INVESTIGATION: RI Did Not Properly Monitor $2.6 Billion in Federal Grants
Stephen Beale, GoLocalProv News Contributor
INVESTIGATION: RI Did Not Properly Monitor $2.6 Billion in Federal Grants
The report warns that current state procedures are not sufficient to prevent money being spent after a grant has expired and do not adequately ensure that expenditures that are claimed on reports to the federal government match what is recorded on the state’s own accounting system. “We don’t think that controls over that are adequate,” said Dennis Hoyle, the state Auditor General, who has reported his findings to the House Finance Committee.
GET THE LATEST BREAKING NEWS HERE -- SIGN UP FOR GOLOCAL FREE DAILY EBLAST
In all, the report, which was released last month, identified 16 issues in how the state tracks revenues and spending, including unsecured tax files, backlogs in processing tax forms that date back to 2010, and tens of millions of dollars in financial misstatements at the state Department of Transportation. (See below for more.) In terms of money at stake, however, the federal grants represented the single largest amount of money that did not have adequate monitoring.
“The finding regarding federal grants has been repeated for a number of years—implementation of our recommendations is, in part, dependent upon obtaining additional funding to expand the functionalities of the [state] accounting system,” Hoyle wrote in an e-mail.
Inadequate accounting puts tax dollars at risk
The issues identified in the report put state agencies at risk of spending more money than may be available from a federal grant. Or they may spend money that isn’t eligible for reimbursement. The bottom line: taxpayers could be on the hook for that money, according to Hoyle.
“It appears from the Auditor General’s report that there is a notable lack of control of the state’s spending of federal funds—funds which are mostly of a dedicated nature. This is of real concern because it places the taxpayers in a fiscally perilous position. If it turns out that the money was not spent as the federal government directed, the federal government is well within its right to demand that the money be reimbursed out of state funds; i.e., the General Fund,” said Monique Chartier, spokeswoman for the RI Taxpayers group.
Then there’s Providence, which also had to repay the federal Department of Housing and Urban Development $1.9 million in “bad loans and unauthorized” expenditures by the Providence Economic Development Partnership, shifting the cost onto local taxpayers, Chartier noted.
“Will the State of Rhode Island find itself in a similar position because of inadequate control of federal dollars? With $2.6 billion of federal funding coming into the budget each year, the stakes are high for state taxpayers. Yet with the structural deficit of the state budget ballooning to $400-plus million annually in four years, there clearly is no leeway in the state budget to pick up fiscal mistakes of any size,” Chartier added.
House Minority Leader Brian Newberry, R-North Smithfield, said the audit findings show that the Rhode Island House of Representatives should be more aggressive in exercising oversight over the executive branch. “I would like to see the state legislature take a far closer, more intrusive look at state spending efficiency,” Newberry said.
Gaps in financial records amount to $10 million
A separate 297-page statewide audit earlier this spring pinpointed some of the grants where state monitoring has been inadequate.
In particular, state auditors found that the new state healthcare exchange had maintained insufficient and inconsistent records for the federal grants it had received.
“The State erroneously recorded cash disbursements equal to reported cash receipts each quarter regardless of the actual amount expended that quarter. In these instances, the State should have reported a greater amount of expenditures each quarter to the federal grantor,” the Office of the Auditor General said.
A larger gap in financial records was uncovered in the Executive Office of Health and Human Services, where state authorities told federal authorities they needed to reimburse them for $87.3 million in administrative expenses for Medicaid while state records showed administrative expenses were actually $79.8 million.
(Most of the difference, according to state auditors, was due to the fact that the expenses are not claimed on federal reports in the same quarter that they are noted in state records. However, auditors recommended that “administrative expenditures should only be recorded in Medicaid accounts when agencies have determined their eligibility for Medicaid reimbursement.”)
Those inconsistencies ultimately did not involve any “questioned costs,” but another state agency, the Department of Human Services, had to return $171,000 in economic stimulus funds after spending the money past its March 31, 2013 expiration date.
“The executive branch currently employs north of 16,000 people. Governor Chafee’s administration must redistribute staff as needed so that these funds can be properly controlled and accounted for and we don’t have to ask the logical but unthinkable question: should the State of Rhode Island even be accepting funds which it cannot properly oversee and account for?” Chartier said.
