Auditor General releases annual Single Audit Report for the State of Rhode Island
STATE HOUSE – The annual Single Audit of the State of Rhode Island for the fiscal year ended June 30, 2018, resulted in 78 findings. Many of the findings (37) related to the state’s key operations and controls over financial reporting while the remainder (41) related to the administration of federal programs — principally human service programs such as Medicaid and the Supplemental Nutrition Assistance Program (SNAP). The annual audit is required by both state and federal law as a condition of continued federal assistance.
The Single Audit Report, prepared by Auditor General Dennis E. Hoyle, was recently released by the Joint Committee on Legislative Services. Certain of the findings were presented by the Auditor General at an April 4, 2019, meeting of the House Committee on Oversight which focused on the impact of the challenged RIBridges eligibility system on compliance with federal program requirements for the Medicaid, SNAP, Temporary Assistance to Needy Families (TANF) and child care programs.
The state’s fiscal 2018 expenditures of federal awards totaled $4.9 billion (including component units) under a wide variety of more than 450 individual programs. Federal assistance consists of both direct cash and noncash awards (e.g., loan and loan guarantee programs and donated food commodities). Many programs are jointly financed with federal and state funding.
Financial statement related findings — The auditors again reported that the state lacks a strategic plan to (1) coordinate needed replacements/enhancements to its key statewide financial systems and (2) ensure that critical legacy financial systems, such as the payroll system, which pose a business continuity risk, will be available to support state operations. Without a comprehensive plan, there is substantial risk that the intended integration of various components may not be achieved. The auditors reported that the state has already experienced such integration issues and halted work on a time and effort reporting system and a grants management system. Nearly $3 million had been expended on those projects.
The complexity of Medicaid program operations adds to the challenge of accurately accounting for all Medicaid program related financial activity within the state’s financial statements. This complexity results from new federal regulations, various state initiatives, and additional challenges resulting from its implementation of the RIBridges eligibility system.
The auditors further recommended that assigning responsibility for monitoring the investment activity and other compliance aspects of funds on deposit with a fiscal agent (trustee) can be improved and should be vested with the Office of the General Treasurer.
Overall, the auditors noted that the state has not sufficiently addressed information technology (IT) security risks, an increasing concern given the state’s complex computing environment. The state needs to ensure its IT security policies and procedures are current, well communicated and complied with. Assessments of compliance for all critical IT applications have not been performed — systems deemed to pose the most significant operational risk must be prioritized.
The state does not follow uniform enterprise-wide program change control procedures for the various IT applications operating within state government. This increases the risk that unauthorized or inappropriate changes could be made to IT applications without detection.
The auditors recommended that management should propose an additional dedicated funding source for the Information Technology Investment Fund to support the anticipated enhancements to critical financial and administrative computer systems identified through implementation of the strategic plan.
Policies need to be developed and implemented to guide decision-making regarding what types of costs should be paid from the newly established Information Technology internal service fund.
Monitoring of escrow liability account balances needs to be improved and the establishment of these accounts should be more limited to ensure they are only used when that is the proper accounting for such funds.
Processing functionalities within the Division of Taxation’s STAARS system result in a volume of returns held in suspense pending resolution. This complicates financial reporting estimates due to the uncertain effect of returns that had not fully processed at fiscal year-end.
The Division of Taxation can enhance policies and operating procedures to restrict access to personally identifiable information and to ensure the effectiveness of the business continuity plan.
The Department of Transportation (RIDOT) can enhance controls over the presentation of fund balance components within the IST Fund and enhance the accuracy of transportation infrastructure assets identified for inclusion in the state’s financial statements.
The auditors found that controls to ensure accurate and consistent reporting of investment expenses within the pension trusts require enhancement at both the custodian and Employees’ Retirement System management levels. Also, a unified database or computer application is needed to maintain membership data for each of the state’s OPEB plans. This would improve controls over the administration of the benefit programs.
Federal program findings — Among the other federal program related findings included in the report, the auditors found that the Executive Office of Health and Human Services lacks strong oversight procedures regarding fiscal monitoring and contract settlement for its managed care organizations — the auditors recommended more stringent audit and financial monitoring procedures be employed.
The auditors recommended that the Department of Human Services improve controls to ensure compliance with the period of performance requirement for the Low-Income Home Energy Assistance Program and to improve related federal reporting for such requirements.
The Department of Labor and Training did not make the necessary changes to its system to allow for the imposition of penalties on overpayments due to fraud, and to prohibit relief from charges to an employer’s Unemployment Compensation account when the overpayment was the result of the employer’s failure to respond timely or adequately to a request for information.
The auditors recommended that RIDOT should further enhance its quality assurance program to ensure that required materials tests are performed and documented consistent with federal regulation and RIDOT policy.
The Department of Education needs to increase efforts to comply with the requirement to perform administrative reviews of all school Food Authorities every 3 years.
The auditors recommend that the Department of Behavioral Healthcare, Developmental Disabilities and Hospitals improve its controls over federal reporting to ensure that substance abuse program expenditures are reported accurately and consistently with federal requirements.
Management’s response and planned corrective actions are included within the Single Audit Report. A Summary Schedule of Prior Audit Findings, which reports the status of findings from prior audits, is also included.
The State’s Single Audit Report was submitted to a federal clearinghouse for such reports — this data is then made available to all federal funding agencies. The Single Audit Report and related Audit Summary are available on the Auditor General’s website — www.oag.ri.gov
For more information, contact:
Dennis E. Hoyle, CPA, Auditor General
Office of the Auditor General
Providence, RI 02903
401.222.2435 ext. 3038