Office of the Inspector General
Larry G. Massanari
Acting Commissioner of Social Security

Inspector General

Summary of Fiscal Year 2000 Single Audit Oversight Activities (A-07-00-10032)

The attached final report presents the results of our review. Our objective was to summarize areas of internal control weaknesses at State Disability Determination Services reported in State single audits and identified during Fiscal Year 2000 single audit oversight activities.

Please comment within 60 days from the date of this memorandum on corrective action taken or planned on each recommendation. If you wish to discuss the final report, please call me or have your staff contact Steven L. Schaeffer, Assistant Inspector General for Audit, at (410) 965-9700.

James G. Huse, Jr.

OFFICE OF

THE INSPECTOR GENERAL

SOCIAL SECURITY ADMINISTRATION

SUMMARY OF FISCAL

YEAR 2000 SINGLE AUDIT

OVERSIGHT ACTIVITIES

September 2001

A-07-00-10032

MANAGEMENT ADVISORY REPORT

Mission

We improve SSA programs and operations and protect them against fraud, waste, and abuse by conducting independent and objective audits, evaluations, and investigations. We provide timely, useful, and reliable information and advice to Administration officials, the Congress, and the public.

Authority

The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:

Conduct and supervise independent and objective audits and investigations relating to agency programs and operations.

Promote economy, effectiveness, and efficiency within the agency.

Prevent and detect fraud, waste, and abuse in agency programs and operations.

Review and make recommendations regarding existing and proposed legislation and regulations relating to agency programs and operations.

Keep the agency head and the Congress fully and currently informed of problems in agency programs and operations.

To ensure objectivity, the IG Act empowers the IG with:

Independence to determine what reviews to perform.

Access to all information necessary for the reviews.

Authority to publish findings and recommendations based on the reviews.

Vision

By conducting independent and objective audits, investigations, and evaluations, we are agents of positive change striving for continuous improvement in the Social Security Administration's programs, operations, and management and in our own office.

Executive Summary

OBJECTIVE

Our objective was to summarize areas of internal control weaknesses at State Disability Determination Services (DDS) reported in State single audits and identified during Fiscal Year 2000 single audit oversight activities.

BACKGROUND

On July 5, 1996, the President signed the Single Audit Act Amendments of 1996, Public Law No. 104-156. The Amendments extended the statutory audit requirement to non-profit organizations and revised various provisions of the 1984 Single Audit Act including raising the Federal financial assistance dollar threshold for requiring an audit from $100,000 to $300,000. On June 30, 1997, Office of Management and Budget issued revised Circular A-133, "Audits of States, Local Governments, and Non-Profit Organizations" to implement the 1996 amendments. The revised Circular A-133 was effective July 1, 1996, and applies to audits of fiscal years beginning after June 30, 1996. This circular requires nonfederal entities that expend $300,000 or more per year in Federal awards to have a single or program-specific audit conducted for that year.

The Social Security Administration (SSA) is responsible for the policies on developing disability claims under the Disability Insurance (DI) and the Supplemental Security Income (SSI) programs. In accordance with Federal regulations, the DDS in each State performs disability determinations under the DI and SSI programs. The DDS determines claimants’ disabilities and ensures that adequate evidence is available to support its determinations. SSA reimburses the DDS for 100 percent of allowable expenditures. There are 54 DDSs located in the 50 States, the District of Columbia, Puerto Rico, Guam, and the Virgin Islands. All DDSs are subject to single audit coverage except the federally administered Virgin Islands DDS.

RESULTS OF REVIEW

We reviewed 53 single audits and compiled and categorized the findings as direct and crosscutting. The 53 single audits covered State fiscal year (SFY) operations (2 SFY 1996 single audits, 1 SFY 1997 single audit and 50 SFY 1998 single audits) at 51 DDSs. Direct findings are findings specifically identified to the DDS. Crosscutting findings are not specifically identified to the DDS, however, they could have an affect on the DDS. Our review disclosed common findings in the following categories: cash management, procurement, equipment and real property management, reporting, and allowable costs. The findings relate to DDS’ noncompliance with Federal requirements because of weaknesses in internal controls. Thirteen of the 53 single audits reported direct findings and 42 reported crosscutting findings (see Appendix A).

SSA’s Office of the Inspector General (OIG) conducts audits of DDS administrative costs. Recent OIG audits of the District of Columbia and Oregon DDSs also disclosed findings in the cash management and allowable cost areas. These findings relate to DDS’ noncompliance with Federal requirements because of weaknesses in internal controls. Appendix D summarizes the OIG’s findings.

In our opinion, comparison of the District of Columbia and Oregon DDS findings in the single audits and the OIG audits for the same reporting period disclosed significant differences. The OIG reported findings on unsupported costs, unallowable costs, expenditures charged to the wrong year, and excessive cash draws. The single audits, however, did not report all of these findings. This comparison is presented in our report for informational purposes only. We will report our comparison to the Federal agency responsible for the District of Columbia and Oregon single audits in a separate management letter for any action it deems appropriate.

OREGON AND DISTRICT OF COLUMBIA SINGLE AUDIT QUESTIONED COSTS

OIG ADMINISTRATIVE AUDIT QUESTIONED COSTS

$0

$111,088


CONCLUSIONS AND RECOMMENDATIONS

We believe that SSA should be proactive in providing internal control guidance to the DDSs. To do so, SSA should provide the following instructions to DDSs.

AGENCY COMMENTS

In response to our draft report, SSA agreed with all of our recommendations. See Appendix E for the full text of SSA's comments to our draft report.

Table of Contents

Page

INTRODUCTION 1

RESULTS OF REVIEW 5

Cash Management 5

Procurement 7

Equipment and Real Property Management 8

Reporting 9

Allowable Costs 10

Comparison of Single Audit and OIG Findings 12

CONCLUSIONS AND RECOMMENDATIONS 13

APPENDICES

APPENDIX A – Summary of Single Audits Reviewed During FY 2000

APPENDIX B – Direct Findings Reported in 13 Single Audits

APPENDIX C – Crosscutting Findings Reported in 42 Single Audits

APPENDIX D – Findings Identified by the OIG During the Same Time Frame as the Single Audits Reviewed

APPENDIX E – Agency Comments

APPENDIX F – OIG Contacts and Staff Acknowledgments

Acronyms
AIS Automated Information Systems
CFDA Catalog of Federal Domestic Assistance
CMIA Cash Management Improvement Act
DDS Disability Determination Services
DI Disability Insurance
FY Fiscal Year
OIG Office of the Inspector General
OMB Office of Management and Budget
OSRAP Office of Statewide Reporting and Accounting Policy
POMS Program Operations Manual System
SFY State Fiscal Year
SSA Social Security Administration
SSI Supplemental Security Income

Introduction

OBJECTIVE

Our objective was to summarize areas of internal control weaknesses at State Disability Determination Services (DDS) reported in State single audits and identified during Fiscal Year 2000 Single Audit oversight activities. To accomplish our objective we reviewed 53 single audits, covering 51 DDSs and compiled and categorized findings that were identified as directly affecting DDS operations and crosscutting findings that potentially affect DDS operations. Thirteen of the 53 single audits reported direct findings and 42 reported crosscutting findings. Appendix A lists the 53 single audits reviewed and identifies those with direct and/or crosscutting findings.

BACKGROUND

Single Audit Act

On July 5, 1996, the President signed the Single Audit Act Amendments of 1996, Public Law No. 104-156. The Amendments extended the statutory audit requirement to non-profit organizations and revised various provisions of the 1984 Single Audit Act—including raising the Federal financial assistance dollar threshold for requiring an audit from $100,000 to $300,000. On June 30, 1997, the Office of Management and Budget (OMB) issued revised Circular A-133, "Audits of States, Local Governments, and Non-Profit Organizations" to implement the 1996 amendments. The revised Circular A-133 was effective July 1,1996, and applies to audits of fiscal years (FY) beginning after June 30, 1996. This circular requires nonfederal entities that expend $300,000 or more per year in Federal awards to have a single or program-specific audit conducted for that year.

