Auditor General releases findings and management comments from the annual audit of the State of Rhode Island’s financial statements

Auditor General releases findings and management comments from the annual audit of the State of Rhode Island’s financial statements

STATE HOUSE – The Auditor General reported 36 findings and 14 management comments resulting from the annual audit of the state’s financial statements for the year ended June 30, 2019. These findings and management comments include recommendations to address deficiencies in controls over financial reporting and compliance matters, or present opportunities for enhanced efficiency or effectiveness of State operations.

The State’s audited financial statements were available in December 2019 as included in the state’s Comprehensive Annual Financial Report. This most recent communication prepared by Auditor General Dennis E. Hoyle is directed to the Finance Committee of the House of Representatives and the Joint Committee on Legislative Services — those vested with official oversight of the annual audit. Government Auditing Standards require communication of deficiencies in internal control over financial reporting and material noncompliance based on the annual audit.

The state must implement the recently completed strategic plan to coordinate needed replacements/enhancements to its key statewide financial and administrative systems. This is essential to ensure that critical legacy financial systems, such as the payroll system, will be available to support state operations. The strategic plan report details the need for, and the benefits to be derived from, an enterprise applications modernization effort. The strategic plan report highlights that “the risks of inaction far outweigh the cost of upgrades in capability.” The auditor’s finding, repeated for many years, highlights that important functionalities are minimally met through legacy systems and multiple departmental processes without intended integration and efficiencies.

Management focus, training and implementation resources have been insufficient to ensure that departments and agencies are assessing and documenting internal control consistent with management’s overall responsibility for the adequacy of the design and operation of internal control. Internal controls safeguard public resources and support accurate financial reporting. The state should commit to providing additional training and implementation materials to assist departments and agencies in documenting their internal control. An internal control assessment and documentation effort should be implemented to coincide with the implementation of a fully integrated ERP system.

The auditor’s reported that the increasing complexity of Medicaid program operations adds to the challenge of accurately accounting for all Medicaid financial activity within the state’s financial statements. This complexity results from federal program requirements, various state initiatives, and the continuing challenges of the RIBridges eligibility system. Medicaid is the state’s single largest activity - representing nearly 40% of the annual budgeted outlays of the state’s General Fund.

The Executive Office of Health and Human Services (EOHHS) authorized more than $188 million in system payouts and manual disbursements in fiscal 2019, representing provider advances, payments to managed care organizations for contract settlements and/or non-claims based financial activity, and other program disbursements. The processing of these disbursements is manual and external to the state’s other established control procedures.

Responsibility for monitoring the investment activity and other compliance aspects of funds on deposit with a fiscal agent (trustee) can be improved and should be vested with the Office of the General Treasurer. Controls over cash disbursements can be strengthened by ensuring authorized signers on state bank accounts are current and faithful performance bonds are maintained for key Treasury personnel.

The processes followed for periodic physical inventories of capital assets and the evaluation of inventory results can be improved to ensure that accurate capital asset records are maintained. An asset was erroneously reported as unlocated and removed from the inventory records.

The state can improve controls over recording federal revenue to ensure (1) amounts are consistent with the limitations of grant awards from the federal government and (2) federally claimed expenditures are consistent with amounts recorded in the state’s accounting system. The auditors found a grant award deferral had not been recognized and a request for additional grant award funding was still pending for fiscal 2019 program costs.

Overall, the state has not sufficiently addressed information technology (IT) security risks. The state needs to ensure its IT security policies and procedures are current and assessments of compliance for all critical IT applications - systems posing the most significant operational risk - are prioritized.

The state does not follow uniform enterprise-wide program change control procedures for the various IT applications operating within state government. This increases the risk that unauthorized or inappropriate changes could be made to IT applications without detection.

Processing functionalities within Division of Taxation’s STAARS system result in a volume of returns held in suspense pending resolution. This complicates financial reporting estimates due to the uncertain effect of returns that had not fully processed at fiscal year end. STAARS system user access rights need to be assessed and tailored to ensure access is consistent and appropriate with each employee’s responsibilities.

The Department of Transportation’s use of multiple systems to meet its operational and financial reporting objectives results in unnecessary complexity and control weaknesses since these systems were never designed to share data.

The resources necessary to effectively manage and administer the OPEB (retiree healthcare) system to ensure all system functions are met and adequately controlled should be assessed. A unified database or computer application is needed to maintain membership data for each of the state’s OPEB plans to improve controls over the administration of the benefit programs and the accumulation of data for actuarial valuations.

The Auditor General’s report also includes 14 management comments, which are less significant findings that highlight opportunities for enhancement of financial-related operational, policy or accounting control matters. For example, four of the management comments are summarized as follows:

The Tobacco Settlement Financing Corporation requires additional administrative support and should periodically update its projected debt service requirements to reflect operating and other economic factors.
Legal case tracking software must be acquired and implemented organization-wide to enhance the administrative management and control of pending legal matters.
Certain operating and long-term liability metrics for the Rhode Island Public Transit Authority warrant enhanced oversight by the state to ensure the sustainability and availability of public transit service.
A formal funding policy should be adopted for the State’s OPEB plans which incorporates statutory provisions and key actuarial funding policies.

Management’s response to the findings and management comments and planned corrective actions are included in the report. Further communications resulting from the annual audit will include the Single Audit Report, which focuses on the State’s compliance with requirements related to federal assistance expenditures.

A link to the report and audit summary is provided below:

Link to report:

http://www.oag.ri.gov/reports/2019_FinStmt_FindingsMC.pdf

Link to summary:

http://www.oag.ri.gov/reports/2019_FinStmt_FindingsMC_Summary.pdf

-30-

For an electronic version of this and all press releases published by the Legislative Press and Public Information Bureau, please visit our website at www.rilegislature.gov/pressrelease.