Tax, transportation records also at issue
The inadequate oversight for $2.6 billion in federal grants is just one of 17 issues identified in the May 13 audit report.
Among the report’s other findings were the following:
■ Medicaid programs: “The State does not have sufficient personnel dedicated to the consideration and documentation of internal controls, including related monitoring procedures performed to ensure the proper administration of significant program areas. Considering the size and complexity of Medicaid, documenting and considering internal controls over program operations should be given more attention by the State,” the report states.
■ Unprotected tax records: The report also found that the electronic files the state Division of Taxation maintains for tax filings are in an “open text format that allows, rather than restricts, manipulation of data prior to recording in Taxation’s mainframe systems.” In addition, the files “reside in an unprotected network folder prior to and after upload.” (State authorities have said the issue will be fixed by July 2014.)
■ DOT’s double accounting system: Auditors noted that the state Department of Transportation is using two different accountings systems—the state’s and its own—for its Intermodal Surface Transportation Fund, causing preparation of its annual financial system to be “unduly complex.”
■ DOT’s millions in financial misstatements: “We noted misstatements relating to the infrastructure balances initially reported for fiscal 2013. Certain completed projects totaling $16.8 million were still included in construction in progress and $2 million was excluded from construction in progress at June 30, 2013,” auditors wrote. “We also determined that RIDOT had not included internal payroll costs related to construction projects as infrastructure costs since fiscal year 2006. This required material adjustment to the infrastructure balance report for fiscal 2013; payroll cost for fiscal year 2013 totaling $17 million and a prior period adjust for associated payroll costs from fiscal 2006 through 2012 totaled $83 million.”
■ $3 million pension fund accounting error: In the process of transferring to a new company to handle pension fund investments, $3.1 million of investment expenses was erroneously recorded as a “new appreciation in fair value of investments,” according to auditors, who called on the pension system to “enhance its monitoring controls over the custodian’s accounting and reporting of transactions.”
UPDATE: Governor Lincoln Chafee’s office released the following response to GoLocalProv’s report today.
“It is important to note that this audit finding is only stating, in the auditor’s opinion, there is a reasonable possibility that a material misstatement will not be prevented, or detected and corrected on a timely basis. The finding is not stating that a material misstatement that has actually occurred.
Notwithstanding this clarification, the Office of Grants Management was created within the Office Management and Budget (OMB). Please see: http://www.omb.ri.gov/grants/ The Office of Grants Management is responsible for improving the oversight of and management of federal funds. Over the last year, the Office of Grants Management has instituted trainings and best practices, which have resulted in better reporting by the state agencies and increased the level of information the state has access to.
In addition to the creation of the Office of Grants Management, the OMB has developed federal grant inventories to assist with improved oversight. Finally, as noted in the Corrective Action Plan on Page 9 of the report, the OMB is currently exploring the creation of a grant database module, to leverage technology to assist with improved oversight. Finally, please see the full Corrective Action Plan on Page 9 of the report.”
Stephen Beale can be reached at [email protected]. Follow him on Twitter @bealenews
RI State Audit: See The Results
New Accounting System
Finding 2013-001: Complete implementation of a comprehensive fully-integrated Enterprise Resource Planning (ERP) system.
The Rhode Island Financial and Accounting Network System (RIFANS) was intended as a comprehensive, integrated ERP system for the State.
The audit states "while RIFANS is largely effective and reliable for the functionalities that are operational, there is substantial opportunity for further efficiencies to be accomplished through completion of RIFANS."
Specific Areas Where Control Deficiencies Exist
- Federal Grants Management and Cost Allocation
- Segregation of Duties Between Treasury and Accounting Functions
- Accounting Controls over Capital Projects
- Achieving the Efficiencies and Control Benefits of a Fully-Integrated ERP System
Recommendations
- 2013-001a Develop a strategic plan to either continue the installation of Oracle modules necessary to complete and fully realize the benefits of RIFANS as a comprehensive fully-integrated ERP system or meet those ERP system objectives through other means.
- 2013-001b Ensure that the plan developed addresses the control deficiencies identified within the current RIFANS system.
- 2013-001c Ensure that the plan specifically identifies the amount of resources (both State and/or contracted personnel) needed to either a) support a fully-integrated State ERP system
Accounting Controls
Finding 2013-002: Accounting controls over federal revenue and expenditures
The report states Rhode Island "needs to improve controls over recording federal revenue to ensure (1) amounts are consistent with the limitations of grant awards from the federal government and (2) claimed expenditures on federal reports are consistent with amounts recorded in the State’s accounting system."