State DDSs

The Disability Insurance (DI) program was established in 1954 under title II of the Social Security Act to provide benefits to disabled wage earners and their families. In 1972, Congress enacted the Supplemental Security Income (SSI) program. The SSI program provides income and disability coverage to financially needy individuals who are aged, blind or disabled.

The Social Security Administration (SSA) is responsible for the policies on developing disability claims under the DI and SSI programs. According to Federal regulations, disability determinations under the DI and SSI programs are performed by the DDS in each State. The DDS determines claimants’ disabilities and ensures that adequate evidence is available to support its determinations. SSA reimburses the DDS for 100 percent of allowable expenditures. There are 54 DDSs located in the 50 States, the District of Columbia, Puerto Rico, Guam, and the Virgin Islands.

Each DDS is managed by a State parent agency, which also administers other State and Federal programs. There are also other agencies within the State that administer various aspects of Federal programs, such as cash draws and electronic data processing.

Direct and Crosscutting Findings

In conducting single audits, the auditor uses a risk-based approach to determine what Federal programs will receive audit coverage. The single audit also includes an audit of the State’s financial statements. These two parts of the single audit may result in the identification of direct or crosscutting findings.

Direct findings are specifically identified to the Federal programs they affect. The direct SSA findings are identified in single audits by Catalog of Federal Domestic Assistance number 96. The single audits also report findings that impact more than one Federal program, referred to as crosscutting. However, crosscutting findings may not be identified to any one Federal program or may not be identified to all Federal programs they affect. In addition, due to the limited scope of the single audit, the auditor may identify findings for a Federal program that also affect other Federal programs but the audit did not consider whether the weakness existed for the SSA funded programs. While crosscutting findings are not specifically identified to SSA, they could have an impact on DDS operations.

SCOPE AND METHODOLOGY

From October 1999 to May 2001, we reviewed 53 single audits, the related recommendations, and auditee responses. Thirteen of the 53 single audits reported direct findings related to DDSs. These findings, questioned costs, and related recommendations were previously reported on a state-by-state basis to SSA’s Management Analysis and Audit Program Support Staff for audit resolution. In addition, 42 of the 53 single audits reported crosscutting findings that could possibly affect DDS operations. To identify crosscutting findings we reviewed all findings reported for the State agency that managed the DDS and State agencies that performed functions for the DDS.

We also reviewed the:

A-128, revised OMB Circular A-133, and the OMB Circular A-133 Compliance Supplement (June 1998 revision).

The Compliance Supplement identifies 14 types of compliance requirements that auditors should consider in performing single audits. Our review of the 53 single audits identified direct and crosscutting findings in 5 categories: cash management, procurement, equipment and real property management, reporting, and allowable costs. This report presents the findings by the related Compliance Supplement category.

Results of Review

Our analysis of the findings in 53 single audit reports disclosed similar internal control weaknesses in the categories of cash management; procurement; equipment and real property management; reporting; and allowable costs. The findings relate to DDS’ noncompliance with Federal requirements because of weaknesses in internal controls. Appendix B summarizes the 13 single audits with direct findings by DDS. Appendix C summarizes the 42 single audits with crosscutting findings by DDS.

The SSA, OIG audits at the District of Columbia and Oregon DDSs disclosed findings in the cash management and allowable cost categories. These findings also relate to DDS’ noncompliance with Federal requirements because of weaknesses in internal controls. Appendix D summarizes the OIG audit findings.

In our opinion, comparison of the District of Columbia and Oregon DDS findings in the single audits and the OIG audits for the same reporting period disclosed significant differences. The OIG reported findings on unsupported costs, unallowable costs, expenditures charged to the wrong year, and excessive cash draws. The single audits, however, did not report all of these findings. This comparison is presented for informational purposes only. We will report our comparison to the Federal agency responsible for the District of Columbia and Oregon single audits in a separate management letter for any action it deems appropriate.

CASH MANAGEMENT

The Congress enacted the CMIA of 1990, Public Law No. 101-453, to ensure efficiency, effectiveness, and equity in transferring funds between the States and Federal government. The law requires the Federal government to enter into an agreement with States covering applicable Federal programs and to establish procedures and requirements for transferring Federal funds.

The CMIA requires the States to minimize the time elapsing between the receipt and disbursement of Federal funds and allows the Federal government to charge interest when a State receives Federal funds in advance of disbursements. The CMIA also allows the State to charge interest when it incurs costs for Federal programs before Federal funds are made available. The State calculates Federal and State interest liabilities for each applicable program and reports liabilities to the Federal government on the Annual Report to the United States Department of the Treasury.

The lack of cash management controls creates problems in States’ identifying and assessing allowable cash needs. Without proper internal controls, DDSs may draw cash in excess of allowable expenditures. Premature cash draws also cause the Federal government to lose interest on the funds.

Nine single audits reported direct findings related to States not adhering to the CMIA agreement:

Similar cash management crosscutting findings were identified in 20 single audits (see Appendix C).

PROCUREMENT

Debarment and Suspension

The DDS is prohibited from contracting with or making subawards to parties who are suspended or debarred. The transactions include procurement contracts for goods or services equal to or in excess of $100,000. The DDS may rely upon the certification from the party unless it knows that the certification is erroneous. Procedures should be established and in place for the effective use of the List of Parties Excluded From Federal Procurement or Nonprocurement Programs to assure that they do not award assistance to listed parties in violation of Executive Order 12549. Failure to obtain debarment and suspension certificates creates the possibility of contracting with excluded parties.

The New York single audit disclosed that the State did not have procedures to identify and exclude from its procurement process those subcontractors and subrecipients barred from participation in Federal programs.

Similar crosscutting findings were identified in 12 single audits (see Appendix C).

Other Contracting Requirements

DDS Management should ensure that procurement instructions are in accordance with POMS instructions, which require contracts to be obtained through a competitive bidding process. Once the contract is awarded, a written agreement should be obtained that: (1) defines a sound and complete procurement contract; (2) identifies the parties covered in the contract; and (3) specifies the work to be performed. Without the proper implementation of procurement instructions, issues of acceptable practice, conflicts-of-interest, and standards of ethical and moral behavior could be questioned.

Eight single audits identified crosscutting findings in the following areas of procurement:

EQUIPMENT AND REAL PROPERTY MANAGEMENT

Computer Controls

DDSs operate computer systems critical to the administration of SSA’s disability programs. These systems issue payments for administrative expenses and contain confidential claimant information including Social Security numbers. SSA requires DDSs to develop, distribute, and implement a formal computer security policy addressing the confidentiality of sensitive information, data integrity, and authorized access to information. A DDS’ computer security policy should identify computer access controls to ensure only authorized users access the system. Access controls include the use of personal identification numbers to identify users, passwords to authenticate the user’s identity, and profiles to specify the functions users can perform.

SSA’s Systems Security Handbook, dated December 1998, instructs DDSs to make every reasonable effort to avoid disruption of critical applications processed by automated data files and automated information systems (AIS) facilities. Furthermore, a DDS must also minimize, and be prepared to recover, from any disruption that occurs. Contingency plans should be documented as a part of a DDS’ overall AIS security program.

Access controls and contingency planning are essential to the administration of the disability program. Without proper access controls the DDS is open to security risks. Accidental or intentional modifications to confidential and sensitive information can adversely affect the quality of services and lead to unauthorized and inaccurate disbursements. The lack of a contingency plan could cause a disruption of DDS claims processing and result in poor service to disability claimants.

