees assigned to disaster
recovery teams or their emergency phone numbers. Lack of an updated
and tested disaster recovery plan exposes the Department’s computer
system to damage and loss of valuable data.
The Department should update its written policies and procedures
regarding the disaster recovery plan. Further, the plan should be tested on
a regular basis and stored in a secured off-site location. The disaster
recovery plan should include the following:
ü Personnel assigned to disaster recovery teams and their emergency
telephone numbers.
ü A risk analysis identifying critical applications, exposures, and an
assessment of potential impact on the Department.
ü Arrangements with vendors to support hardware and software
requirements.
ü A designated physical facility offsite.
The Department’s personnel files should contain current employee data
Personnel and payroll controls help ensure that employees’ wages are
supported by personnel data and are the proper amounts. Specifically, the
Department should ensure that current personnel action forms, insurance
benefits election forms, and direct deposit authorization forms are
maintained in its personnel files. Although the Department had
established appropriate internal control policies and procedures, it was
unable to locate the following documents for numerous employees:
Recommendations for
safeguarding fixed assets
Specific information for the
disaster recovery plan
4
· Current personnel action forms to support the employee’s pay rate.
· Insurance benefit election forms.
· Direct deposit authorization forms.
A finding similar to this one was reported previously.
To help ensure payroll and payroll- related expenditures are properly
supported and compliance with payroll laws and regulations, the
Department should always follow its established policies and procedures.
The Department needs to comply with federal laws and regulations
The Department administers several federal programs to serve individual
recipients throughout the State of Arizona. Consequently, the Department
is responsible for complying with federal requirements outlined in the
United States Code; Code of Federal Regulations (CFR); and OMB
Circular A-133, Audits of States, Local Governments, and Non-Profit
Organizations. For the year ended June 30, 2001, the Department did not
always comply with the federal regulations, as evidenced by the following
instances of noncompliance.
Temporary Assistance for Needy Families (TANF)
The Division of Benefits and Medical Eligibility is required to refer all
single parent recipients for whom either paternity has not been established
or a child support order needs to be established, modified, or enforced, to
the Division of Child Support Enforcement. Referring TANF recipients to
the Division of Child Support Enforcement will help increase child
support collections. 45 CFR §264.30 (a)
The Division of Benefits and Medical Eligibility did not refer two single
parent TANF recipients to the Division of Child Support Enforcement.
Child Support Enforcement
The Division of Child Support Enforcement is required to establish
support obligations within 90 days after locating the noncustodial parent,
develop a system for closing child support cases that specifies each
eligibility requirement and a timeline in which the cases are to be closed,
and monitor subrecipients’ activities to ensure that they are in compliance
with federal regulations. 45 CFR §303.4 (d), §303.11, and §92.40 (a)
5
Auditors noted the following instances of noncompliance with the
described federal requirements.
· In one case, the Division located the non-custodial parent but had not
established the support obligation 6 months later.
· The Division did not close five child support enforcement cases within
the time frames outlined in its policies and procedures.
· The Division took corrective action on two subrecipients’ single audit
findings only after auditors brought the matter to its attention.
Rehabilitation Services – Vocational Rehabilitation Grants to States
(Vocational Rehabilitation)
The Division of Employment and Rehabilitation Services is responsible
for administering the Vocational Rehabilitation program, assisting
individuals with preparing for, securing, retaining, or regaining an
employment outcome that is consistent with the individual’s overall
ability. The Division is required to determine an applicant’s eligibility for
vocational rehabilitation services within 60 days, complete an assessment
and individualized plan of employment for each eligible recipient, and
amend the individualized plan for substantive changes. Further, if a
recipient is determined to be ineligible after previously receiving services,
the Department must provide a full consultation, inform the person in
writing of the ineligibility determination, provide information of available
services, and review the determination of ineligibility within 12 months.
29 U.S. Code §722 (a) and (b), and 34 CFR §361.43
The Division did not follow the described federal requirements in the
following instances.
· Determine eligibility within 60 days for 5 individuals.
· Develop an individualized plan for employment for one eligible
individual.
· Amend 2 recipients’ individualized plan for employment to include
substantive changes in services.
· Provide a full consultation, written notification of his or her
ineligibility determination, or information of other available services
after one individual was determined to be ineligible.