Federal revenue within the governmental activities totaled $2.6 billion for fiscal 2013.
Recommendations
- 2013-002a Improve functionality with the RIFANS accounting system to facilitate federal grant administration (grants management, cash management, and cost allocation).
- 2013-002b Build statewide processes over federal grant administration within the newly formed Office of Management and Budget to supplement accounting controls within the RIFANS accounting system.
Lack of Medical Controls
Finding 2013-003: Medical Assistance Program – program oversight and monitoring
The Executive Office of Health and Human Services (EOHHS) is responsible for the administration and oversight of the State’s Medicaid program.
The report states that "The state does not have sufficient personnel dedicated to the consideration and documentation of internal controls, including related monitoring procedures performed to ensure the proper administration of significant program areas."
Significant control deficiencies caused by insufficient personnel resources
- Contracted Program Functions
- Program operations administered by other State departments and agencies
- Long-term Care Facility Audits
- Controls over Recipient and Provider Eligibility
- Surveillance Utilization Review Services (SURS)
Medicaid expenditures reached about $2.1 billion in fiscal year 2013.
Recommendations
- 2013-003a Address personnel resource deficiencies in critical program areas to ensure proper administration of and control over the Medicaid program.
- 2013-003b Consider dedicating additional personnel resources responsible for the consideration, documentation, and monitoring of significant program operations and related controls to ensure compliance with federal and program regulations.
Info Systems Security
Finding 2013-004: Comprehensive Information Systems security policies and procedures
The report states that "The State has still not ensured that all of its critical information systems are compliant with these formalized policies and procedures. Due to the number, type, and complexity of systems within state government, the task is challenging and has not been adequately staffed. Consequently, a risk-based approach should be implemented where those systems deemed most critical or most at risk are prioritized for assessment."
Recommendations
- 2013-004a Complete an initial assessment of compliance with systems security standards for the State’s mission critical systems.
- 2013-004b Consider contracting for the performance of IT security compliance reviews and accumulate and make use of available Service Organization Control reports, whenever available, to extend IT security monitoring of critical systems.
- 2013-004c Prepare a corrective action plan that prioritizes significant system security risks with the goal of achieving compliance of all significant State systems with DoIT’s formalized system security standards.
- 2013-004d Require systems security certification procedures to be performed by DoIT
Inefficient IT Systems
Finding 2013-005: Information Technology Systems - program change controls
Procedural Issues- "Strong change management controls are needed to ensure that standardized methods and procedures are used for efficient handling of all application specific changes and are a required component within formal departmental level IT policies and procedures."
Policy Directives- “programmer managers must ensure any request for application development be documented in writing, tracked, understood and approved prior to putting any new or changes to existing applications into production” and “programming teams must take care to ensure best practices regarding product quality have been utilized prior to putting any new (or changes to existing) systems into production”
Enterprise-Wide- "A proper change management process should be in place to ensure that authorized, tested and accepted changes be implemented in a timely and efficient manner. The process should be a standardized, repeatable process that documents all movement of code, changes made, testing, acceptance, and implementation and provides management with a tracking history."
Operational Issues- "DoIT should implement a standardized formal enterprise program change control process for the application systems it supports. The program change process should provide a comprehensive, standard method and process-to-process application system changes throughout the enterprise. To assist this process, DoIT should evaluate enterprise software solutions to complement their program change process. The evaluation process should determine the appropriate combination of operational, procedural and/or technical adjustments required to use the package in a manner that results in adequate and repeatable program change control across the entire enterprise."
Recommendations
- 2013-005a Reassess the use of a standard software package to determine the appropriate combination of operational, procedural and/or technical adjustments required to use the package in a manner that results in adequate program change control for the entire enterprise.
- 2013-005b Design, develop, formalize and implement procedural guidance manuals detailing specific requirements for program change control and disseminate and train DoIT support staff in its proper execution.
RIFANS Access Privileges
Finding 2013-006: Monitoring RIFANS access privileges and agency approval hierarchies
3 distinct but interrelated areas where the State can improve its monitoring of RIFANS access privileges
- RIFANS “Super Users”
- Agency Hierarchies
- RIFANS Delegated Authority
Recommendations
- 2013-006a Review activities of privileged users (system administrators) on a scheduled basis to ensure that additions, modifications, and deletions initiated by them are appropriate.