Three single audits disclosed direct findings related to weaknesses in computer controls.

Similar crosscutting computer systems and applications findings were identified in 19 single audits (see Appendix C).

Property Controls

The DDSs are responsible for the maintenance, tagging, and inventory of all property acquired with SSA funds. Inventory records must include: (1) a description; (2) source of funds used in the purchase; (3) cost; (4) inventory number; (5) date purchased; and (6) physical location. The lack of proper controls over inventory could result in misappropriation or improper disposition of property acquired with Federal funds.

Eleven single audits identified crosscutting findings related to weaknesses in equipment inventory.

REPORTING

Inaccurate Financial Reports

At the end of each quarter, each DDS is required to submit to SSA a Form SSA-4513 (Report of Obligations) and Form SSA-4514 (Time Report of Personal Services). The Report of Obligations shows DDS disbursements, unliquidated obligations, and cumulative obligations for the following categories: personal services, medical costs, indirect costs, all other nonpersonnel costs. The Time Report of Personal Services shows the regular and overtime hours worked by DDS personnel on SSA disability determinations.

The inaccuracies on the Reports of Obligations indicate an internal control weakness in the DDS’ preparation, review, and approval of these reports prior to submitting them to Federal officials. Without the proper mechanisms in place to identify risks of faulty reporting caused by such items as lack of knowledge, inconsistent application, carelessness or disregard for standards, reliable processing of Federal awards would not be performed.

Similar crosscutting reporting findings were identified in 21 single audits. These findings also concluded that various Federal reports were not being reconciled to the accounting records, supervisory reviews were not being conducted, and reports were not being properly authorized (see Appendix C).

Untimely Financial Reports

The DDSs are instructed to simultaneously submit the Report of Obligations and the Time Report of Personal Services to SSA by the 30th day after the close of each quarter. Without accurate and timely reporting, DDS obligations and expenditures cannot be traced and accounted for each FY. Late submission of these reports indicate an internal control weakness in the DDS’ procedures for timely reporting of information to SSA.

In addition, similar crosscutting findings were identified in four single audits in the area of untimely reporting (see Appendix C).

ALLOWABLE COSTS

Allowable costs must be reasonable and necessary for the performance and administration of Federal awards, as stated in OMB Circular A-87. A cost is allocable to a program or department if the goods or services involved are charged or assigned in accordance with benefits received. A cost may not be assigned to a Federal award as a direct cost if any other cost incurred for the same purpose was allocated to the Federal award as an indirect cost. In order to recover indirect costs, the organization must prepare cost allocation plans, which apply to States or indirect cost rate proposals in accordance with the guidelines provided in OMB’s circulars. Costs must be net of all applicable credits that result from transactions that reduce or offset direct or indirect costs.

Internal control directives require that nonfederal entities receiving Federal awards establish and maintain internal controls designed to reasonably ensure compliance with Federal laws, regulations and program compliance requirements. Transactions should be properly recorded, accounted for, and executed in compliance with applicable laws and regulations. The DDS is required to maintain supporting documentation listing allowable and unallowable expenditures and adjustments for unallowable costs recorded. Also, funds, property, and other assets should be safeguarded against loss from unauthorized use or disposition.

The absence of controls over goods and services charged to Federal awards allows the risk for misappropriation or misuse of funds. In addition, unallowable activities or costs could be charged to a Federal program and not be detected if proper internal controls are not in place to ensure that costs benefit the program and are properly authorized and documented.

Two single audits reported direct findings related to inadequate internal controls over allowable costs:

Crosscutting weaknesses related to allowable costs were disclosed in 32 single audits. The findings were in the following areas:

COMPARISON OF SINGLE AUDIT AND OIG FINDINGS

OIG conducts audits of claims by DDSs for administrative costs based on the frequency of prior audits as well as annual referrals by SSA’s Office of Disability. Starting in FY 2002 OIG plans to provide increased audit coverage by using a cyclical audit plan that will provide for a more timely and effective review of administrative costs. The schedule will be based on the following factors: (1) past administrative audits, (2) dollars at risk, and (3) any potential modifications made as a result of suggestions made by SSA.

Annual Administrative Cost Incurred by DDS

Audit Frequency

Over $50 million

Every 3 years

$20 to $50 million

5 to 7 years

Under $20 million

7 to 10 years


The objectives of the audits are to determine whether: (1) expenditures and obligations are properly authorized and disbursed; (2) Federal funds drawn agree with total expenditures; and (3) internal controls over the accounting and reporting of administrative costs are adequate.

We performed two administrative cost audits—District of Columbia and Oregon DDSs—covering the same SFY operations as the single audits we reviewed. Our comparison of the direct single audit findings and OIG findings disclosed notable differences. The findings reported by OIG but not in the single audits are discussed below.

District of Columbia DDS

The OIG administrative cost audit at the District of Columbia’s DDS covered the period October 1994 through September 1997. The audit identified (1) unsupported costs; (2) costs claimed for non-DDS work; and (3) internal control weaknesses over medical evidence of record purchases (See Appendix D). The single audit did not disclose these findings.

Oregon DDS

The OIG administrative cost audit at the Oregon DDS covered the period October 1995 through September 1998. The Oregon DDS had (1) incorrect FY rental payments; and (2) drawdowns that exceeded disbursements (See Appendix D). The single audit did not report any direct findings for the Oregon DDS.

Conclusions and Recommendations

SSA should be proactive in providing internal control guidance to DDSs. To do so, SSA should provide the following instructions to the DDSs.
  1. Adhere to the terms of the CMIA agreement.
  2. Implement procurement procedures to prevent the awarding of contracts and subawards to debarred or suspended parties.
  3. Follow established procurement instructions.
  4. Implement controls to prevent unauthorized computer access.
  5. Develop a formal contingency plan to prevent disruption of services in the event of a disaster.
  6. Maintain complete and accurate equipment inventory records and perform periodic physical inventories.
  7. Implement effective procedures for preparing, reviewing, approving, and timely reporting of information on the Report of Obligations and the Time Report of Personal Services.
  8. Ensure that costs charged to SSA benefit its programs and are properly authorized and documented.
    9.

AGENCY COMMENTS

In response to our draft report, SSA agreed with all of our recommendations. See Appendix E for the full text of SSA's comments to our report.

Appendices

Appendix A

Summary of Single Audits Reviewed During Fiscal Year (FY) 2000

 

State

State

Fiscal Year (SFY)

Direct Findings

Crosscutting Findings

Cash Management

Procurement

Equipment/Real Property Management

Reporting

Allowable Costs

Cash Management

Procurement3

Equipment/Real Property Management4

Reporting5

Allowable Costs

Alabama

1998

X

X

X

X

X

Alaska

1998

X

X

Arizona

1998

X

X

X

X

X

Arkansas

1998

California

1998

X

X

Colorado

1998

X

Connecticut

1998

X

X

X

Delaware

1998

X

X

X

District of Columbia

1997

X

X

X

X

X

X

District of Columbia

1998

X

X

X

X

X

X

X

Florida

1998

X

X

X

X

Georgia

1998

X

X

X

Guam

1998

X

X

X

X

X

Hawaii

1998

X

X

X

Idaho

1998

X

Indiana

1998

Iowa

1998

X

X

X

X

X

Kansas7

1998

Kentucky

1998

X

X

X

Louisiana

1998

X

X

X

X

Maine

1998

X

X

X

X

Maryland7

1998

Massachusetts

1998

X

X

X

Michigan

1997/1998

X

X

Michigan

1995/1996

X

X

X

Minnesota

1998

X

X

X

Mississippi

1998

X

X

Missouri

1998

X

Nebraska

1998

X

X

X

X

Nevada

1998

X

New Hampshire7

1998

New Jersey7

1998

New Mexico6

1998

New York

1998

X

X

X

X

North Carolina

1998

X

X

X

X

X

North Dakota

1997/1998

X

X

X

Ohio

1998

X

X

Oklahoma7

1998

Oregon

1998

X

X

Pennsylvania

1998

X

X

X

X

X

X

X

Puerto Rico

1996

X

X

X

X

Rhode Island

1998

X

X

X

X

X

South Carolina

1998

X

X

South Dakota7

1998

Tennessee

1998

X

X

Texas

1998

X

Utah

1998

X

X

X

Vermont

1998

X

X

Virginia

1998

X

Washington

1998

X

West Virginia

1998

X

X

Wisconsin

1998

X

X

X

X

Wyoming7

1998

Note: See page A-1 for explanation of footnotes 1 through 7.