The Department should enforce its policies and procedures to ensure that
its divisions are following all applicable federal requirements. Doing so
will help ensure the proper administration of the Temporary Assistance for
Needy Families, Child Support Enforcement, and Rehabilitation Services
– Vocational Rehabilitation Grants to States programs.
Recommendation for
compliance with federal
requirements
Debra K. Davenport Auditor
General Office of the Auditor
General 2910 North 44th Street,
Suite 410 Phoenix, Arizona
85018
Dear Ms. Davenport:
Thank you for the opportunity to respond to the management letter for
the financial statement audit of the Department and the single audit of
the State of Arizona for the fiscal year 2000-01.
It is understood that this response will be included in the
published management letter.
The Department wishes to express its appreciation to you and your
staff for the time and effort invested in these audits.
Sincerely,
Enclosure
John L. Clayton
6
DEPARTMENT OF ECONOMIC SECURITY
RESPONSE TO THE FISCAL YEAR 2000-01
MANAGEMENT LETTER
The Arizona Industries for the Blind should improve internal controls over its
accounting records and assets.
Measures implemented to strengthen controls over the Arizona Industries for the
Blind's (AIB) accounting records and assets and address deficiencies noted in the
audit finding include the following:
• Written procedures that require a member of management (the General
Manager or his designee) not responsible for preparing, approving, or modifying
the records of financial transactions to review and approve such transactions.
• The provision of training to employees in all departments on existing accounting
policies and procedures to help ensure all assets and transactions are properly
accounted for.
• Implementation of procedures that include the review of accounting information
recorded on the system and calculations, including depreciation expense, by an
employee not responsible for the original entry or calculations.
On July 1, 2001, AIB implemented an improved automated accounting system. This
system, which is a fully integrated financial reporting package, is expected to provide
improved accounting and reporting functionality.
The Division of Developmental Disabilities should properly reconcile its
fiduciary accounts.
The Department's policies require the reconciliation of all bank accounts monthly. A
review of the Division of Developmental Disabilities (DDD) fiduciary accounts indicates
that for several of the accounts identified in the audit, the financial activity recorded on
the system has been corrected and the accounts have been reconciled; however,
there are accounts that still require further corrective action.
To correct the deficiencies, DDD will assign oversight and statewide supervisory
responsibilities to a person qualified to review the accounts, train staff, ensure that
fiduciary accounts are reconciled monthly, and ensure that accurate and complete
financial information is maintained for each of its disabled clients.
The Department needs to improve its controls over fixed assets to ensure that
they are safeguarded and its listing is accurate.
The Department has stewardship responsibility for approximately 4,000 capital assets.
It is the Department's policy to follow internal control policies and procedures outlined
in the State of Arizona Accounting Manual and comply with the requirements on a
consistent basis.
DEPARTMENT OF ECONOMIC SECURITY
RESPONSE TO THE FISCAL YEAR 2000-01
MANAGEMENT LETTER
The following is the status of the corrective action taken by the Department for
the deficiencies cited in the finding as of June 1, 2002:
• The fixed assets included on the Department's listing that could not be
located have been accounted for.
• The Department is in the process of re-tagging equipment items with
missing property control tags.
• Correcting the tags of all identified assets with an incorrect property
control tag number, model number, serial number or location is currently
in process.
• Historical cost information has been recorded on the fixed assets listing
for all of the assets that were listed at an estimated value, except for one,
which will be corrected upon receipt of the cost information from the
Department's Division of Technology Services.
• The Department will improve its consistency in completing all appropriate
information on disposal forms and ensuring that the data is accurate .
The Department continues to emphasize the use of appropriate asset
management procedures by personnel responsible for control of the
Department's fixed assets and has implemented appropriate communication
policies and internal controls to properly record the acquisition of equipment and
help ensure that all equipment is properly tagged and accounted for. In addition,
the Department has incorporated improved automation support to provide more
complete and accurate fixed assets control system information.
The Department should protect its information system from damage and
equipment failure.
The Department has hired a full-time Disaster Recovery Coordinator to develop,
implement and maintain a meaningful Disaster Recovery Plan (DRP). Over the
course of the past seven months, considerable progress has been made in
developing a DRP. Disaster recovery teams have been formed with named
personnel representing the Director's Office, Division of Technology Services,
Division of Business and Finance, and Division of Employee Services and
Support. Emergency phone numbers have been obtained for all team members
and are contained within the DRP.