- 2013-006b Improve controls over RIFANS access by developing the reporting functionality necessary to allow for periodic monitoring of user access for instances of unauthorized changes to user access and/or noncompliance with policies relating to delegated user access.
Unprotected Tax Payments
Finding 2013-007: Department of Revenue – controls over electronic transmission of tax payments and other information
About 92% of the State's tax revenue is received electronically.
The files reside in an unprotected network folder prior to and after upload.
These electronic files should be in a file format that is secure and configured to facilitate an efficient upload to Taxation’s systems without need for manual intervention.
"Electronic data received by Taxation should be encrypted and then be uploaded to Taxation’s systems through automated processes which do not require manual intervention or present an opportunity for manipulation. If changes are required to data files, tracking of the specific changes and the individual performing the changes should be controlled and documented."
Recommendations
- 2013-007a Perform a “data classification” review consistent with DoIT policy to ensure the proper level of data protection (e.g. encryption) is in place.
- 2013-007b Secure all electronic files containing taxpayer information residing on the Division of Taxation’s network to ensure data integrity.
- 2013-007c Control all electronic files that contain taxpayer information by requiring the file format to be secure and configured to the computer system in order to allow automatic transmission without any manual intervention.
- 2013-007d Develop monitoring and reporting procedures to ensure the proper upload of data files.
State Tax Forms Backlog
Finding 2013-008: Department of Revenue – personal income tax administration
There has been a significant backlog in posting/processing W-3 reconciliation returns.
Recommendation
- 2013-008a Process W-3 reconciliation returns timely to identify any underpayment of employer withholding taxes.
The lack of a "Management Refund Report" when a taxpayer elects to apply the refund to next year’s tax liability rather than request a refund could result in an unidentified overstatement of the refund/carry-forward amount.
Recommendation
- 2013-008b Include refund carry-forward returns within the management refund review control procedures.
Tax Receipts to RIFANS
Finding 2013-009: Department of Revenue – reconciliation of taxation receipts to RIFANS
"Controls would be improved if receipts reported within the mainframe system were reconciled to RIFANS."
Recommendation
- 2013-009 Develop the reporting capability to facilitate reconciliation of receipts reported by Taxation’s systems with RIFANS.
Income Tax- Confidential
Finding 2013-010: Department of Revenue – personal income tax - confidential communication
A finding concerning the administration of the personal income tax system was communicated confidentially due to the potential impact on taxpayer compliance.
IT- Confidential
Finding 2013-011: Department of Revenue – Information Technology governance and security - confidential communication
A finding concerning the IT governance and security of the Division of Taxation’s information systems was communicated confidentially due to the potential impact on taxpayer compliance.
DOT Doubles the Trouble
Finding 2013-012: Financial Reporting – intermodal surface transportation fund – use of RI Department of Transportation FMS and RIFANS accounting systems
"Recording transactions in two accounting systems is inherently duplicative, this would be less problematic if the configuration and accounting conventions were the same."
An analysis should be performed to determine whether continued use of the two accounting systems in the current configuration is the best way to accomplish financial reporting for the IST Fund.
Recommendations
- 2013-012a Reevaluate the continued operation of two separate accounting systems to support financial reporting for the IST Fund. Establish short and long-term goals to ensure reliable information is available to support timely financial reporting.
- 2013-012b Ensure the reconciliation process includes the reconciliation of fund balance. At a minimum, modify the reconciliation report or process so the department can accurately identify any variances that exist in the two accounting systems.
IST Fund Reporting
Finding 2013-013: Intermodal Surface Transportation Fund - Financial Reporting
"Controls can be improved over the preparation of financial statements to ensure consistent and accurate reporting of fund activity in accordance with generally accepted accounting principles"
Recommendations
- 2013-013a Strengthen control procedures over financial reporting to ensure accurate identification of accounts payable, amounts due from the federal government, and classification of fund balance categories.
- 2013-013b Improve controls over the Accounts Payable journal entry process by documenting the policies and procedures for estimating and recording the pollution remediation liability at year-end and maintaining documentation supporting the liability.