Appendix B

Direct Findings Reported in 13 Single Audits

STATE

DIRECT FINDINGS

QUESTIONED COSTS

Alabama

  1. The parent agency for the Alabama Disability Determination Services (DDS), the Department of Education, did not draw funds in accordance with the Cash Management Improvement Act (CMIA) agreement, which caused an increase in the State’s interest liability in an amount not readily determinable. This finding was also included in the State’s single audit for the prior year.
  2. The Department did not develop and implement a formal contingency plan to be followed in the event of a disaster that could adversely affect the operations of its data processing center.

$0

 

 

 

 

 

 

0

 

Arizona

  1. The parent agency for the Arizona DDS, the Department of Economic Security, provided the State’s General Accounting Office with incomplete documentation on the Federal award draws subject to the CMIA. This resulted in incorrect calculations of the State’s CMIA interest liability in an amount undetermined by the auditor.

0

 

 

 

 

District of Columbia 1997

  1. Cash draws made on behalf of the District of Columbia DDS were posted to incorrect revenue source codes, which are used to identify Federal programs and to record the amount of cash draws for each Federal grant. This could result in DDS draws of excess Federal funds.

0

 

 

 

District of Columbia 1998

  1. Cash draws made on behalf of the District of Columbia DDS were posted to incorrect revenue source codes, which are used to identify Federal programs and to record the amount of cash draws for each Federal grant. This could result in DDS draws of excess Federal funds. This finding was also reported in the prior year’s single audit.
  2. Federal financial reports were not submitted timely. The single audit report did not specifically identify the Federal reports submitted late.

0

 

 

 

 

 

0

 

Delaware

  1. Cash draws made by the Delaware DDS’ parent agency, Department of Labor, were not in accordance with the terms of its CMIA agreement, which requires administrative costs to be drawn based on an average clearance method.

0

 

 

Iowa

  1. The State of Iowa did not have adequate controls over the administration of the CMIA agreement. The Iowa Department of Revenue and Finance has not developed written procedures and the beginning balances, account numbers, and payroll information was not verified.

$0

 

 

 

Louisiana

  1. The Louisiana Office of Statewide Reporting and Accounting Policy (OSRAP) used inaccurate clearance pattern information to request cash draws. After receipt of the clearance patterns OSRAP does no further investigation to assure that the check clearance patterns are representative of normal and actual clearance patterns.

0

 

 

 

 

Michigan 1995/1996

  1. The Michigan DDS’ program expenditures on the Report of Obligations (Form SSA-4513) were $1.8 million more than the amounts reported in the State’s accounting system for the 2-year period ending September 30, 1996. The parent agency for the DDS, the Family Independence Agency, attributed the difference to indirect cost expenditures not being included on the Report of Obligations.
  2. Program expenditures on the Schedule of Federal Financial Assistance were $2.2 million greater than, and $1.9 million less than, amounts reported in the State’s accounting system for Fiscal Years (FY) 1995 and 1996, respectively.

1,800,000

 

 

 

 

 

 

0

 

 

Minnesota

  1. Security administration procedures at the Minnesota DDS’ parent agency, the Department of Economic Security, were not sufficient.
  2. Employees were granted inappropriate access to mainframe data.
  3. A comprehensive disaster recovery plan to be followed in the event of a disaster that adversely affects the data processing operations was not developed.

All three of these findings were reported in the prior year’s single audit.

0

 

 

0

 

0

 

 

 

 

Mississippi

  1. Personnel costs of Mississippi DDS’ employees who performed non-Social Security Administration (SSA) work were inappropriately charged to SSA. The State auditor did not determine the amount of unallowable charges. Our discussions with the Auditor further disclosed that the DDS’ parent agency, the Department of Rehabilitation Services, did not have a system in place to account for the time DDS employees spent on non-SSA work. As such, the State was not in compliance with the terms of the Memorandum of Understanding that allows the DDS to process non-SSA work.

0

 

 

 

 

 

 

 

 

New York

  1. The New York DDS’ parent agency, the Office of Temporary and Disability Assistance, did not have procedures to identify and exclude from its procurement process those subcontractors and subrecipients barred from participation in Federal programs.
  2. Claims were not properly reviewed to determine whether the costs were allowable. This finding was also included in the State’s single audit for the prior year.

  3. Voucher reviews of training contractor costs were not performed. This finding was also included in the State’s single audit for the prior year.
  4. Office of Management and Budget Circular A-87 standards for cost allocation methodologies were not followed.
  5. Employee timesheets contained coding errors, resulting in payroll costs being allocated improperly. In addition, reviews of employee time sheets were not performed. This finding was also included in the State’s single audit for the prior year.
  6. Vouchers supporting non-personal service and training costs were not properly maintained.

$0

 

 

 

 

0

 

 

0

 

 

0

 

0

 

 

 

0

Pennsylvania

  1. Federal funds drawn for employee payroll tax and benefit costs were held for extended periods of time resulting in material noncompliance with cash management standards and an undetermined amount of interest liability due to the Federal government. This finding was also included in the State’s single audit for the prior year.
  2. The DDS did not have adequate general controls over its computer system in the areas of logical access and contingency planning. This finding was also included in the State’s single audit for the prior year.

0

 

 

 

 

 

0

 

 

 

Texas

  1. When SSA implemented a new system to request DDS funds, the Texas Rehabilitation Commission did not recalculate the number of days from the date funds were received to the date the funds were disbursed. This change increased the interest liability to the Federal government by $10,307.

0

 

 

 

 

 

Total Questioned Costs

$1,800,000


Appendix C
Crosscutting Findings Reported

in 42 Single Audits

STATE

CROSSCUTTING FINDINGS

QUESTIONED COSTS

Alabama

  1. There was no formal written contingency plan that includes policies and procedures to be followed in the event of a disaster.
  2. Controls did not exist to include depreciation expense of the equipment used to provide goods and services.
  3. The method of allocation for purchases did not comply with the policies and procedures of the State Bid Law for costs incurred.
  4. Costs incurred with Federal funds were not allocable to a particular cost objective in accordance with the benefits received.

$0

 

 

0

 

0

 

0

 

Alaska

  1. Administrative costs were not within cost limitations and were not accurately reported on Federal financial reports.
  2. Distribution of personal service costs to Federal programs did not comply with Federal requirements. Periodic certifications stating that an employee worked solely on a program were not maintained.

0

 

0

 

 

Arizona

  1. Drawdowns of Federal funds were not properly recorded and were not supported by grant expenditures.
  2. Federal drawdown requests were based on estimated expenditures for the month and records were not maintained to monitor the timing of the draws against the program’s actual expenditures.
  3. Purchases were made without obtaining competitive bids, bids were not properly evaluated, price quotes were not obtained, and various other procurement procedure weaknesses were identified.
  4. There was no formal contingency plan implemented to be used in the case of a disaster.
  5. The amount of disbursements was overstated on the Federal Cash Transactions Report.