A risk analysis of the Department's data center was performed during the first
phase of the DRP process to identify critical applications and exposures that will
be addressed in the DRP. The DRP process includes the development of a
comprehensive inventory of all hardware and software products required for the
recovery of the data center. All vendors providing critical products and services
were mailed a DRP RFI (Request for Information) containing seven questions.
The responses establish a formal point of contact and solidify roles and
DEPARTMENT OF ECONOMIC SECURITY
RESPONSE TO THE FISCAL YEAR 2000-01
MANAGEMENT LETTER
responsibilities following a disaster. The next step involves drafting terms, conditions
and service-level agreements, where applicable.
Due to funding issues, the Department is partnering with the Arizona Department of
Administration and the Arizona Department of Public Safety to investigate the
feasibility of sharing a recovery site. In lieu of a standing recovery site, the
Department will seek a suitable facility to support recovery activities on an emergency
basis. The Department's Office of Facilities Management has documented the steps
that will be taken to locate and secure a recovery site in the event of a disaster. These
steps are contained within the DRP and will be tested during fiscal year 2003.
The Department's personnel files should contain current employee data.
The Department has over 10,600 employees who generate between 2,500 and 9500
documents each month to be filed by the Office of Personnel Management (OPM). To
help ensure payroll and payroll-related expenditures are properly supported in
compliance with payroll laws and regulations, on May 13, 2002, OPM implemented
new procedures for filing documents that include productivity requirements and quality
control checks. On March 18, 2002, OPM began an internal audit of every personnel
file to identify and correct any existing deficiencies or inaccuracies. In addition, to
identify and correct for misfiled paperwork, the OPM Processing Supervisor reviews a
minimum of ten files a week.
The Department needs to comply with federal laws and regulations.
Temporary Assistance for Needy Families (TANF)
Division of Benefits and Medical Eligibility (DBME) policies and procedures include the
referral of all single parent TANF recipients for whom paternity has not been
established or a child support order needs to be established, modified, or enforced, to
the Division of Child Support Enforcement (DCSE). Of the two singleparent TANF
recipients identified in the finding that were not referred to DCSE in accordance with
DBME's procedures, one was the result of a computer programming error, and the
other was the result of a coding error. These errors have subsequently been
corrected.
Child Support Enforcement
To help ensure that the Department is in compliance with federal regulations 45 CFR
§303.4 (d), §303.11, and §92.40 (a), the Department's existing policies and
procedures include the following:
DEPARTMENT OF ECONOMIC SECURITY
RESPONSE TO THE FISCAL YEAR 2000-01
MANAGEMENT LETTER
• The establishment of support obligations within 90 days after locating
the noncustodial parent. To help ensure compliance with these established
procedures, program monitors advise local offices of cases identified during local
office reviews that are not worked within the 90-day federal timeframes.
• A system for closing child support cases that outlines case closure time frames. To
help ensure that cases are closed within the time frames outlined in the policies,
effective November 27, 2001, Arizona Tracking and Locate Automated System
(ATLAS) enhancements were implemented that will automatically close cases
that are eligible for closure.
• Subrecipient monitoring policies and procedures that require follow-up and
corrective action on all audit findings. To help ensure compliance with these
requirements, DCSE administration forwards all subrecipient single audit report
findings to the DCSE Program Evaluation Section for corrective action measures
to be implemented, as appropriate.
Rehabilitation Services - Vocational Rehabilitation Grants to States (Vocational
Rehabilitation)
The Rehabilitation Services Administration's (RSA) policies and procedures include staff
compliance with federal casework requirements and monitoring staff performance in
complying with the requirements.
RSA is currently in the process of auditing cases Statewide and expects to complete
this process at the end of June, at which time compliance with federal casework
requirements, including case documentation and process requirements will be
reinforced. Ongoing staff training will continue to emphasize:
• The need to make eligibility determinations within the required period of time or
obtain client's consent for an extension;
• That the Individualized Plan for Employment (IPE) is a key case document for both
the consumer and the agency, and that it is imperative that this document be 1)
developed jointly with the client, 2) kept up to date throughout the life of the case,
and 3) signed (originally and for any significant changes throughout the life of the
case); and
• That the full consultation and notification of any significant decision made during the
life of the case be communicated to the client not only verbally but also in writing,
and, in particular, that the decision to determine an individual not eligible for service
requires a separate notice of right to appeal.