- 2013-013c Improve controls over financial reporting by updating the RIFANS hierarchy to include RIDOT in all journals posted to the IST Fund and lower the dollar threshold requiring journal entries to be reviewed and approved to an amount that could not materially misstate the financial statements. Ensure RIFANS is requiring review and approval of journal entries in accordance with established hierarchies.
- 2013-013d Improve controls over operating transfers by modifying the Oracle financial statement generator to net the operating transfers between the RIFANS funds reported in the IST fund for financial statement purposes.
- 2013-013e Improve controls over financial reporting by documenting the department’s policies, procedures and controls over the Mission 360 loan program.
- 2013-013f Analyze each activity and/or funding source within the IST Fund to ensure activity is accurately recorded and to improve controls over the categorization and reporting of fund balance components. Perform the analysis periodically throughout the fiscal year.
Infrastructure Errors
Finding 2013-014: Transportation Infrastructure Reporting
"Controls should be improved over the process used to accumulate reported transportation infrastructure amounts to ensure accurate reporting of such investments."
"We noted misstatements relating to the infrastructure balances initially reported for fiscal 2013."
"We also determined that RIDOT had not included internal payroll costs related to construction projects as infrastructure costs since fiscal year 2006."
Recommendations
- 2013-014a Develop controls over the identification of project expenditures (to include construction costs, design costs, internal payroll, subtotaling of project expenditures, categorization of projects and reconciling between RIDOT FMS and RIFANS) to be recorded as infrastructure investment in the State’s financial statements.
- 2013-014b Improve controls and the methodology for determining when infrastructure assets are placed in service.
- 2013-014c Explore ways that capitalized infrastructure outlays could be accumulated through an automated systems approach rather than the inefficient and error-prone spreadsheet approach currently used.
- 2013-014d Develop and document controls, policies and procedures to ensure inclusion of internal construction payroll costs in infrastructure investment in the State’s financial statements.
- 2013-014e Evaluate and document the consideration of whether any of the State’s transportation infrastructure has been impaired consistent with the criteria outlined in generally accepted accounting principles applicable to governmental entities.
Data Integrity Issues
Finding 2013-015: Intermodal Surface Transportation – controls over key data files
"Controls should be enhanced to ensure that data integrity is maintained over key data files used to process vendor payments and to draw federal funds for the IST Fund."
"RIDOT should improve its controls and processes over the FMS and the drawdown file to ensure accuracy and completeness of data transmitted to the FMIS."
Recommendations
- 2013-015a Review the progress payment file transfer process to identify critical points where automated controls could be implemented to eliminate the need for manual intervention.
- 2013-015b Create and implement appropriate approval hierarchies. Automatically identify RIFANS/FMS payment discrepancies for review.
- 2013-015c Improve controls over the RIDOT federal billing process to include transferring files without modification.
- 2013-015d Modify the Financial Management System to allow for multiple funding source award numbers (FSAN) to be linked to one Federal Aid Project.
Employment Security Fund
Finding 2013-016: Employment Security Fund - program change control process within the Department of Labor and Training
There is no automated control system that can be queried to report pertinent information regarding changes made to the various DLT applications.
"An automated system could improve controls over the change management process by providing:
• Change request initiation, documentation, authorization, and acceptance status;
• Tracking of change request status and authorizations;
• Approvals required for change package;
• Program check-in/check-out information;
• Release management information;
• Program documentation;
• Program change history;
• Audit trails/standard audit reports;
• Emergency change process; and
• Review and acceptance of test results."
"DLT’s lack of an automated system to control, track, and report on all application program changes made by the DLT programming staff is a control weakness in financial reporting for the Employment Security Fund."
Recommendation
- 2013-016 Implement an automated program change management process over DLT computer applications. Coordinate with DoIT to implement the approved and supported State Enterprise Change Management solution.
Investment Accounting
Finding 2013-017: Employees’ Retirement System - investment accounting
The Employees’ Retirement System’s (System’s) investments are held by an independent custodian who also maintains all the accounting records related to those investments including the reporting of investment income and expenses.
"We observed that the review and reconciliation of such information to the custodian’s records could be improved with the goal, among others, of providing enhanced documentation for financial reporting purposes."
Recommendations
- 2013-017a Enhance the understanding and monitoring of the accounting and reporting activities performed by the System’s investment custodian.
- 2013-017b Enhance controls over financial reporting by better integrating responsibility for the investment cycle with all other System activities.