0

 

0

 

 

 

0

 

 

 

0

 

0

California

  1. Instructions to agencies regarding Cash Management Improvement Act (CMIA) transactions were inconsistent with the default procedures, and the interest liability due to the Federal government was inaccurate.
  2. Limitations in the automated accounting systems did not allow for the State to report expenditures by program on the Schedule of Expenditures of Federal Awards.
  3. Quarterly financial status reports were not reconciled to accounting records.

$0

 

 

0

 

 

0

Colorado

  1. The method of performing cash draws did not link specific disbursements to cash draws and cash receipts.

0

Connecticut

  1. Transfer invoices, which were for reimbursement of expenditures from one agency to another, were coded as transfer of grants between State agencies and therefore not included in the agency's Cost Allocation Plan.
  2. Contractors receiving individual awards of $100,000 or more were not required to certify that the organization and its principals were not suspended or debarred.
  3. The quarterly expenditure report was inaccurate.
  4. Amounts reported on monthly reports were misstated.
  5. Two employees whose salaries were charged 100 percent to a Federal program did not devote time to the program and one employee whose salary was charged 50 percent to a Federal program did not direct efforts towards the programs.
  6. Expenditures were not supported by documentation or documentation did not support dates of service.

0

 

 

 

0

 

 

 

0

0

0

 

 

 

0

Delaware

  1. The Department did not obtain the required certification of debarment and suspension for vendors receiving awards of $100,000.
  2. Drawdowns of excess funds resulted in a positive balance for more than 3 days.
  3. Account reconciliations were not performed.
  4. The report used to track account balances contained erroneous data.
  5. Several Federal programs had interest liability calculated on inaccurate account balances.

0

 

 

0

 

0

0

 

0

Note: See page C-1 for footnote explanation.

District of Columbia

1997

  1. There was untimely submission of invoices by vendors and program managers resulting in previous year’s goods and services being paid for and charged to the subsequent year's grant awards.
  2. Charges recorded on the agency's expenditure report were different from those shown on the actual vouchers.
  3. Costs charged to the program could not be substantiated in order to receive reimbursement because adequate supporting documentation and invoices could not be provided.
  4. Federal awards received showed that information, such as the Catalog of Federal Domestic Assistance (CFDA) numbers, grant award numbers, and/or amounts, was either missing or incorrectly stated.
  5. The Financial Management System was not programmed to capture actual disbursements made by the program in order to correspond to the expenditures charged.
  6. The interest liability was not calculated timely and cash draws were not performed timely.
  7. The Department did not maintain adequate controls over bank accounts by performing a review of bank account reconciliations.
  8. Inaccurate financial status reports were filed.
  9. Required documentation for subrecipient and vendor contract files was missing.
  10. Charges were incurred for goods and services received prior to the issuance of purchase orders authorizing the expenditures.
  11. There were no mechanisms in place for physical inventory tracking and the agency was unable to identify the source of funds used to acquire assets that were disposed during the fiscal year.

$0

 

 

0

 

92,099

 

 

0

 

 

0

 

 

0

 

 

0

 

 

0

0

 

0

 

 

0

 

Note: See page C-1 for footnote explanation.

District of Columbia

1998

  1. Contract numbers on vouchers were inconsistent and may result in processing errors and inefficiencies in monitoring contracting activity.
  2. Invoices were not stamped showing that they were paid in order to prevent duplicate payments.
  3. Inaccurate financial status reports were filed.
  4. Required documentation for subrecipient and vendor contract files was missing.
  5. There are no mechanisms in place for physical inventory tracking and the agency was unable to identify the source of funds used to acquire assets that were disposed during the fiscal year.
  6. The interest was not calculated timely and cash draws were not performed timely.
  7. The Financial Management System was not programmed to capture actual disbursements made by the program in order to correspond to the expenditures charged.
  8. Charges were incurred for goods and services received prior to the issuance of purchase orders authorizing the expenditures.
  9. There was untimely submission of invoices by vendors and program managers resulting in previous year’s goods and services being paid for and charged to the subsequent year's grant awards.
  10. Charges recorded on the agency's expenditure report were different from those shown on the actual vouchers.
  11. Costs charged to the program could not be substantiated in order to receive reimbursement because adequate supporting documentation and invoices could not be provided.
  12. Federal awards received showed that information such as the CFDA numbers, grant award numbers, and/or amounts was either missing or incorrectly stated.

$0

 

 

0

 

0

0

 

0

 

 

 

0

 

 

0

 

 

0

 

 

0

 

 

0

 

 

446,937

 

 

0

 

Note: See page C-1 for footnote explanation.

Florida

  1. Expenditures were inappropriately reported as part of two awards.
  2. Personnel and salary expenditures charged to Federal programs were erroneously recorded to another grant in addition to being recorded as a prior year adjustment.
  3. Required certifications that contractors were not debarred or suspended were not obtained.
  4. Final expenditure data reported did not always agree with the accounting and budgetary control system.
  5. Data processing and computer equipment items were not recorded in the property records or marked with a permanent property tag.

$0

 

0

 

 

0

 

0

 

0

 

Georgia

  1. The Department did not maintain adequate records linking additions and disposals of computer services equipment items to the property management records.
  2. Equipment inventories were not maintained according to the State Property Management System Manual.
  3. There were no controls in place to determine whether contractors paid from Federal funds had been debarred, suspended, or excluded from Federal award participation.
  4. The State improperly collected indirect costs based on the Department's unsupported equipment inventories.
  5. Accounting practices for equipment were inappropriate.
  6. A computer terminal could not be located.
  7. Items could not be located and accounting records were not properly maintained.

0

 

 

0

 

0

 

 

785,600

 

0

1,326

0

Guam

  1. Security locks were not used to restrict access to computer equipment and files.
  2. Written justification on the basis of selection of contractors was not maintained.
  3. Overtime hours were excessive.
  4. Journal vouchers used to reverse the revenue suspense account did not contain signatures to indicate review.
  5. Maintenance procedures could not be located.

0

 

0

 

0

0

 

0

Note: See page C-1 for footnote explanation.

Guam

(Continued)

  • Deposits were made to an incorrect account, and a correction was not recorded.
  • Travel requests did not contain required justifications.
  • Travel expenditures were not supported by documentation.
  • Travel vouchers were not processed timely.
  • Assets were disposed of but were included in the fixed asset system.
  • A complete physical inventory of fixed assets was not performed.
  • Fixed asset records did not properly document the titleholder.
  • The cash transaction report was not filed timely.
  • Cash reconciliation documentation may be misrouted and not received timely.
  • Check copy, invoice, receiving report, or payment request was not on file to substantiate expenditures.
  • Accounts receivable was not substantiated.
  • The methodology for accounts receivable allowance for doubtful accounts was not documented.
  • The accounts receivable subsidiary ledger had several negative balances, and were not reconciled in a timely manner.
  • Collection policies were not enforced for travel advance receivables.
  • Vendor invoices did not support expenditures.
  • Assets selected for testing were not made available for inspection.

    • $0

     

    0

    0

    0

    0

     

    0

     

    0

    0

    0

     

    20,589

     

    0

    0

     

    0

     

    0

     

    0

    0

    Note: See page C-1 for footnote explanation.

    Hawaii

    1. Federal reports showing overpayment totals were not accurately reported.
    2. Vacation and sick leave records were not maintained on a timely basis and there was a lack of adequate review procedures to ensure that information was accurate and complete.
    3. Contracts from vendors were not executed in a timely manner.
    4. Federal reports were not submitted in a timely manner.

    $0

     

    0

     

     

     

    0

    0

    Idaho

    1. Inaccurate coding resulted in employees not receiving benefits to which they were entitled.

    0

    Iowa

    1. Excessive cash draws were made.
    2. Written procedures for administering Federal funds were not maintained.
    3. Payroll costs were not supported by time and attendance records for individual employees.
    4. Excessive cash balances were maintained.
    5. Written policies or procedures were not in place to obtain debarred and suspended certifications for covered contracts.
    6. Controls over the accuracy of annual report were inadequate.
    7. Written policies or procedures were not in place to obtain debarred and suspended certifications for covered contracts.
    8. Procedures to ensure Federal funds for administrative payroll expenses are requested timely were inadequate.

    0

    0

     

    0

     

    0

    0

     

    0

    0

     

    0

    Kentucky

    1. Access to the Automated Purchasing System was not adequately controlled.
    2. Established system development life cycle controls for development and implementation of new systems were not followed.
    3. A disaster recovery plan was not developed.
    4. Logical security procedures were not consistently followed.
    5. Procedures were inadequate to ensure accuracy and completeness of system generated interface files and check tape.

    0

     

    3,023,137

     

     

    0

    0

    0

     

    Note: See page C-1 for footnote explanation.

    Kentucky

    (Continued)

  • Federal reports were not submitted in a timely manner.
  • Adequate logical access security for unified personnel and payroll system was not implemented.
  • Automatic log-off security for the Automated Purchasing System was not implemented.
  • Logical access security for the Automated Purchasing System was not improved.

    • $0

    0

     

    0

     

    0

    Louisiana

    1. Excess cash balances were maintained.
    2. Payments were not properly reviewed and authorized.
    3. Random moment time sampling was not always conducted.
    4. Clearance patterns were not completely developed.
    5. The cost of insurance was billed in a manner that could cause Federal programs to bear an inequitable share of the cost.
    6. Accounting controls were inadequate over movable property-acquisition, disposition, valuation, and location.
    7. Integrity of data was not maintained by properly restricting access.
    8. Adequate supporting documentation was not maintained.

    0

    257

    0

    0

    0

     

    0

     

    0

     

    1,612

    Maine

    1. Information was not retained to support amounts reported on the Federal financial report.
    2. Working capital was in excess of amounts allowable under Circular A-87.
    3. Payroll costs were not equitably distributed.
    4. Payments were made to providers in excess of authorized rates.
    5. The Department could not ensure compliance with suspension and debarment requirements.
    6. The process used to identify and report amounts owed by the State were inadequate.
    7. Supporting documentation for claimed program expenditures was not maintained.
    8. Documentation supporting provider payments was insufficient.

    0

     

    324,077

     

    58,567

    296

     

    0

     

    0

     

    106,500

     

    33

    Note: See page C-1 for footnote explanation.

    Maine

    (Continued)

  • Disbursements reported on the quarterly Federal cash transaction report were not supported.
  • The Schedule of Expenditures of Federal Awards was not complete and/or was inaccurate.
  • Internal controls associated with the allocation of direct costs to Federal grant programs were inadequate.
  • A missing spreadsheet formula resulted in excess costs being charged to Federal programs.
  • Internal controls were not adequate to ensure compliance with CMIA.
  • Amounts claimed for working capital were excessive, disbursements were not in compliance, and account structures were inadequate.
  • Payroll costs were not equitably distributed.
  • The time between the receipt and disbursement of funds was not minimized.

    • $0

     

    0

     

    0

     

    150,910

     

    0

     

    324,077

     

     

    50,588

    0

    Massachusetts

    1. Internal control procedures were lacking.
    2. Documentation supporting the development of the indirect cost rate was inadequate.
    3. Cost elements included in or excluded from the indirect cost pool were not reviewed to ensure they accurately reflect the operations and functions of the department.
    4. Electronic Data Interchange controls needed to be improved.
    5. Access to production and utility libraries was not adequately restricted.
    6. There was no disaster recovery plan/continuity plan in place over the communication's room.
    7. A formal business continuity plan was not developed.
    8. A statewide information security architecture was not developed.
    9. Duplicate charges were included in computing indirect cost rates.

    0

    0

     

    0

     

     

    0

    0

     

    0

     

    0

    0

     

    0

    Note: See page C-1 for footnote explanation.

    Massachusetts

    (Continued)

  • Additional costs were included in computing indirect cost rates.
  • Numerous differences existed in the cash balance between Treasury and the system maintained by the Office of the Comptroller and were not reconciled on a timely basis.

    • $0

    0

    Michigan

    1995/1996

    1. Internal controls did not ensure proper accounting for transactions.
    2. Internal control procedures were not followed for the time and attendance system.
    3. Drawdowns were not performed in a timely manner.
    4. Expenditures were not reconciled between systems.

    0

     

    40,346

     

    0

    0

    Michigan

    1997/1998

    1. Expenditures were not claimed in a timely manner.
    2. Supporting documentation for federally reimbursed expenditures was not maintained.
    3. Prescribed procedures for preparing time and attendance reports were not followed.
    4. Required payroll documentation for employee time charged to a Federal program was not completed.

    0

    92,712

     

    0

     

    0

    Minnesota

    1. Security administration procedures were insufficient.
    2. Controls over privileged logon identification records needed improvement.
    3. A disaster recovery plan was not prepared.
    4. The Department did not obtain required Federal certifications regarding suspended and debarred parties.

    0

    0

    0

    0

    Mississippi

    1. Procedures were not developed to adequately support salary and wage costs.
    2. Warrant reconciliations were not maintained.

    0

     

    0

    Missouri

    1. Funds were not obligated within the period of availability and obligations were not liquidated within 90 days after end of the funding period.

    261,149

    Note: See page C-1 for footnote explanation.

    Nebraska

    1. Group profiles were established but no members were defined.
    2. Access to production programs and data was not properly restricted.
    3. Reconciliation of cash ledgers to general ledger cash accounts was not performed on a regular basis.
    4. The Department was approximately 6 months behind in obtaining certifications for employees who work solely on a single Federal award.
    5. Supporting documentation was not maintained for numbers on statistical reports.

    $0

    0

     

    0

     

    0

     

     

    0

    Nevada

    1. Errors were found in reports.

    0

    New York

    1. Supporting documentation was not maintained.
    2. Expenditures were not reviewed for allowability.
    3. Procedures were not adequate to ensure claims are made within the period of availability.
    4. The cash transaction report was not filed.
    5. Quarterly expenditure reports were inaccurate.

    0

    0

    0

     

    0

    0

    North Carolina

    1. Reports were inaccurate.
    2. The Schedule of Expenditures of Federal Awards contained errors caused by failure to perform established control procedures.
    3. Employees had more access to the Accounting System than necessary for their jobs.
    4. Disbursing account reconciliations were not performed timely.
    5. Prescribed procedures were not consistently followed when processing cash disbursements.
    6. Incorrect rates were used for Federal expenditures.
    7. Suspension and debarment certifications were not obtained.
    8. Claims were not properly administered.

    0

    0

     

     

    0

     

    0

    0

     

    26,190

    0

    78,724

    Note: See page C-1 for footnote explanation.

    North Carolina

    (Continued)

  • Records did not support services billed.
  • Amounts were misstated on annual report of services and other schedules.
  • Expenditures on the quarterly report were inaccurate.
  • Claims were not filed within the period of availability.
  • Approvals for service contracts were not obtained prior to receiving services.
  • Several claims were paid incorrectly.
  • Program costs were overpaid.
  • Federal program expenditures were reported incorrectly.
  • Federal overpayment collections were reported incorrectly and expenditures were not recorded in the accounting system.
  • Financial reports were inaccurate.
  • The wrong program was charged for expenditures of other Federal programs.
  • Drawdowns were received earlier than two business days prior to the corresponding expenditure.
  • The Department did not obtain certificates of debarment from vendors for equipment purchases.

    • $57,097

    0

     

    0

    0

    0

     

    0

    415,243

    0

    0

     

    0

    223,386

     

    0

     

    0

    North Dakota

    1. Excess cash balances were maintained.
    2. Risk analysis and system security reviews were not performed.
    3. Time records kept for allocation of salaries and wages to cost activities that are included in the cost allocation plan were not adequate.
    4. Administrative costs were incorrectly charged.
    5. Expenditures were not charged within the period of availability.
    6. Payroll costs were charged to a Federal grant where the employees did not work 100 percent on the grant.

    19,100

    0

    0

     

     

    100,520

    296,658

    15,062

    Note: See page C-1 for footnote explanation.

    Ohio

    1. Financial reports were not reviewed.
    2. Procedures for requesting and performing payroll processing system modifications were not developed.

    $0

    0

    Oregon

    1. Risk assessments of information systems were not performed.
    2. Internal controls over check stock were not adequate.

    0

    0

    Pennsylvania

    1. The interest liability was inaccurately calculated.
    2. Federal debarred and suspended party regulations were not followed when purchasing services.
    3. Expenditures did not comply with Circular A-87.
    4. Controls related to logical access, physical access, physical environment, systems development, program changes, and segregation of duties were not adequate.
    5. The statewide cash management system needed improvement.
    6. Programming and change control authorization functions were not properly segregated.
    7. The Department did not have a completed disaster recovery plan.
    8. Controls related to logical access, physical access, physical environment, systems development, program changes, and segregation of duties were not adequate.
    9. The Department did not have a completed disaster recovery plan.
    10. The Department did not have written procedures for preparing, reviewing, and submitting the annual report.
    11. Controls related to logical access, physical access, physical environment, systems development, program changes, and segregation of duties were not adequate.

    0

    0

     

    9,297,034

    0

     

     

    0

    0

     

    0

     

    0

     

     

    0

     

    0

     

    0

     

    Puerto Rico

    1. The review process of accounting and financial data, such as interfund transfers, accounts receivable and payable, and bank reconciliations were not timely.
    2. A physical inventory was not performed and equipment reported in the general ledger did not agree with property records.
    3. Disbursements and receipts reported to Federal agencies were not reconciled to accounting records.

    0

     

     

    0

     

     

    0

    Note: See page C-1 for footnote explanation.

    Puerto Rico

    (Continued)

  • Budget versus expenditure amounts were not monitored.
  • A copy of the financial status report was not maintained.
  • Federal funds were used for the wrong program.
  • Excess cash was maintained in bank accounts.
  • Disbursement documentation was not maintained.
  • An approved cost allocation plan was not implemented.
  • Program funds were not properly accounted for based on the period of availability.
  • Bank reconciliations were not performed timely and the general ledger cash account did not agree with the bank statement.
  • The personnel files did not contain required documents.
  • Personnel files did not contain required documents.
  • The consolidated report was inaccurately prepared.
  • Financial reports were not properly authorized.
  • Supporting documents were not available for review.
  • The consolidated report did not agree to the general ledger.
  • The cash transaction report was not prepared.
  • Required Federal reports were not submitted timely.
  • The financial status report was not retained.
  • The general ledger did not include the complete financial position of assets, liabilities and fund balance at fiscal year end.
  • The administrative State plan was not available to the auditors.

    • $0

    0

    0

    0

    17,629

    0

    0

     

    0

    0

     

    0

    122,945

    0

    1,706

    161,431

    0

    0

    0

    0

     

    0

    Note: See page C-1 for footnote explanation.

    Rhode Island

    1. Periodic certifications for employees who worked solely on one program were not prepared.
    2. Controls for user access for the State accounting system were inadequate.
    3. Unique passwords were not required.
    4. A formal disaster recovery plan was not prepared.
    5. A statewide system to control fixed assets was not developed.
    6. Controls were not adequate to ensure compliance with the cash management requirements.
    7. The wrong formula was used to compute the interest liability.
    8. Personnel costs were not properly allocated in accordance with Circular A-87.
    9. Contractors were not required to certify that the organization and its principals were not suspended or debarred.
    10. Time was not allocated to programs employees worked on—100 percent of the time was charged to one program.
    11. A system security plan, including disaster recovery and password controls was not in effect.
    12. The expenditure report was inaccurate.
    13. Outstanding checks were not identified and credited to Federal programs.
    14. The Department did not require contractors to certify that the organization and its principals were not suspended or debarred.
    15. Expenditures were not supported by documentation.

    $0

     

    0

     

    0

    0

    0

    0

     

    0

    191,278

     

    0

     

    72,000

     

    0

     

    0

    18,945

     

    0

     

    20,146

    South Carolina

    1. Accounting records were not reconciled to reports.
    2. Access to production data and programs was not properly restricted.
    3. A formal information security policy was not developed.
    4. Security access was not removed when employees left or transferred.
    5. The disaster recovery plan was not updated or tested.

    0

    0

     

    0

    0

     

    0

    Note: See page C-1 for footnote explanation.

    Tennessee

    1. Signature authorization procedures were not adequate.
    2. Inventory tagging and billing procedures were inadequate.
    3. Procedures for billing dedicated equipment were inadequate.
    4. The accounting and reporting system changes were not properly approved.
    5. Documentation to support access to the on-line purchasing system was not on file.
    6. Transactions were processed with errors because they did not go through the pre-audit process.
    7. Access to the State employee information system was not regularly reviewed.
    8. Duties of employees performing payroll functions were not adequately segregated.
    9. Controls over the property system needed to be improved.
    10. Controls over program changes in the on-line purchasing system needed improvement.

    $0

    0

    0

    0

     

    0

     

    0

     

    0

     

    0

     

    0

    0

    Utah

    1. Authorization of transactions was not properly limited.
    2. User access was not properly limited.
    3. Statewide contracts did not always include certification that the vendor was not suspended or debarred.

    0

    0

    0

    Vermont

    1. Quarterly expenditure reports were not accurate.
    2. Stale dated checks were not canceled or credited to Federal programs.

    5,841

    52,781

    Virginia

    1. Notification of employee termination was not provided.
    2. User access was not monitored.
    3. A contingency plan was not developed.
    4. Guidelines for determining data access were not established.
    5. Vendor access was not properly terminated.
    6. Identification badges were not properly displayed.

    0

    0

    0

    0

    0

    0

    Washington

    1. Personal service contracts were not competitively solicited, or justified when determined to be sole source.

    355,495

    Note: See page C-1 for footnote explanation.

    West Virginia

    1. Reporting procedures were insufficient to identify, verify, and report stale warrants by grant.
    2. The cost allocation plan did not contain all central service costs.
    3. Debarment and suspension certificates were not obtained from vendors.

    $0

     

    0

     

    651,688

    Wisconsin

    1. Inventory records were inaccurate and a physical inventory was not conducted.
    2. Funds lapsed to the general fund representing excess computer user fees charged to Federal programs.
    3. Quarterly expenditure reports were not reconciled.
    4. A security plan was not developed and a risk analysis was not performed.
    5. An incorrect reporting category was used to draw Federal funds or return previously received funds.
    6. Statewide central service costs were charged as both direct and indirect costs.
    7. Programmers had write access to most production files that allowed them to change information in these files directly.
    8. Changes to production data and financial transactions were not properly restricted.
    9. Access was not restricted.
    10. Programmers for the central accounting system had write and allocate access to production data that allowed programmers to change the data stored in the dataset.
    11. Access to production programs was not properly restricted. Programmers could move programs from test to production without proper oversight and review.
    12. Controls for securing the computing environment, including access to critical functions, were inadequate.
    13. Costs were inappropriately included in the indirect cost pool that were also allocated to other State agencies through the statewide cost allocation plan.
    14. A disaster recovery plan was not developed.

    0

     

    0

     

    0

    0

     

    0

     

    29,299

     

    0

     

    0

     

    0

    0

     

     

    0

     

     

    0

     

    0

     

     

    0

    Total Questioned Costs

    $18,011,010

    Note: See page C-1 for footnote explanation.


    Appendix D

    Findings Identified by the Office of the Inspector General (OIG) During the Same Time Frame as the Single Audits Reviewed

    OIG AUDIT

    OIG FINDINGS

    QUESTIONED COSTS

    Audit of the Administrative Costs Claimed by the District of Columbia Disability Determination Division (A-13-98-91003)

    1. Vendor payments were not supported by invoices.
    2. Documentation supporting the office lease payment was not provided.
    3. Batches of vendor invoices were charged in total to the Disability Determination Services (DDS) that included work that was not for the DDS.
    4. Payments were made in excess of the DDS’ payment scale for medical evidence of record.
    5. The DDS did not document the indirect cost obligation through its Financial Management Systems accounting and statistical records.
    6. The DDS could not provide some of the contract files and purchase orders requested for review.
    7. The DDS could not provide all requested cancelled checks.

    $10,313

    8,958

     

    8,286

     

     

    0

     

    0

     

    0

    0

    Audit of the Administrative Costs Claimed by the Oregon Disability Determination Services (A-15-99-52021)

    1. Rental expense for State Fiscal Year (SFY) 1999 was incorrectly accounted for and charged to SFY 1998.
    2. Cash draws were made in excess of immediate cash needs.

    55,987

     

    27,544

    Total Questioned Costs

    $111,088


    Appendix E

    Agency Comments

    COMMENTS OF THE SOCIAL SECURITY ADMINISTRATION (SSA) ON THE OFFICE OF THE INSPECTOR GENERAL (OIG) DRAFT REPORT, "SUMMARY OF FISCAL YEAR 2000 SINGLE AUDIT OVERSIGHT ACTIVITIES" A-07-00-10032

    We appreciate the opportunity to comment on the draft report. The OIG recommended that SSA provide instructions to the Disability Determination Services (DDS) to address eight internal control issues. Following are our comments on the recommendations.

    Recommendation 1

    Adhere to the terms of the Cash Management Improvement Act agreement (CMIA).

    SSA Comment

    We will issue a DDS Administrators Letter by the end of November 2001 reminding the States to adhere to the terms of their CMIA agreements.

    Since the CMIA agreements are between the States and the Department of Treasury (DT), SSA has a limited role with respect to these agreements. Therefore, we suggest that the OIG bring the results of its review on this matter to the attention of the DT Inspector General for follow-up action by that agency.

    Recommendation 2

    Implement procurement procedures to prevent the awarding of contracts and subawards to debarred or suspended parties.

    SSA Comment

    We agree with this recommendation and will issue a DDS Administrators Letter by the end of November 2001.

    Recommendation 3

    Follow established procurement instructions.

    SSA Comment

    We agree with this recommendation and will issue a DDS Administrators Letter by the end of November 2001 reminding the States to follow established procurement instructions.

    Recommendation 4

    Implement controls to prevent unauthorized computer access.

    SSA Comment

    We agree with this recommendation. On May 25, 1999 the Office of Disability and Income Security Programs issued a Regional Commissioners Memorandum and a DDS Administrators Letter regarding DDS systems security. SSA is continuing its efforts to prevent unauthorized computer access.

    Recommendation 5

    Develop a formal contingency plan to prevent disruption of services in the event of a disaster.

    SSA Comment

    We agree with this recommendation. On August 6, 2001, the Office of Disability issued a DDS Administrators Letter transmitting the Final DDS Security Document which covers developing a formal contingency plan to prevent disruption of services in the event of a disaster.

    Recommendation 6

    Maintain complete and accurate equipment inventory records and perform periodic physical inventories.

    SSA Comment

    We agree with this recommendation and will issue a DDS Administrators Letter by the end of November 2001 reminding the States to maintain complete and accurate equipment inventory records and perform periodic physical inventories.

    Recommendation 7

    Implement effective procedures for preparing, reviewing, approving, and timely reporting of information on the Report of Obligations and the Time Report of Personal Services.

    SSA Comment

    We agree with this recommendation and will issue a DDS Administrators Letter by the end of November 2001 to remind the States to implement effective procedures for preparing, reviewing, approving and timely reporting of information on the Report of Obligations and the Time Report of Personal Services.

    Recommendation 8

    Ensure that costs charged to SSA benefit its programs and are properly authorized and documented.

    SSA Comment

    We agree with this recommendation and will issue a DDS Administrators Letter by the end of November 2001 reminding the States to ensure that costs charged to SSA benefit its programs and are properly authorized and documented.

    Appendix F

    OIG Contacts and Staff Acknowledgments

    OIG Contacts

    Rona Rustigian, Acting Director, Disability Program Audit Division, (617) 565-1819
    Mark Bailey, Deputy Director, Disability Program Audit Division, (816) 936-5591

    Acknowledgments

    In addition to those named above:

    Shannon Agee, Auditor in Charge
    Wanda Craig, Auditor

    For additional copies of this report, please contact Office of the Inspector General's Public Affairs Specialist at (410) 966-5998. Refer to Common Identification Number A-07-00-10032

    Overview of the Office of the Inspector General

      Office of Audit

    The Office of Audit (OA) conducts comprehensive financial and performance audits of the Social Security Administration’s (SSA) programs and makes recommendations to ensure that program objectives are achieved effectively and efficiently. Financial audits, required by the Chief Financial Officers Act of 1990, assess whether SSA’s financial statements fairly present the Agency’s financial position, results of operations, and cash flow. Performance audits review the economy, efficiency, and effectiveness of SSA’s programs. OA also conducts short-term management and program evaluations focused on issues of concern to SSA, Congress, and the general public. Evaluations often focus on identifying and recommending ways to prevent and minimize program fraud and inefficiency.

      Office of Executive Operations

    The Office of Executive Operations (OEO) provides four functions for the Office of the Inspector General (OIG) – administrative support, strategic planning, quality assurance, and public affairs. OEO supports the OIG components by providing information resources management; systems security; and the coordination of budget, procurement, telecommunications, facilities and equipment, and human resources. In addition, this Office coordinates and is responsible for the OIG’s strategic planning function and the development and implementation of performance measures required by the Government Performance and Results Act. The quality assurance division performs internal reviews to ensure that OIG offices nationwide hold themselves to the same rigorous standards that we expect from the Agency. This division also conducts employee investigations within OIG. The public affairs team communicates OIG’s planned and current activities and the results to the Commissioner and Congress, as well as other entities.

      Office of Investigations

    The Office of Investigations (OI) conducts and coordinates investigative activity related to fraud, waste, abuse, and mismanagement of SSA programs and operations. This includes wrongdoing by applicants, beneficiaries, contractors, physicians, interpreters, representative payees, third parties, and by SSA employees in the performance of their duties. OI also conducts joint investigations with other Federal, State, and local law enforcement agencies.

      Counsel to the Inspector General

    The Counsel to the Inspector General provides legal advice and counsel to the Inspector General on various matters, including: 1) statutes, regulations, legislation, and policy directives governing the administration of SSA’s programs; 2) investigative procedures and techniques; and 3) legal implications and conclusions to be drawn from audit and investigative material produced by the OIG. The Counsel’s office also administers the civil monetary penalty program.